New Auditing Standard Highlights Plan Fiduciary Responsibilities
Plan managers and administrators must understand their fiduciary responsibilities as a new auditing standard takes effect this year for most employee benefit plans.
The Statement on Auditing Standards (SAS) 136 became effective this year for plans with calendar year-ends. This standard clarifies responsibilities for both plan sponsors and auditors. It also promotes more transparent communication.
Enhanced Oversight Requirements
SAS 136 strengthens guidance for employee benefit plan oversight. The standard reinforces a central message: plan sponsors and auditors must protect participant interests above all else. This means safeguarding participant contributions and ensuring plan compliance with regulations and provisions.
Plan sponsors must take their fiduciary roles seriously.
Understanding Fiduciary Duties
Who Qualifies as a Fiduciary
The Employee Retirement Income Security Act (ERISA) defines a fiduciary as anyone who:
- Exercises discretionary authority over a plan or its assets
- Provides investment advice to a plan or participants
Larger companies often share fiduciary roles among several people. These individuals may oversee administration or serve on employee benefit plan committees. Smaller companies may assign the fiduciary role to one person.
Two Core Responsibilities
All fiduciaries have two fundamental duties: loyalty and care.
Duty of Loyalty
Fiduciaries must act in participants’ best interests. They cannot favor select employee groups in their decisions. Self-dealing is strictly prohibited.
Examples of Loyalty Violations
Investment Advisor Conflict: A fiduciary selects a family member as the plan’s investment advisor. The fiduciary accepts higher-fee investments to increase the relative’s commission. This violates fiduciary duty because it benefits the family member while harming participants through higher fees.
Banking Arrangement Conflict: A company owner transfers plan assets to a bank’s custody to secure favorable banking terms for the company. This prioritizes the sponsor’s interests over participants’ interests.
Any action involving self-dealing, preferring third-party interests over participants, or misleading participants breaches fiduciary responsibility.
Duty of Care
The duty of care requires fiduciaries to accept full responsibility for managing the employee benefit plan. This means actively overseeing all plan aspects.
Service Provider Oversight
Many plan sponsors hire outside service providers like third-party administrators, recordkeepers, and custodians. Hiring these providers doesn’t end fiduciary responsibility. Sponsors must ensure providers:
- Maintain good reputations
- Follow all regulations
- Honor contract terms
- Charge appropriate fees for services
Ongoing Plan Management
Fiduciaries must understand all plan facets. They must ensure proper plan operations, including:
- Timely regulatory filings
- Prompt deposit of participant contributions
- Compliance with plan documents
Plan Document Compliance
Understanding and following plan documents is crucial. This can create difficult situations. For example, a participant facing mortgage troubles may request a 401(k) withdrawal. If the participant hasn’t experienced an allowable distributable event, the fiduciary cannot approve the withdrawal, regardless of personal sympathy.
Adapting to Workforce Needs
Fiduciaries must monitor their organization’s changing workforce needs. They should consider benefit changes and rule updates that better serve participants. While laws require plan restatements every few years, sponsors can amend plans between restatements to add features or implement regulatory changes.
Fee Monitoring
Fiduciaries must actively monitor provider fees. Employee benefit plan fees have long been controversial because they’re often hard to identify. Some fees reduce plan earnings, making calculations difficult. Independent fee benchmarking reports every few years help fiduciaries fulfill this duty.
SAS 136 Changes
Enhanced Reporting
Employee benefit plan audits and reporting change significantly under SAS 136. Auditor communications with management become more substantial. Auditor reports become more comprehensive and clearly stated.
Limited Scope Audit Changes
Organizations that typically use “limited scope” audits face notable changes. Auditors no longer issue disclaimer opinions on financial statements when they skip investment-related testing. Instead, they provide two-part opinions:
- Financial statements present information fairly
- Management properly assessed the decision to limit investment-related testing
Clear Responsibility Delineation
SAS 136 auditor reports clearly:
- Explain management’s financial statement responsibilities
- Disclose auditor responsibilities for audits and supplemental schedules
- Describe audit nature and scope for both Section 103(a)(3)(C) audits (formerly “limited scope”) and non-103 audits (formerly “full scope”)
New Plan Sponsor Requirements
Previously, auditors obtained custodian certifications needed for limited audit procedures. Plan sponsors and auditors then determined audit eligibility together.
Under SAS 136, plan sponsors must:
- Obtain custodian certifications directly
- Provide written management assessments confirming plan eligibility for 103(a)(3)(C) audits
This change emphasizes plan sponsor responsibilities. It requires management to take initiative and demonstrate their active role through written documentation.
Moving Forward
SAS 136 eliminates ambiguity from the employee benefit plan audit process. It clarifies many previously unclear aspects.
For plan sponsors and company management with fiduciary duties, the best approach involves finding service providers who help navigate:
- Plan requirements
- Regulatory compliance
- Employee needs
If you would like to start a conversation about complying with the new audit and reporting standard for employee benefit plans, contact your Rea advisor.
By Darlene Finzer, CPA, CSA, QKA (New Philadelphia office)
