New Audit Standard for Employee Benefit Plans Casts Bright Light on Role of Fiduciary

As a new auditing standard become effective this year for most employee benefit plans, individuals charged with managing and administering plans should be aware of their responsibilities as plan fiduciaries.

The Statement on Accounting Standards (SAS) 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, became effective this year for plans with a calendar year-end. The new standard is intended to bring clarity to the responsibilities of both plan sponsors and auditors, and to convey that information in a more transparent manner.

SAS 136 also ratchets up guidance as to the general oversight of employee benefit plans, affirming the message that plan sponsors and plan auditors have one central responsibility: to protect the interests of plan participants. Safeguarding the money that participants contribute to their retirement plans and ensuring the plan is operating in compliance with regulations and plan provisions is of primary importance.

This means, in part, that plan sponsors should not take lightly their roles as plan fiduciaries.

Role of Fiduciary

Under the Employee Retirement Income Security Act of 1974 (ERISA), an ERISA fiduciary is anyone who exercises discretionary authority over a plan or assets, or who provides investment advice to a plan or plan participants.

In larger companies, the fiduciary role may be shared by several people who oversee, administer and/or serve on an internal employee benefit plan committee. In smaller companies, the role of fiduciary may fall to only one person.

Regardless of the number of fiduciaries serving a plan, legally and ethically, the role of a fiduciary has two broad responsibilities: a duty of loyalty and a duty of care.

Duty of Loyalty

A duty of loyalty requires the fiduciary to act in the best interests of plan participants. This means, among other things, they can’t just consider what may benefit a select group of employees in their decision-making, and there can be no self-dealing.

For example: A fiduciary has a family member who is an investment advisor, and the fiduciary selects that relative as the investment advisor for the company’s 401(k) plan. This involves accepting a higher fee share class of investments to allow the family member to earn more commission on the investment. This would be a violation of fiduciary duty since the action would be to directly benefit the fiduciary’s relative but would disadvantage plan participants because of the knowingly higher fees.

Likewise, a company owner who secures more favorable banking terms for the company because the 401(k) plan assets are transferred to the custody of the bank would not be embracing a duty of loyalty as a fiduciary.

Anything that allows for self-dealing, preferring the interests of a third party (including the plan sponsor) over those of the participants, or is intentionally misleading to participants, is deemed a breach of fiduciary responsibility and of the duty of loyalty.

Duty of Care

The second area of responsibility – the duty of care – speaks to the acceptance of responsibility for managing and guiding the employee benefit plan. In short, it means not shirking responsibility.
A good example is the hiring of outside service providers to help manage the plan, such as third-party administrators (TPAs), recordkeepers and custodians. Some plan sponsors believe once they hire those providers, they’re done. But your responsibility doesn’t stop there. You must make sure the provider is reputable, abides by all regulations, follows the rules of your contract and charges fees that are appropriate to the services provided.

Duty of care also means understanding all facets of the plan and making sure things that should be happening with the plan are happening, such as regulatory filings and timely deposits of participants’ contributions, among other things.

Understanding and abiding by the plan documents is a critical part of a fiduciary’s responsibility. That can be challenging. If a plan participant confides that he’s having trouble paying his mortgage and wants to withdraw money from his 401(k) plan, but he hasn’t incurred an allowable distributable event, in accordance with plan guidelines, the distribution cannot be made no matter how much you may want to help.

This example points to another key role of the fiduciary – to constantly monitor the changing needs of the organization’s workforce and consider necessary changes in benefits and rules that will make the plan more responsive to participants. Generally, by law, all plans must be restated every so many years,; however, in the interim, plans may be amended as plan sponsors add new features or adopt changes resulting from regulatory updates.

One key area for fiduciaries to monitor is the fees that outside providers charge. Fees have long been controversial in the employee benefit plan arena because they are often difficult to ascertain. Some fees are netted against earnings in a plan, so they are difficult to calculate. Having an outside independent party provide a fee benchmarking report every few years can help ensure you are executing your fiduciary duty in this area.

Back to SAS 136

Employee benefit plan audits and reporting will be significantly different this year as SAS 136 takes effect.
Communications with management and those charged with governance will be more substantial, and the auditor’s report will be more comprehensive and clearly stated.

Perhaps most notably for organizations that typically engage auditors to perform a “limited scope” audit, auditors will no longer issue a disclaimer of opinion of the financial statements, resulting from the investment-related testing they forego under such an audit. Instead, they will provide a two-pronged opinion clearly stating that the financial statements are presented fairly and that limiting the investment-related testing has been the proper assessment by management.

Generally, auditors’ reports under SAS 136 are meant to clearly:

  • Explain management’s responsibilities with respect to the financial statements.
  • Disclose the auditor’s responsibilities with respect to the audit and the supplemental schedules.
  • Whether for ERISA Section 103(a)(3)(C) audits (formerly known as “limited scope” audits) or a non-103 audit (formerly known as a full scope audit), explain the nature and scope of the audit.

For plan sponsors, the certification required from a plan custodian to perform limited audit procedures historically was obtained by the auditors, then in conjunction with the plan sponsor, the determination was made that they were eligible to have this “limited scope” type of plan audit conducted. Under SAS 136, this certification must be obtained by the plan sponsor and be accompanied by an assessment made by management that the plan is eligible for a 103(a)(3)(C) audit. This is part of the goal under SAS 136 of clearly delineating the responsibilities of plan sponsors. It places responsibility on management to take the initiative and to demonstrate the greater role in the process, as documentation that they have taken on that responsibility must now be in writing.

Essentially, the intent of SAS 136 is to leave nothing to chance. It shines light on many parts of the employee benefit plan audit process that have been murky in the past. For plan sponsors and company management – those who are charged with fiduciary duty – the best course of action is to look for service providers who will help you navigate the plan, the regulations and your employees’ changing needs.
If you would like to start a conversation about complying with the new audit and reporting standard for employee benefit plans, contact your Rea advisor.

By Darlene Finzer, CPA, CSA, QKA (New Philadelphia office)