AU-C 703: Auditing ERISA Employee Benefit Plans

AU-C 703 is the standard that governs how auditors form an opinion and report on the financial statements of employee benefit plans subject to the Employee Retirement Income Security Act of 1974 (ERISA). Its purpose is to establish a dedicated framework that addresses the unique circumstances and regulatory requirements associated with auditing pension, 401(k), and other employee benefit plans.

The applicability of AU-C 703 extends to audits of single-employer, multiple-employer, and multiemployer plans. The standard recognizes the distinct environment of ERISA plans, which involves both financial accounting principles and compliance with regulations from the Department of Labor (DOL). This requires a tailored approach to performance and reporting.

Auditor Objectives and Responsibilities

The auditor’s primary responsibility in an ERISA plan audit is to obtain reasonable assurance about whether the plan’s financial statements are free from material misstatement. This allows the auditor to express an opinion on whether the financial statements are presented fairly in accordance with the applicable financial reporting framework.

A distinct responsibility under AU-C 703 involves the ERISA-required supplemental schedules, which are filed with the plan’s annual report on Form 5500. The auditor must evaluate whether this supplemental information is fairly stated, in all material respects, in relation to the financial statements as a whole.

The auditor has a significant reporting responsibility specific to the ERISA environment. The report must clearly communicate findings on both the financial statements and the supplemental schedules. This includes reporting any instances of noncompliance with laws and regulations that could have a direct and material effect on the financial statements.

These responsibilities require performing specific procedures unique to ERISA plans, including risk assessment related to the plan instrument, its tax status, and the potential for prohibited transactions under ERISA rules. The auditor must then design and implement responses to any identified risks.

The ERISA Section 103(a)(3)(C) Audit

A unique feature of ERISA plan audits is the option for plan management to elect an audit under ERISA Section 103(a)(3)(C). This engagement, formerly called a “limited-scope audit,” is a specific audit scope prescribed by the Department of Labor. It is available when a plan’s investment assets are held by a qualified institution that certifies the accuracy and completeness of the investment information.

This audit is a permissible scope under DOL regulations, not a scope limitation imposed by management. When this audit is elected, the auditor does not perform substantive procedures on the certified investment information. This means the auditor will not test the existence, ownership, or valuation of the investments covered by the certification.

Even with this exclusion, the auditor’s responsibilities remain substantial. The auditor must still audit all other areas of the financial statements, including participant data, contributions, benefit payments, and administrative expenses. The auditor also has a responsibility to ensure the certified investment information agrees with the certification.

Plan management must affirm its responsibility for determining that the certifying entity is a qualified institution and that the certification meets all requirements. The auditor is required to inquire about management’s process for making this determination as part of the engagement acceptance.

Required Information for an ERISA Section 103(a)(3)(C) Audit

For an ERISA Section 103(a)(3)(C) audit to be permissible, the plan’s assets must be held by a qualified institution. The Department of Labor defines a qualified institution as a bank, trust company, or similar institution, or an insurance carrier. These entities must be regulated, supervised, and subject to periodic examination by a state or federal agency.

The certification provided by the qualified institution is a key document. To be sufficient, it must attest to both the accuracy and completeness of the information being submitted. This means the institution asserts that the financial details provided, such as the value of investments, are correct and that the list of assets is complete. The certification must be signed by an authorized representative.

Plan management is tasked with obtaining this certification and providing it to the auditor. Management must also acknowledge in writing its responsibility for ensuring the certified information is appropriately measured, presented, and disclosed within the financial statements.

Forming the Opinion and Structuring the Report

The auditor’s report for an ERISA Section 103(a)(3)(C) audit has a unique structure mandated by AU-C 703. The report must clearly explain that the audit was conducted under a scope permitted by DOL regulations, which differs from a standard audit.

A modification appears in the “Basis for Opinion” section of the report. This section describes the nature of the ERISA Section 103(a)(3)(C) audit. It explains that the auditor did not perform procedures on the investment information certified by the qualified institution, except for comparing that information to the certification itself.

The most distinctive feature is the two-pronged opinion paragraph. The first part of the opinion addresses the investment information that was not audited. For this information, the auditor disclaims an opinion, stating that no opinion is expressed on the amounts and disclosures related to the certified investments.

The second part of the opinion provides a conclusion on the information that was subject to audit procedures. The auditor provides an opinion on whether the amounts and disclosures in the financial statements—other than those covered by the certification—are presented fairly. It also provides an opinion on whether the certified investment information presented in the financial statements agrees with or is derived from the certification.