< Back to Thought Leadership

SAS No. 136 and Employee Benefit Plans: What is a Reportable Finding?

SAS No. 136 and Employee Benefit Plans: What is a Reportable Finding?

Plan management and plan sponsor personnel have likely heard from their auditors about auditing standard changes impacting their ERISA (Employee Retirement Income Security Act of 1974) audits for the Plan year ending December 31, 2021.

These changes primarily result from the implementation of AICPA Statement on Auditing Standards (SAS) No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA (“SAS 136”), which is effective for periods ending on or after December 15, 2021.

Impacts that SAS No. 136 Has on Written Communication

SAS No. 136 introduces and reiterates certain responsibilities for both plan management and auditors.

One such auditor responsibility relates to the communication of reportable findings.

SAS No. 136 indicates reportable findings as one or more of the following:

  • an identified instance of noncompliance or suspected noncompliance with laws or regulations;
  • a finding that is significant and relevant to the oversight function of those charged with governance;
  • or other deficiencies in internal controls not already communicated that merit management’s attention.

Prior to the implementation of SAS No. 136, auditors were only required to present within written communications to those charged with governance the identification of certain findings representing significant deficiencies and material weaknesses.

Significant deficiencies and material weaknesses represent control deficiencies or combinations of control deficiencies. This determination is based upon the auditor judgment and consideration with a focus on these three key areas: severity, materiality, and potential impact.

Under definitions established by auditing standards, control deficiencies exist when the design or operation of a control does not allow management or employees, in the normal course of performing their assigned functions, to prevent or detect misstatements on a timely basis.

Common examples of control deficiencies in employee benefit plan audits relate to errors in application of plan provisions (i.e., eligibility, eligible compensation, contribution limits). Written communication of control deficiencies that do not rise to the level of a significant deficiency or material weakness has not been required under auditing standards.

Under SAS No.136, the auditor’s written communications continue to include communication of any significant deficiencies or material weaknesses but now also includes communication of reportable findings.

The identification and determination of reportable findings is based on auditor judgment and may include findings related to compliance with laws and regulations, plan provisions, oversight, or financial reporting.

While control deficiencies are not required to be included in written communication, unless elevating to a significant deficiency or material weakness, reportable findings do not have a significance threshold. Therefore, communications given by the auditor under SAS No. 136 may include reportable findings related to control deficiencies that previously may not have required written communication.

It is important to note that reportable findings are internal plan communications, and they do not typically appear within an auditor’s report. However, this does not diminish the importance of the reportable findings.

What Does All of This Mean for My Business?

Plan management and those charged with governance have important ERISA fiduciary roles in their plan oversight capacity, including responsibility for proper plan administration. As such, fiduciaries have responsibilities to consider and address any reportable findings or control matters, to ensure continued compliance with plan provisions and proper oversight.

If you would like to discuss any of the changes to your employee benefit plans as a result of the issuance of SAS No. 136 in more detail, feel free to contact Debora Herbert, Senior Manager at dherbert@blueandco.com or Abby McDonough, Manager at amcdonough@blueandco.com.

indiana sales tax

New Indiana Sales Tax Rule for Not-For-Profits – Sales Tax Collection & Filing Threshold Increased

By Cory Schunemann, CPA, Manager at Blue & Co. Indiana’s 2023 Senate Enrolled Act (SEA) 417 made another change to the sales tax collection requirements for not-for-profits after 2022’s SEA 382. Not-for-profits with taxable retail sales in excess of $100,000 in the current or prior year are now required to collect and remit sales tax. […]

Learn More
Clipboard with paper that reads Employee Retention Credit | IRS Orders Immediate Stop to New Employee Retention Credit Processing – What You Need to Know | What You Need to Know About ERC

IRS Orders Immediate Stop to New Employee Retention Credit Processing – What You Need to Know

By Amy Sandlin, CPA, Tax Senior Manager at Blue & Co. On Thursday, Sept. 14, the IRS announced a moratorium on processing of new Employee Retention Credit (“ERC”) claims through at least December 31, 2023. This decision is in response to a flood of questionable claims and trusted tax advisors expressing a slew of concerns […]

Learn More

Changes to Medicare Bad Debt and S-10 Template Effective this Month

The new Medicare Bad Debt template (Exhibit 2A) and S-10 template (Exhibit 3B and 3C) have been finalized by Medicare and are now required for cost reporting periods ending on or after September 30, 2023. This deadline is quickly approaching, and Blue & Co. wants to be sure you are prepared. If you are feeling […]

Learn More