Important Changes to Audit Process

There are significant changes to the audit process, which are effective for plan years ending on or after December 15, 2021 (i.e., plan audits performed in 2022). 

Statement of Auditing Standards No. 136 (“SAS 136”) now requires plan management (i.e., the Company or Plan Committee) to determine the permissibility of an ERISA Section 103(a)(3)(C) audit1. This means that auditors will now require that plan management complete a Management Certification Assessment (MCA) (see attached example) to acknowledge the following conditions: The investment information is prepared and certified by a qualified institution, the certification meets the Department of Labor requirements, and the certified investment information is appropriately measured, presented, and disclosed in the footnotes to the financial statements. 

In order to complete the MCA, we generally suggest that plan management reach out to the bank, insurance company, trustee, etc., which prepared the investment information for the plan and request that they confirm, in writing, the following information: 

  1. The institution is a “qualified institution”, i.e., a bank, trust company or insurance company that is regulated, supervised and subject to periodic examination by a state or federal agency. Plan management will then be able to answer Ques. 1 on the MCA. 
  2. The party providing the certification is an authorized representative of qualified institution and is authorized to represent the qualified institution for this purpose. Plan management will then be able to answer Ques. 2 on the MCA. 
  3. The institution certifies both the accuracy and completeness of the investment information and provides the following sample certification language:
    • “[Name of qualified institution] hereby certifies that the foregoing statement furnished pursuant to 29 CFR 2520.103–5(c) is complete and accurate.”
    • Plan management will then be able to answer Ques. 3 on the MCA. 

Then, in the box at the top of page 2 of the MCA, where it asks, “How did management determine that the entity preparing and certifying the investment information is a qualified institution under DOL rules and regulations?” plan management would answer in the box, “Inquiry of account representative of certifying institution.” 

Answering the box at the top of page 3 is a bit more problematic. Are all of the Plan assets invested in marketable securities that have readily determinable market values, such as mutual funds, collective investment trusts, or separate accounts? Assuming that the answer is “yes”, then plan management would answer as follows: “The Plan is invested solely in assets with readily determinable fair values. The trustee determines values from nationally recognized pricing services.” 

The question at the top of page 3 of the MCA asks whether the investments are valued as of the date of the plan’s financial statements. Plan management should check and confirm that the investments have been valued as of the last day of the plan year (e.g., 12/31/2021). And, assuming that is the case, then they can check “Yes”. 

The “overall conclusion” may then also be checked “Yes”. 

Plan management can sign and date and return the MCA to the auditor along with the engagement letter. 

For further information, the AICPA has prepared a detailed advisory on the new audit standards. You can download a copy here2

This process is new to all of us, and we will continue to monitor new requirements as we work the audit process this year. 

1 Under this new standard, the concept of a limited scope audit is discontinued and replaced by an “ERISA Section 103(a)(3)(C) audit. The auditor is not required to review investment information if the information is appropriately certified. 


ACR# 4493160 03/22 

Leave a Reply

Your email address will not be published. Required fields are marked *