SAS 136: The 6 Things Employee Benefit Plan Sponsors Should Know About This New Standard

Updated on: January 24, 2022

Authored By Jen Amato | Director, Audit

In July 2019, the AICPA issued SAS 136 (the “Standard”), which has since been codified into audit standard AU-C Section 703, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA. The Standard was issued in response to overarching concerns regarding audit quality surrounding employee benefit plan (EBP) audits.

The Standard serves the following purposes:

  • Improve auditor performance
  • Enhance the overall quality of employee benefit plan audits
  • Increase the communicative value and transparency in the auditor’s report on the financial statements

After multiple comment periods and delays in implementing the Standard, it is now effective for all years ending after December 15, 2021, with early adoption permitted. This means that all plan audits for 2021 calendar year-ends will be subject to the changes encompassing the Standard. For those accounting firms that did not adopt early, the 2021 calendar year-end audits will be the first time implementing the Standard.

What Does This Mean for Me as the Plan Sponsor?

You might be wondering, does this mean that my plan’s past audits have not been of quality and/or have been deficient? The short answer is, not necessarily.

For many accounting firms, including SC&H, the new Standard may incrementally enhance audit processes and documentation of an already robust process. For other accounting firms with less vigorous processes, the new Standard may require the firm to implement and develop a new process to ensure audit quality moving forward.

What Has Changed for Employee Benefit Plan Audits?

While the name and overall approach for a full scope audit remain unchanged, there are six primary areas in which the Standard sets forth several performance and reporting changes and additional requirements for ERISA Section 103(a)(3)(C) audits, previously known as “limited scope audits.” Those changes are as follows:

  1. Engagement acceptance and management representations
  2. Performing additional audit procedures on areas unique to ERISA benefit plans
  3. Communication with those charged with governance
  4. Risk assessment
  5. Changes to the auditor’s report
  6. Auditor’s responsibility related to Form 5500

1. Engagement Acceptance and Management Representations

While proper engagement acceptance procedures have always been required as part of planning for any audit, the Standard lays out specific items, and potential additional items, that management must acknowledge and agree to prior to the auditor’s acceptance and execution of the audit. Stated succinctly, management must now acknowledge their responsibility as it relates to the following:

  • Maintaining a current plan document including all amendments to the plan
  • Administering the plan appropriately in accordance with plan document and DOL/IRS regulations
  • Determining those transactions presented and disclosed in the financial statements conform with the items above
  • For 103(a)(3)(C) audits, determining that such an audit is permissible under the arrangement and circumstances surrounding the plan, the entity certifying the information is a qualified institution set forth by section 103(a)(3)(C), the certification letter meets the requirements of 29 CFR 2520.103-8, and the certified information is measured, presented, and disclosed in accordance with the required financial reporting framework

Typically, the plan sponsor should expect these items to be included as management responsibilities in the audit engagement letter. These items must also be included in the written representations that the plan sponsor representatives need to sign at the end of the audit.

2. Performing Additional Audit Procedures on Areas Unique to ERISA Benefit Plans

Given that these audits are heavily compliance-focused, it is important that the auditor ensures that such compliance attributes are tested. Some plan sponsors may not experience a significant change in this area, as many auditors have previously incorporated procedures to test these items in their audits.

Examples of such procedures could include:

  • Obtaining and reading the most current plan instrument for the audit period, including effective amendments
  • Identifying any plan provisions that are relevant to the audit and performing procedures related to those plan provisions
  • Determining whether management has performed the relevant IRC compliance tests, as applicable
  • Considering whether prohibited transactions identified by management or as part of the audit have been appropriately reported in the applicable ERISA-required supplemental schedules

3. Communication with Those Charged with Governance

Under AU-C 703, the auditor is required to evaluate whether certain issues found as a result of the audit would qualify as reportable findings. The auditor is required to communicate in writing with those charged with governance of the plan, the nature and context of all reportable findings, and the potential effects of such findings on the plan and/or the financial statements. Reportable findings could include:

  • Any instance of noncompliance with laws or regulations or the plan document that are uncovered in the audit
  • Any items uncovered that would be of interest to those with governance over the financial reporting process
  • Deficiencies in internal control that warrant management’s attention

4. Risk Assessment

While assessing risk in an audit engagement has always been a part of an employee benefit plan audit, the new Standard more clearly defines areas specific to a plan that the auditor should assess during planning. Examples of these areas include plan provisions, plan tax status, and prohibited transactions.

5. Changes to the Auditor’s Reports

ERISA 103(a)(3)(C)
As you might be aware, the Standards prior to SAS 136 permitted limited scope audits where regulators allowed for a disclaimer of opinion of all plan investment information that was certified by a qualified institution pursuant to ERISA 103(a)(3)(C). Under the new Standards, a 103(a)(3)(C) audit opinion will not be a disclaimer of opinion, whereby the auditor is basically not issuing an opinion on the investment information. The new opinion will be a two-pronged opinion, whereby the auditor will now issue two opinions on the benefit plan audit.

  1. First, an opinion regarding whether the amounts and disclosures in the financial statements not covered by the certification are fairly stated.
  2. Second, an opinion on whether the certified information in the financial statements agrees to, or is derived from, the certification in all material respects.

Overall, for most firms, if a quality limited scope audit was performed in the past, these changes should not materially affect the audit process.

New and Improved Audit Report

As mentioned above, plan sponsors will see significant changes in their audit reports for those that performed limited scope audits in the past. In addition, while the overall content included in both full scope and 103(a)(3)(C) audit reports will not change drastically, the audit report has been retooled to allow for more clarity and transparency for the users of the financial statements. The report will now clearly lay out both auditor and management responsibilities.

6. Auditor’s responsibility related to form 5500

The new Standard addresses the role of Form 5500, Annual Return/Report of Employee Benefit Plan, as a component of an employee benefit plan audit. Under the Standard, the auditor must obtain a substantially complete Form 5500 that includes all required schedules, not merely the Schedule H, Financial Information. Form 5500 must be reviewed by the auditor to ensure financial amounts either tie to the audited financial statements or have been reconciled in the footnotes to the financial statements. The auditor should also ensure the remainder of the return appears reasonable.


Retirement plan audits are an important part of the governance of a plan, and this new Standard has highlighted the importance and diligence that needs to be adhered to in this area. Provided that retirement plan assets are a valued part of our economy and of each participant’s retirement investment portfolio and planning, it is our hope that the changes set forth in this new Standard enhance the quality and transparency of the audit process for an area that is often seen as a commodity service in the industry.

If you have any questions about how this new Standard could affect your organization’s employee benefit plan audits, please contact our Audit services team. One of our professionals is ready to assist you.

Related Insights


Subscribe to our Insights

A collection of insights about our capabilities, solutions, people, and client successes.