New ERISA Rules for Plans: Sec. 103(a)(3)(C) Audits

If there is one constant in life it is change. This is not only true in one’s personal life, but it also applies to business as well. More specifically, the recent change to rules governing the annual audit of 401k is an excellent example. Statement on Auditing Standards (SAS) 136: Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, outlines several important changes to the audit process including new disclosures, management certifications, and even the elimination of the limited scope plan audit type. The new ERISA Section 103(a)(3)(c) audit is a departure from many of the standards plan administrators and others are familiar with. Audits of calendar-year plans are coming up, and sponsors who previously relied on limited scope audits may be unaware of how the new standards will impact the plan audit. To help clients, prospects, and others, JLK Rosenberger has provided a summary of the key details below.

Previous Guidance: Limited Scope Benefit Plan Audits

Limited scope audits were unique because there was no requirement to perform audit procedures on investment information. Instead, the auditor was allowed to rely on third-party certification regarding the accuracy and completeness of investment details. As a result, the audit did not include an opinion about the accuracy or completeness of the plan’s financial statements. Instead, the auditor’s opinion would only cover the plan’s operations and compliance.

Under limited scope benefit plan audits, the plan’s investment information would be certified by a bank, insurance company, or similar institution. Plan sponsors would then determine if the:

  • Certification was accurate and complete
  • The institution was qualified, and
  • An authorized agent at the institution signed off on the certification.

With this certification and sponsor determination in hand, the auditor would exclude all or certain investments from the audit. Some prefer limited scope audits because they tended to cost less and require less time.

The biggest downside? A higher rate of deficiencies. Limited scope audits didn’t provide the same level of reasonable assurance and were often cited for failure to perform audit procedures. While this deficiency rests with the auditor, there were others more aligned with the plan itself, such as:

  • Reporting, presentation, and disclosure deficiencies: Information that was certified by the trustee and not subject to audit procedures
  • Reporting, presentation, and disclosure deficiencies: Disclosures regarding certified information either didn’t include all information certified or include amounts, transactions, or both not certified as complete and accurate.

New Guidance: Sec. 103(a)(3)(C) Audits

Plan management can still elect a benefit plan audit that excludes specific procedures related to investment information. Sec. 103(a)(3)(C) audits are no longer considered to have a scope limitation, and auditors can issue an unmodified opinion. The new reporting is meant to be more transparent, straightforward, and thorough.

Many of the changes in Sec. 103(a)(3)(C) audits relate to the auditor’s report. Plan sponsors will see a different report format. The contents include:

  • The scope and nature of the audit, which will be presented first.
  • The auditor’s opinion and Basis for Opinion (new) will come second.
    • In this section, the two-part opinion will address whether the amounts and disclosures in the plan financial statements not covered by the certification are presented fairly and in accordance with accounting rules, and second, whether the investment information related to the certification conforms to what was provided by a qualified institution.
  • Next, the auditor will expand on reporting related to any going concerns.
  • Responsibilities for management and the auditor are expanded.
    • Increased auditor responsibilities relate to professional judgment and skepticism as well as communications with individuals who are charged with plan governance. This section will affirm that the scope of the audit doesn’t extend to certified investment information, except for certain procedures as identified.
  • Finally, ERISA-required supplemental schedules.

These changes will result in an auditor’s report that’s clearer and more direct in its findings.

Despite many of the changes that occur in the auditor’s report, plan management still has new and different responsibilities for Sec. 103(a)(3)(C) audits. Some of these responsibilities happen earlier in the audit process than before.

For example,, management will need to complete the Form 5500 before the audit report can be issued. Unlike in years past, this will include all related forms and schedules that could impact the audit.

Investment information certified outside the audit will need to be verified according to whether the institution itself is qualified and the agent who signs off on the certification meets Department of Labor (DOL) requirements.

Management will also need to acknowledge in writing ownership of the responsibility to maintain a current plan document, administer the plan, and confirm that transactions in the financial statements conform to and are consistent with the plan document. These written acknowledgments are in addition to the existing Terms of Engagement, which are still applicable.

These changes mean that the audit cannot begin until management provides these written acknowledgments and a substantially complete Form 5500. Therefore, timely completion of the Sec. 103(a)(3)(C) audit begins with plan management.

DOL Requirements – Proper Investment Certifications

The plan administrator is responsible for verifying that certified investment information meets DOL requirements before a Sec. 103(a)(3)(C) audit can begin.

Considerations include:

  • Choosing a qualified institution: bank, trust company, insurance company, or similar institution
    • A qualifying institution is regulated, supervised, and subject to state or federal exams.
  • An authorized agent of the institution must sign off.

Complete certification of plan investment information must include the plan name, all investments, and cover the entire audit period. Further, the certification addresses the investments and related activities’ accuracy and completeness. In instances where the plan custodian changes midyear, the plan administrator must obtain a verified certification from both custodians.

Importance of Communication

The changes outlined in SAS 136 mean that many 401k and retirement plan audits will be very different this year. It also means that clear and advanced communication with the auditor about the new requirements is essential. This will ensure there is enough time for management to complete the needed certifications and other documentation necessary under new audit rules. Our practical experience has shown that ineffective communication can bog down the process and lead to unexpected and unwelcome audit delays.

Contact Us

If you have questions about the information outlined above or need assistance with your 401k plan audit, JLK Rosenberger can help. For additional information call us at 949-860-9902 or click here to contact us. We look forward to speaking with you soon.