Management’s New Responsibilities for Certifications Used in Plan Audits

February 21, 2022

Before this year, your plan auditor might have requested a certification or an audit package from you and that was it. Maybe they pulled that information down themselves if they had auditor access to your third-party provider’s website and you were not even involved. The auditor would have reviewed the certification to ensure it could be used for a limited scope audit (an audit where the auditor does not perform procedures on investment balances or related earnings/losses because a qualified institution certified that the information is complete and accurate).

But now, effective with your calendar year-end audit for 2021, there are big changes for management. A limited scope audit is now called a 103(a)(3)(c) audit, and it is management’s responsibility to obtain and review that certification to ensure the auditor can use it. The first step is to obtain the certification, which you can typically find on your third party’s website or by requesting it from your customer service representative. You can ask the auditor how they found the certification for the prior year audit. Once you have it in hand, here’s what you need to look for:

  1. It includes your plan name and the correct period and plan year end date.
  2. It came from a qualified institution such as a bank, insurance company, or trust company –often they will include the type of institution in their name (for example – Fidelity Management Trust Company, Principal Life Insurance Company, or TD Bank)
  3. It is signed by an authorized representative. A good indication of such authority would be if their title was a high-level position or it actually notes the individual is the authorized signatory.
  4. It includes a statement that the information is complete AND accurate (it needs to have these exact words).
  5. There is nothing that indicates something unusual or that the information is not accurate and complete.
  6. All investment information is appropriately measured. This is the most difficult step and might require reviewing other information that your third-party provider provides in the audit package. Typically, there is an informational sheet or audit reference guide to explain how investments are valued, which is typically at fair value, net asset value or contract value depending on the type of investment.

In addition to signing the engagement letter for your 103(a)(3)(c) audit this year, your auditor might require that you sign or approve something where you attest the certification is appropriate and enables you to elect the ERISA 103(a)(3)(c) audit, which you can now do if you followed the criteria above.