Skip to content Skip to sidebar Skip to footer

Expect Changes to Your Upcoming 401k Audit Due to SAS 136



There is a new auditing standard that will soon impact upcoming employee benefit plan audits for periods ending on or after December 15, 2021 — Statement on Auditing Standards (SAS) No. 136.


The Auditing Standards Board of the America Institute of Certified Public Accountants (AICPA) — which is responsible for establishing U.S. auditing standards — recently issued SAS 136 for audits of financial statements of employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA).


You may be thinking, “I am the plan administrator, but what do I care about an auditing standard?”


Read on — this article will lay out the changes that you can expect to see during your audit.


Goodbye limited scope!


The “limited scope audit” terminology is now a thing of the past under SAS 136, as the standard introduces a new term — ERISA Section 103(a)(3)(C) audit — which essentially replaces the term “limited scope audit.” Auditors will no longer issue a disclaimer opinion and will instead issue an ERISA Section 103(a)(3)(C) auditor’s report.


The standard also establishes new performance and reporting requirements specific to these ERISA Section 103(a)(3)(C) audits. This standard is unique to employee benefit plan audits and allows the investments to be scoped out of the audit without issuing a disclaimer of opinion with a scope limitation.


Engagement letter


The engagement letter will look different from what plan administrators are used to seeing in previous years, with inclusions such as the new ERISA Section 103(a)(3)(C) language.


The letter will also request that you acknowledge your responsibility for maintaining a current plan instrument (including all plan amendments), administering the plan, and determining that the plan’s transactions that are presented and disclosed in the financial statements are in conformity with the plan’s provisions, including maintaining sufficient records with respect to each of the participants to determine the benefits due or which may become due to such participants.


In addition, the letter will require that you provide your auditor with a substantially complete draft Form 5500 prior to the dating of the auditor’s report, which may be a process you have already implemented. The letter will also identify significant risks of material misstatement as determined by the auditor to enhance transparency.


During the audit


Your auditor will likely ask how plan management determined that it was appropriate to elect to have an ERISA Section 103(a)(3)(C) audit. This questioning may include whether the audit is permissible, if the investment information is prepared and certified by a qualified institution, whether the certification meets Department of Labor (DOL) requirements, and if the certified investment information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework.


Don’t worry — your auditors can walk you through the process as this is something they have evaluated in the past under limited scope audits.


Additional audit requests may occur as a result of the new standard, requiring the auditors to evaluate the need to test relevant plan provisions as part of risk assessment or on areas that they did not need to consider previously.


Audit wrap up


SAS 136 requires that the auditor obtain certain management representations at the engagement’s conclusion, so you should expect the management representations letter to contain similar changes as the engagement letter.


In addition, there are new requirements for communications — including reportable findings — to plan management and those charged with plan governance.


The new standard also changes the form and content of the auditor’s report in the financial statements. The disclaimer of opinion and the basis for the disclaimer of opinion you may be familiar with has been replaced by a two-pronged opinion based on the audit and the procedures performed related to the certified investment information.


Takeaways for the plan sponsor


Here are a couple of suggestions that you can perform now to be prepared for your 2021 audit:


  1. Review your plan document, adoption agreement, plan amendments, and any contracts to ensure you have proper records. Although you may use a service provider to help with plan administration, it is ultimately the plan sponsor’s responsibility. Ensure that you have these records organized and accessible in your files and that the plan document is up to date with all legal and regulatory requirements.

  2. Review your HR files for completeness and accuracy. Ensure that the participant’s information is correctly stated in the systems upon termination and review your plan’s cash-out provisions to remove small balances from your plan at the participant’s termination, working with your third-party administrator (TPA) to initiate those transactions.

  3. If you haven’t done so already, provide your 2021 census to your TPA for the IRC compliance testing. Work with your TPA to ensure the testing is performed and any action items/failures are resolved in a timely manner.

  4. Hold regular meetings — at least quarterly — with your 401k oversight committee to review the plan, significant or unusual transactions, plan compliance, and investment performance. Document any meetings with minutes and take an active role in managing your plan — do not rely on your TPA to do so.

The new auditing standard shifts more of the responsibility back onto the plan sponsor but also provides increased communication and audit transparency, thereby increasing audit quality.


If you have any questions about the information above, please contact your E. Cohen advisor.




Jessica Bragdon, CPA

Jessica Bragdon, CPA, MBA







Jessica Bragdon, CPA, MBA


Jessica (Jess) Bragdon is a Senior Manager in E. Cohen’s Assurance Services Group, with over nine years of accounting experience. She graduated summa cum laude from Salisbury University and received her Master of Business Administration from the Kenan-Flagler Business School at the University of North Carolina – Chapel Hill.


Jess’ areas of expertise include audits, reviews and compilations, focusing primarily on small to medium sized businesses and for-profit organizations. J