Great question. First, we’re going to assume you have an employee benefit plan that needs to be audited. If you have questions about that, stop here and read, “This Is When You Need To Have An Employee Benefit Plan Audit.”
Now, you know an independent public accountant is required to audit your benefit plan. You’re required to submit the annual audit and Form 5500 seven months after your plan year ends (an extension is available). But, what type of audit is right for your plan – limited scope or full scope?
About limited scope audits
A limited scope audit limits an independent auditor from auditing investment information that a qualified institution prepares and certifies. The plan administrator – and ONLY the plan administrator – can instruct the auditor to NOT perform any auditing procedures on the certified investment information. It’s limiting the scope of the audit work, hence the name.
That’s a high-level overview. There are more details to consider.
First, a qualified institution is a bank (or similar institution) or an insurance carrier. It has to be regulated, supervised, and subject to periodic examination by a state or federal agency. And, the qualified institution must act as a trustee or custodian of the benefit plan.
The qualified institution has to certify that the investment information submitted is both complete and accurate. Once again, complete and accurate. Both, not one or the other.
Second, your plan administrator is responsible for knowing if the plan meets the conditions for a limited scope audit. The administrator must know if the certification is from a qualified institution and signed by an authorized individual.
Plus, the administrator must decide if the certified information can be used to report the plan’s assets’ value on Form 5500. Finally, the plan administrator is responsible for deciding whether the financial statements and disclosures related to the investment information are prepared in accordance with generally accepted accounting principles (GAAP) and Department of Labor (DOL) rules and regulations.
Third, if available, you’ll want to provide the plan auditor a SOC 1 report from the certifying trustee or custodian. The SOC 1 report addresses areas other than investments. The auditor will still perform audit procedures on participant data, contributions, benefit payments, and more.
How do the audit types differ?
If the limited scope exemption is correctly applied, the auditor doesn’t have to perform testing procedures on investment information certified by the qualified institution. And generally, the auditor issues a report disclaiming an opinion on the financial statements and supplemental schedules due to the limited scope exemption.
With a full-scope audit, the auditor tests plan information and a plan’s compliance with IRS and DOL regulations. Because a full-scope audit is more comprehensive, and the auditor likely has access to all the data it requests, the auditor can issue a report with an opinion.
So, which type of audit should your plan have?
If you don’t qualify for a limited scope audit, the decision is easy. The plan must undergo a full-scope audit. If you do qualify, the decision becomes more complex, and you have to weigh what’s best for the organization, the plan, and the plan’s participants. Think about the following questions.
- Are you confident the qualified institution has correctly prepared and certified the investment information?
- Does your plan administrator know GAAP and DOL rules and regulations? Are you certain your qualified institution has adhered to these standards?
- Do you want to know about any potential errors in your plan’s management or operations? Including investment activity?
- Are you concerned about the price of an audit?
- As the plan administrator, are you completely aware of your responsibilities?
If you select a limited scope audit, your auditor could discover that the certified information is incomplete. If this happens, the auditor may perform more testing and communicate anything that’s not done according to GAAP or DOL rules to the plan administrator.
For both full-scope and limited scope audits, the auditor may identify errors and provide recommendations to improve plan management, internal controls, and operations. These recommendations can come in the form of internal control or management letters. Essentially, if the audit firm finds you aren’t doing something you should be, it will issue these letters. Regardless of the type of audit.
Changes on the horizon
The Auditing Standards Board has a new audit standard – SAS No. 136 – that takes effect for employee benefit plan audits with periods ending on or after Dec. 15, 2021. Early implementation is allowed for audits with periods ending on or after Dec. 15, 2020.
When the new standard is implemented, the limited scope audit will become an ERISA Section 103(a)(3)(C) audit. Your plan administrator can still require the auditor to not test investment information, but the information in the auditor’s report will change. The report will include more communication of the auditor’s reportable findings to management and individuals charged with the plan’s governance.
Stay tuned for more details on this new auditing standard.
Do you need an auditor to perform a limited scope or full scope audit? Let’s talk!