Employee - AICPA
Employee Benefit PlanAudit Quality CenterPlan advisoryEmployeebenefits plans — financialstatement audits1
The AICPA EBPAQC is a firm-based, volunteer membership center created withthe goal of promoting quality employee benefit plan audits. Center membersdemonstrate their commitment to ERISA audit quality by joining and agreeingto adhere to the Center’s membership requirements. EBPAQC member firmsreceive valuable ERISA audit and firm best practice tools and resources that arenot available from any other source.Visit the center website at aicpa.org/EBPAQC to see a list of EBPAQC memberfirms and find other valuable tools prepared for plan sponsors and otherstakeholders. For more information, contact the EBPAQC at ebpaqc@aicpa.org.This publication may be freely reproduced and distributed for intra-firm andclient service purposes, providing that the reproduced material is not in any wayoffered for sale or profit. 2018 American Institute of CPAs. All rights reserved. AICPA and American Institute of CPAs are trademarksof the American Institute of Certified Public Accountants and are registered in the United States, the EuropeanUnion and other countries. SOC 1 is a trademark of the American Institute of Certified Public Accountants andis registered in the United States. The Globe Design is a trademark owned by the Association of InternationalCertified Professional Accountants and is licensed to the AICPA. 1803-6312
Contents2Introduction3Plan financial reporting and audit processand management’s responsibilities5Purpose, objectives and benefits of theindependent audit8General audit considerations12Full scope vs. limited scope14Audit areas17The audit process24Auditor’s report28Your role in the audit process30Additional resources1
IntroductionThe AICPA Employee Benefit Plan Audit Quality Center (EBPAQC) has preparedthis advisory to provide you, the plan sponsor, administrator or trustee withan understanding of insights into the independent audit of the financialstatements of an employee benefit plan. While this document addressesaudits of financial statements that are prepared for purposes of filing withthe U.S. Department of Labor (DOL) on Form 5500, Annual Return/Report ofEmployee Benefit Plan (Form 5500), much of the information may be useful inunderstanding the processes involved in the audits of plans that file a Form11-K with the U.S. Securities and Exchange Commission (SEC).A financial statement audit is conducted by an independent certifiedpublic accountant. The independent auditor’s overarching goal is to obtainreasonable — but not absolute — assurance that the financial statementsprepared by plan management are fairly presented. To communicate thatassurance, the independent auditor provides an opinion about whetherthe plan’s financial statements are presented fairly, in all material respects,in accordance with U.S. generally accepted accounting principles aspromulgated by the Financial Accounting Standards Board (FASB) (GAAP)or a special purpose framework that is acceptable to the DOL, such as themodified cash basis of accounting.This advisory describes the roles and responsibilities of individuals involved inthe plan’s financial reporting and audit process, and the purpose, objectivesand benefits of a financial statement audit. The term plan management asused throughout this document refers to the party or parties that createdthe plan and/or have ultimate responsibility for the plan’s maintenance,compliance, and oversight and may include the plan sponsor, planadministrator, plan committees or others charged with governance. Thisadvisory also discusses audit scope, general audit matters common to allaudits, the audit process, the auditor’s report, and what you can do to assist inthe audit process.2
Plan financial reportingand audit process andmanagement’s responsibilitiesThe primary objective of a plan’s financial statements is to provide informationthat is useful in assessing the plan’s present and future ability to pay benefits.Human resourcesFinancial accountingERISA counselActuary (defined benefit)Independent auditorThird-partyadministrator/record keeperInvestmenttrustee/custodianThe financial reporting process may involve many parties, including theplan sponsor’s financial accounting and human resources departments, athird-party administrator, investment trustees and custodians, an actuary,ERISA legal counsel and the independent auditor. Plan management may hireservice organizations to perform record keeping and reporting functions, butthe ultimate responsibility for accurate financial reporting rests withplan management.One of the most important duties of plan management is to hire theindependent auditor. In some cases, the plan sponsor may have an auditcommittee, employee benefits committee or administrative committeethat oversees the financial reporting process, including internal control overfinancial reporting and the appointment, compensation and oversight of theindependent auditor.3
The plan financial reporting and audit environment is unique in many respects,including the nature of plan operations; the various laws and DOL and InternalRevenue Service (IRS) regulations with which plans must comply; and specialreporting and audit requirements. These matters, which affect every plan, addto the complexity of an employee benefit plan audit. Other matters that maycomplicate the plan reporting and audit process may include changes to theplan document; plan mergers, freezes or terminations; and changes inservice organizations.Unique aspects of the EBP reporting and audit environmentERISASOC 1 internal controlreportsDOL and IRSregulationsProhibitedtransactionsParties ininterestForm 5500Employeebenefit planFull vs.limited scopeauditsPlandocument/tax statusFair rtification
Purpose, objectives andbenefits of the independentauditThe Employee Retirement Security Act of 1974 (ERISA) generally requiresemployee benefit plans with 100 or more participants to have an independentfinancial statement audit as part of the plan sponsor’s obligation to file aForm 5500.Helpsprotect plan’sfinancial integrityHelps usersdetermine whetherfunds will beavailable to paybenefitsHelps improveplan operationsHelps plansponsor carryout its legalresponsibilitiesFinancial statement audits provide an independent, third-party opinion toparticipants, plan management, the DOL and other interested parties that theplan’s financial statements provide reliable information to assess the plan’spresent and future ability to pay benefits. A financial statement audit helpsprotect the financial integrity of the employee benefit plan, which helps usersdetermine whether the necessary funds will be available to pay retirement,health and other promised benefits to participants. The audit may also helpplan management improve and streamline plan operations by evaluating thestrength of the plan’s internal control over financial reporting and identifyingcontrol weaknesses or plan operational errors. And the audit helps the plansponsor carry out its legal responsibility to file a complete and accurate Form5500 for the plan with the DOL.5
The overall objectives of the plan auditor under professional standards areto obtain reasonable assurance about whether the financial statements asa whole are free from material misstatement, whether due to fraud or errorand to report on the financial statements in accordance with his or herfindings. In addition, the DOL requires the independent auditor to offer anopinion on whether the DOL-required supplemental schedules attached tothe Form 5500 are presented fairly in all material respects, in relation to thefinancial statements as a whole.To accomplish these objectives, the auditor plans and performs the auditto obtain reasonable assurance (see a discussion of reasonable assurancebelow) that material misstatements, whether caused by error or fraud, aredetected. The auditor assesses the reliability, fairness and appropriatenessof the plan’s financial information as reported by plan management. Theauditor tests evidence supporting the amounts and disclosures in the plan’sfinancial statements and DOL-required supplemental schedules; assessesthe accounting principles used and significant accounting estimates madeby management; and evaluates the overall financial statement presentationto form an opinion on whether the financial statements as a whole are free ofmaterial misstatement.The auditor’s responsibility for ERISA, DOL and IRScompliance and fraud detectionThe independent financial statement audit is an important part of thesafeguards established by Congress in ERISA to protect plan participants. Asnoted above, the auditor is responsible for obtaining reasonable assurancethat the financial statements as a whole are free from material misstatement,whether caused by fraud or error. Absolute assurance is not attainable andeven a properly planned and performed audit may not detect a materialmisstatement. A material misstatement due to fraud may not be detectedfor many reasons. For example, the act may involve conduct designed toconceal it, such as collusion, forgery, deliberate failure to record transactions,management override of controls or intentional misrepresentations made tothe auditor.In conducting a plan audit, the auditor has a responsibility to performprocedures with respect to the provisions of ERISA and DOL and IRSregulations that have a direct effect on the determination of material amountsand disclosures in the financial statements. For employee benefit plans, thiswould include party in interest transactions that may be prohibited by ERISA.6
When the auditor becomes aware of information concerning a possibleprohibited party in interest transaction or other noncompliance with lawsand regulations, the auditor obtains an understanding of the nature of thetransaction, the circumstances in which it occurred and sufficient otherinformation to evaluate the effect on the financial statements. As part theauditor’s consideration of the plan’s compliance with laws and regulations, theauditor is required to make certain inquiries and review correspondence withthe DOL and IRS. The auditor also considers the effect of the transaction onthe financial statements.Most laws and regulations relate more to the plan’s design and operationsthan to its financial reporting process and, as such, any potential financialstatement effect is indirect. With respect to laws and regulations that do nothave a direct effect on the determination of the amounts and disclosuresin the financial statements but where noncompliance with such laws andregulations may have a material effect on the financial statements (such asthose necessary for the plan to avoid material penalties or lose its tax exemptstatus), the auditor’s responsibility is limited to performing specified auditprocedures that may identify noncompliance with those laws and regulationsthat may have a material effect on the financial statements.Determining whether an act constitutes noncompliance ultimately is a matterfor legal determination, such as by a court of law, and the auditor ordinarilydoes not have a sufficient basis for determining possible violations of suchlaws and regulations.7
General audit considerationsThe following are some general audit considerations for all employee benefitplan financial statement audits.Generally accepted auditing standardsThe independent auditor must follow generally accepted auditing standards(GAAS). These standards provide a measure of audit quality and the objectivesto be achieved in an audit. They address auditor technical training andproficiency; independence; due professional care; planning and supervision;obtaining a sufficient understanding of the entity and its environment toassess the risk of material misstatement; obtaining sufficient appropriateaudit evidence; and the required components of an auditor’s report.Adequate technical training and proficiencyAn auditor is required to have adequate technical training and proficiency toperform the audit; therefore, the auditor only accepts an audit when he orshe will be able to meet the responsibilities and requirements related to theengagement. Factors to be considered include expertise in the benefit planarea, ability to meet the engagement’s time requirements and deadlines andability to meet ERISA audit requirements.Professional skepticismProfessional skepticism is fundamental to an independent auditor’s objectivityand includes a questioning mind and an objective assessment of auditevidence. It requires an emphasis on the importance of maintaining the properstate of mind during the audit. The auditor uses his or her knowledge, skill,and ability to perform — in good faith and with integrity — the gathering andobjective evaluation of audit evidence.8
Auditor independenceThe auditor’s independence from the plan and plan management is essentialfor a successful audit because it enables him or her to approach the audit withthe necessary professional skepticism. Independent auditors must adhere torules of auditor independence established by the AICPA and DOL and for plansthat file a Form 11-K, the SEC and the Public Company Accounting OversightBoard (PCAOB). These rules address financial interests and relationships withthe plan sponsor; maintaining plan records; and providing non-audit and otherservices. For example, the DOL will not consider an auditor to be independentwith respect to a plan if the audit firm or any of its employees maintain thefinancial records for the employee benefit plan.9
Financial statement auditsare guided by two importantfactors: reasonable assuranceand materiality.Reasonable assurance and materialityFinancial statement audits are guided by two important factors: reasonableassurance and materiality. These two factors affect the way the independentauditor examines, on a test basis, transactions that occurred and controls thatfunctioned during the year. The extent or scope of the testing also is drivenby the auditor’s risk assessment (see the “Risk Assessment” section on page17 and 18). Because it is not practical for an independent auditor to examineevery transaction, control and event — it would preclude timely financialreporting and be prohibitively expensive and resource intensive — there is noguarantee that all material misstatements, whether caused by error or fraud,will be detected. Reasonable assurance is obtained by reducing audit risk toan appropriately low level through applying due professional care, includingobtaining sufficient appropriate audit evidence. The concept of materiality isapplied in planning and performing the audit, in evaluating the effect of anyidentified misstatements and in forming the opinion included in the auditor’sreport. The determination of materiality is a matter of professional judgmentand is based on a combination of both quantitative and qualitative factors.Inherent in reaching judgments about materiality is the auditor’s perception ofthe needs of users of the financial statements.Professional judgmentAuditors use their professional judgment to determine how much evidence issufficient and what kind of evidence should be collected to form an opinion onthe financial statements. Auditor judgment also is required in interpreting theresults of audit testing and evaluating audit evidence. Auditors also exerciseprofessional judgment in evaluating the reasonableness of accountingestimates based on information that could reasonably be expected to beavailable prior to the completion of the audit. As a result, regarding the10
plan’s accounting estimates, the auditor often must rely on evidence that ispersuasive rather than convincing. More judgment is needed when auditingaccounting estimates, such as valuations of hard-to-value investments orbenefit obligation amounts in financial statements, the measurements ofwhich are inherently uncertain and depend on the outcome of future events.Auditor communicationsProfessional standards require auditors to communicate certain matters toplan management and “those charged with governance,” which is defined asthe person(s) with responsibility for overseeing the strategic direction of theplan and obligations related to the accountability of the plan. The appropriateindividual or group may vary depending on the matter to be communicated.The communications are made throughout the audit: during the planningstage, during fieldwork and many times after the auditor’s report is issued.Some communications will be formalized in writing, while others may beverbal communications. The communications will address various issuessuch as the nature and parameters of the engagement; plan internal controlmatters; and audit findings and recommendations for improvement. Furtherdiscussion of these auditor communications can be found in the AICPAEBPAQC’s plan advisory, Employee benefit plans — financial statement audits(see more information about this publication in the “Additional Resources”section on page 30 and 31).11
Full scope vs. limited scopeTypically, financial statement auditors are engaged to audit and report onthe reporting entity’s financial statements, including all assets; liabilities andobligations; and financial activities. These audits are performed without anyclient-imposed scope limitation or other restriction. ERISA is unique in that,when certain criteria are met, it permits plan management to instruct theauditor to limit the scope of testing of investment information included inthe financial statements. This limited scope election must be supported by acertification from a qualified entity as to both the accuracy and completenessof the plan’s investment information. Such audits are referred to as “limitedscope” audits. Plan management is responsible for determining that theconditions of the limited scope audit exemption have been met.In a limited scope audit, the auditor does not audit the certified investmentinformation (investments typically are the most significant plan assets). He orshe still tests participant data, including the allocation of investment incometo individual participant accounts, and tests contributions, benefit paymentsand other information that was not certified. Even though the auditor performsprocedures on everything except the investment information in a limited scopeaudit, he or she will disclaim an opinion — which means the auditor cannotexpress an opinion — on the financial statements because of the significanceof the information that was not audited.Limited scope audits and the resulting disclaimers of opinion are notacceptable to the SEC for purposes of employee benefit plans that fileForm 11-K with the SEC.Plan management is responsiblefor determining that theconditions of the limited scopeaudit exemption have been met.12
Full scope vs. limited scope auditsFull scope auditsOther planassetsPlan investments (audited)Limited scope auditsOther planassetsCertified plan investments(not audited)13
Audit areasThe financial statement audit for employee benefit plans typically coveremployee and employer contributions; benefit payments; plan investmentsand investment income (full scope audits); participant data; participantallocations; liabilities and plan obligations; loans to participants; andadministrative expenses. In addition, the auditor considers other matters thatmay affect the financial statements, as discussed below.ContributionsInvestments andinvestment income(full scope)Benefit paymentsParticipant dataParticipant allocationsLiabilities and planobligationsLoans he auditor tests contributions from the employee and employer to determinewhether the amounts received by or due to the plan are properly determinedand recorded and disclosed in the financial statements, and whether anyappropriate allowances have been made for uncollectable amounts.Benefits and benefit paymentsBenefits are tested to determine whether the payments are in accordance withplan provisions and related documents, whether payments are made to or onbehalf of the persons entitled to them and only to such persons, and whethertransactions are properly recorded in the proper account, amount and period.14
Liabilities and plan obligationsThe auditor performs tests to determine whether all plan liabilities are reportedin the financial statements. In a defined benefit plan, the auditor will test planobligations to determine that they are properly estimated and reported in thefinancial statements. Testing plan obligations typically will include using thework of an actuary.Participant data and allocationsThe auditor applies procedures to relevant participant data, such asdemographic data (e.g., sex, marital status, birth date and period of service);payroll data relevant to determining contributions and benefit payments (e.g.,wage rate, hours worked, earnings and contributions to the plan); participantelections (e.g., investment elections and elected deferral rates); and benefitdata (e.g., benefit levels and options selected) to determine whether allcovered employees have been properly included and whether accurateparticipant data were supplied to plan management and the plan actuary, ifapplicable. This work often is done in conjunction with other audit areas suchas contributions or benefits testing. The auditor also tests whether investmentincome has been properly allocated to individual participant accounts.Investments and investment incomeIn a full scope audit, the auditor applies procedures to determine whetherinvestments are properly recorded, owned by the plan, properly valued as ofthe financial statement date (generally at fair value), properly presented inthe financial statements and the appropriate related disclosures are made,and that investment transactions are made in accordance with the plan’sestablished investment policies. The auditor also tests whether the incomefrom the plan’s investments has been properly recorded. As noted above,in a limited scope audit, the auditor does not audit the certified investmentinformation (investments typically are the most significant plan assets);however, he or she still tests the allocation of investment income to individualparticipant accounts and evaluates whether investments are properlypresented in the financial statements and the appropriate related disclosuresare made.Loans to participantsLoans to participants and the related interest are tested to determine whetherthe amounts due the plan have been properly identified, valued, recorded anddisclosed in the financial statements.15
Administrative expensesExpenses may be tested to determine if they are in accordance withagreements, are properly classified and are recorded in appropriate amountsin the proper period.Other auditing considerationsParties in interest and prohibited transactionsProfessional standards require that the auditor be aware of the possibleexistence of party in interest and material related party transactions that couldaffect the financial statements or for which DOL reporting regulations requiredisclosure and be aware of the possibility that noncompliance with lawsand/or regulations (including party in interest transactions that may beprohibited by ERISA) may have occurred. They also require that the auditorperform procedures to identify instances of noncompliance with those lawsand regulations related to party in interest and prohibited transactions thatmay have a material effect on the financial statements.The auditor is required to inspectcorrespondence, if any, with theDOL and IRS.Plan tax statusThe auditor also must be aware of the possibility that violations of tax lawsand regulations may have occurred. The auditor is expected to inquire ofmanagement and other appropriate parties and obtain representations frommanagement concerning whether the plan is in compliance with the laws andregulations that affect the plan’s qualified status. The auditor also is required toinspect correspondence, if any, with the IRS. In addition, if specific informationcomes to the auditor’s attention that provides evidence concerning theexistence of possible violations affecting the financial statements, he or sheshould apply auditing procedures specifically directed to ascertaining whethera violation has occurred.16
The audit processPlanningandsupervisionRiskassessmentand eportingPlanning and supervisionProfessional standards require that the auditor adequately plan the workand supervise any assistants. Audit planning includes developing an overallaudit strategy for the expected conduct, organization and staffing of theaudit; establishing a written understanding with the client regarding theservices to be performed, including the scope of the audit and the auditor’sresponsibilities regarding any supplemental schedules accompanyingthe basic financial statements; and obtaining an understanding of theplan’s internal controls. The nature, timing and extent of planning will varyaccording to the type of employee benefit plan, the size and complexity ofthe plan’s operations, the auditor’s experience with the plan, and his or herunderstanding of the plan and its environment, including its internal control.Matters that affect the scope of the audit include whether the audit will be afull scope or a limited scope; the type of trust and/or custodial arrangementand nature of investment options; involvement of service organizations andother key service providers; and whether the audit is an initial audit, mergedplan or final audit. The auditor also should consider whether specialized skillsare needed in performing the audit, such as an investment valuation specialistor actuary.Risk assessmentAudit risk is the risk that the auditor expresses an unmodified opinion whenthe plan’s financial statements are materially misstated. The auditor considersaudit risk in relation to the overall financial statement level and the assertionlevel (existence or occurrence, completeness, valuation or allocation, rightsand obligations, presentation and disclosure, and cutoff) for classes oftransactions, account balances, and disclosures, and performs procedures toassess the risks of material misstatement at both levels.17
In designing the plan audit, the auditor will consider whether certain areasmight require special scrutiny. A few areas presenting particular risks ofmaterial misstatement when auditing employee benefit plans are (a) the fairvalue of investments with no readily ascertainable market, (b) new types ofinvestments, (c) accuracy of benefit amounts and (d) whether contributionsare accurately calculated.The results of the risk assessment completed during the planning stages ofan audit provide the basis for determining the scope of the audit and nature,timing, and extent of the audit tests that will be performed. Audit planning isa continuous process, however, and the audit scope might be adjusted duringthe audit based on audit results or consideration of other factors.Internal controlThe auditor must obtain an understanding of the plan and its environment,including its internal control relevant to the audit, which will provide a basis fordesigning and implementing the audit plan.An important part of the auditor’s planning is to look at the internal controlover the financial reporting process — including those at service organizationsthat perform accounting, participant, and/or investment record keepingfunctions — that are in place and then evaluate their effectiveness in orderto assess the risks of material misstatement. In examining internal controlsover financial reporting, auditors will seek to determine whether the plan hasestablished effective procedures to reduce the chances of errors or fraud.If controls are in place and are effective, the auditor may be able to reduce theamount of detailed testing later in the audit.18
SOC 1 reportsAn effective approach to help plan management understand and monitorthe quality and effectiveness of service organizations, such as outsourcedplan administrators and the investment trustee or custodian, is to request areport on the controls at the service organization, called a service organizationcontrol (SOC) 1 Report. SOC 1 Reports can be extremely important to youin fulfilling your fiduciary duty to monitor controls at service organizations.Obtaining a SOC 1 report also is important for the plan auditors to use inunderstanding and assessing controls at the service organization that arerelevant to the plan financial statements. Further discussion of the importanceof SOC 1 reports can be found in the AICPA EBPAQC’s plan advisory, Effectivemonitoring of outsourced plan record keeping and reporting functions (seemore information about this publication in the “Additional resources” sectionon page 30 and 31).Audit testingIn developing an audit strategy, the auditor considers whether to rely on therelevant controls at the plan and the plan’s service organizations for variousareas of the audit based on an assessment of factors such as cost/benefitconsiderations, the size of the plan and prior year results of control testing.If test results indicate the plan’s controls are effective, the auditor may reducethe level of “substantive tests” he or she performs as a basis for theaudit opinion.Substantive audit procedures provide evidence about particular financialstatement assertions by management and whether actual account balancesare fairly stated. Based on the auditor’s assessment of risk and the qualityof the plan’s internal controls, the auditor then performs substantive testingprocedures on selected account balances and transactions. If internal controlsare strong, this will reduce but not eliminate the amount of substantive testingthe auditor needs to perform.19
There
plan management improve and streamline plan operations by evaluating the strength of the plan’s internal control over financial reporting and identifying control weaknesses or plan operational errors. And the audit helps the plan . have a direct e
INTRODUCTION Purpose of the Document To help AICPA members comply with the AICPA and Yellow Book standards, this document highlights provisions in the Yellow Book's Independence Standards1 and compares them to the relevant independence provisions of the AICPA Code of Professional Conduct (AICPA, Professional Standards, ET sec. 1.200). The AICPA code refers to services that do not require
UWorld Roger CPA Review 2020 AICPA Released Questions - AUD 2 2020 AICPA Released Questions for AUD The Key gives the correct letter answer for each question. Key: A The numbering system indicates the AICPA Blueprint Representative Task and Skill Level for each question. AUD.CSO.20190701: AUD.001.001.001
AICPA standard. The AICPA issued Statement of Position 81-1 which allows non-governmental entities to capitalize a percentage of completion for construction projects (AICPA 1981 ¶23). PHILOSOPHY OF THE BOARDS To understand the various differences in standards issued by the two accounting boards, one needs to
1 ORDERS: Call 919.402.4494 or 919.402.2158 Email mdouglass@aicpa.org or dworsley@aicpa.org Working together to shape the world’s future
Purpose of this guide The purpose of the AICPA Plain English Guide to Independence is to help you understand independence requirements under the AICPA Code of Professional Conduct (the code) and, if . What if I was formerly employed by an attest client or I was
AICPA Auditing Revenues Steering Task Force to assist auditors in auditing assertions about revenue. The AICPA Auditing Standards Board has found the descriptions of auditing standards, procedures, and practices in this Audit Guide to be consistent with existing standards covered by rule 202 of the AICPA Code of Professional Conduct.
The AICPA Audit and Accounting Manual has not been approved, disapproved, or otherwise acted upon by any senior technical committees of the AICPA or . for the departure and how the alternative procedures performed in the circumstances were sufficient to achieve the objectives of the requirement. The word should is used to indicate a .
The Insurance Expert Panel serves the needs of AICPA members on financial and business reporting and audit . General Expenses, and Deferred Acquisition Costs, of the AICPA Life & Health Insurance Entities Audit and Accounting Guide has been revised to include accounting information related to ASU No. 2010-26 and also to include two .
