Nonprofit Resources


Understanding Your Employee Benefit Plan Responsibilities Under the New Standard

If your organization sponsors a large employee benefit plan and is subject to an audit, you need to be aware of Statement on Auditing Standards No. 136 (SAS 136), Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, particularly as it relates to management’s responsibilities in an employee benefit plan audit.

Several employee benefit plan components that you may have thought were the auditor’s responsibility are now more clearly defined as management’s responsibility under the new standard, which is effective for years ending after December 15, 2021.

Management’s Employee Benefit Plan Responsibilities Under SAS 136

Your organization’s management should be aware of these six employee benefit plan responsibilities you have under the new auditing standard:

1. Maintain a current plan instrument, including all plan amendments.

Your plan instrument is a collection of documents you must maintain. Most plans use a prototype plan or volume submitter plan. For these, the plan document has two pieces — the basic plan document and the adoption agreement — and you must maintain both and retain any amendments. You must also retain any amendments if your plan document was custom-written for your plan.

Management should also maintain:

  • A copy of the IRS determination letter (for individually designed plans) or IRS opinion letter (for prototype and volume submitter plans) as evidence that the plan is qualified under the Internal Revenue Code.
  • A current Summary Plan Description, which is the paraphrased version of the plan document distributed to plan participants. It is important for the Summary Plan Description to contain the same terms as the plan document. If they aren’t the same, the plan document will take precedence over the Summary Plan Description.
  • Any documentation related to administering the plan. This could be in the form of recordkeeping agreements with your third-party administrator, broker arrangements, etc.


2. Determine that the plan’s transactions presented and disclosed in the financial statements are in conformity with the plan’s provisions.

Failure to operate the plan in accordance with the plan document provisions is considered an operational failure. Most often, this is detected by the auditor. The new auditing standard establishes that management is responsible for verifying that operations are in conformity with the plan document.

Common operational errors include:

  • Failure to offer participation to all eligible participants
  • Incorrectly excluding employees from participation
  • Using an incorrect definition of compensation to calculate contributions

These errors often occur when payroll and human resources specialists inherit responsibilities from a predecessor and continue to operate the way they were trained, without reviewing the plan document. We recommend that your management team thoroughly review your plan document for these items and work with your payroll and human resources departments to make sure operations agree to the plan document.


3. Maintain sufficient records for each plan participant to determine the benefits that are due or may become due to participants.

Which records are relevant? For all active plan participants, you should have an I-9 or other documentation with a hire date on file as evidence of employment. If you use paper enrollment forms, retain a copy of the completed enrollment form. If enrollment is electronic through your payroll provider or third-party administrator, we recommend keeping communications about newly enrolled participants as evidence.

Many organizations have document retention policies in place that dictate how long a personnel file should be retained after an employee’s termination or resignation, but SAS 136 takes it a step further. Management must maintain records for anyone entitled to a benefit in a plan until the former employee is no longer entitled to a benefit. That means that you could have participants who retired years ago but still have a balance in their defined contribution retirement plan. Your organization should have evidence of these individuals’ retirement dates to show that they are eligible for benefits.

We recommend that you review your document retention policy and make any necessary changes to incorporate the implications of SAS 136.


4. For organizations that elect an ERISA Section 103(a)(3)(C) audit, formerly known as a DOL limited scope audit, determine whether:

a) An ERISA Section 103(a)(3)(C) audit is permissible under the circumstances;
b) The investment information is prepared and certified by a qualified institution as described in 29 CFR 2520.103-8;
c) The certification meets the requirements in 29 CFR 2520.103-5; and
d) The certified investment information is appropriately measured, presented, and disclosed in accordance with the applicable financial reporting framework.

While employee benefit plan auditors are trained in what to look for on ERISA Section 103(a)(3)(C) audits, the new standard states that management must make the determination if an ERISA 103(a)(3)(C) audit is appropriate.

Note that third-party administrators typically prepare an annual reporting package. If the plan is subject to ERISA, they often include a certification on the statements. Only certain organizations are qualified to issue the certification: banks or similar institutions, or insurance carriers that are regulated, supervised, and subject to periodic examination by a state or federal agency. Third-party administrators whose sole purpose is to provide recordkeeping services for the plan cannot provide a certification.

The certification must attest to the completeness and accuracy of the accompanying statements. In other words, the certification is not a stand-alone document. It must state that the accompanying reports and information are both complete and accurate in accordance with 29 CFR 2520.103-5. If any component of the required language is missing, it is not a valid certification.


5. Prior to dating the report, provide a draft of the plan’s Form 5500 that is substantially complete.

Before SAS 136, many audit firms considered it a best practice to obtain a draft of Form 5500 and compare it to the financial statement draft before issuing an opinion. The new standard requires this review and that the draft be substantially complete. This means that all required schedules must be included in the draft and any discrepancies the auditors identify during the review of the draft must be resolved before the audit opinion can be issued.


6. Sign a management representation letter attesting to all of the above.

To ensure that management understands the responsibility involved, auditors will now include language in the engagement letter that lays out management responsibilities explicitly. Management responsibilities will also be described in the audit opinion accompanying the financial statements and the management representation letter.

Seem daunting? The good news is that experienced employee benefit plan auditors are familiar with these items and can help you understand them. The key is that your auditors cannot assume responsibility for matters that are required from management.

Please contact us if you have questions or would like to discuss how our dedicated team of employee benefit plan auditors can assist your organization.


Additional Resources:
First-Time Employee Benefit Plan Audits: What to Expect
Mastering Employee Benefit Plan Complexities

Emily Toler

Emily serves as a partner in the Indianapolis office and as the firm’s Employee Benefit Plan Services Director. Emily has 20 years of experience providing audit and tax services for employee benefit plans, with a primary focus on 403(b) plans. She currently oversees approximately 70 benefit plan audits and related filings. Emily also is a member of the AICPA Employee Benefit Plans Audit Quality Center Executive Committee.

Leave a Comment