Updated as of January2018
Firm PreparednessChecklist forEmployeeBenefitPlan Audits
ThischecklistwasdevelopedbytheAICPAEmployeeBenefitPlanAuditQualityCenterasa non-authoritativepracticeaidtoassistmemberfirmdesignatedERISAauditpartnersin assessingtheirfirm’spreparednessfortheERISAauditseasonandtoenhancethe qualityoftheirfirm’sERISAauditpractice.
ThischecklistaddressesgeneralfirmpreparednessissuesforERISAauditsincluding:
thefirm’squalitycontrolpoliciesandproceduresrelatedtotheERISAauditpractice;
inventoryandassessmentofthefirm’scurrentERISAauditclients;
clientreviewandriskanalysis;
reportingrequirementsanddeadlines;
staffing,trainingandschedulingrequirements;
audittoolsandresources;
considerationof commonauditdeficiencies;and
performingself-inspectionsofERISAaudits.
The EBPAQC tool, Performing Quality ERISA Employee Benefit Plan Audits: Firm Best Practices, assists auditors in identifying and implementing best practices for their firm’s ERISA employee benefit plan (EBP) audit practice, including establishing effective quality control policies and procedures, implementation tips, and links to useful tools and resources.
Planning / Yes / No / CommentsI.EstablishFirm’sERISAQualityControlPoliciesandProcedures
[EBPAQCfirmsarerequiredtoestablishpoliciesand proceduresspecifictothefirm’sERISAemployeebenefitplan auditpracticetocomplywiththeapplicableprofessional standardsandCentermembershiprequirements(alsoseethe relatedquestionsanswersonthemembership requirements].
A. Havefirm QCpoliciesandproceduresbeenupdatedand documentedtospecificallyaddressthe ERISAaudit practice?
B. Have the QC policies and procedures relative to the ERISAaudit practice been documented? [This may bedone by any one of the following methods]:
1. Revisethefirm’sQualityControldocument
2. Prepareanaddendumtothefirm’sQualityControlDocument
3. Revisethefirm’sAccountingandAuditingManual
4. Revisethefirm’sPoliciesandProceduresmanual
5. Otherdocumentationmethod.
C. HavetheQCpoliciesandproceduresrelativetotheERISA auditpracticebeenappropriatelycommunicatedtostaff? [Thismaybedonebyanyoneofthefollowingmethods]:
- CirculatetherevisedfirmPoliciesandProceduresManual(ortheaddendumtothe manual)
- Reviseemployeebenefitplansauditprograms
- Establishtrainingto informauditstaffofthefirm’spoliciesandprocedures
- Circulatea memoto informauditstaffofthefirm’spoliciesandprocedures
- Othercommunicationmethod.
II.Firm-wideInventoryof ERISAAudits
ToproperlyprepareandmanageERISAauditsitis helpfulto conducta firm-wideinventoryofplanclientsbyidentifyingthe numberandtypesof ERISAauditsthefirmwillperform.
A. Haveallofthefirm’sERISAauditsbeenidentified accordingtoplanstructure?
1.Single-employer
2.Multiemployer
3.Multiple-employer
4.MEWA
B. Haveallofthefirm’sERISAauditsbeenidentifiedaccordingtoplantype?
1.Pension
a.Definedcontribution
i.401(k)
-Non-public
-Form11-Kfilersii. 403(b)
ii. ESOP
b.Definedbenefit
2.Healthandwelfare
a.Defined contribution
b.Defined benefit
C. Hasadeterminationbeen madeastothescopeofeach planaudit(fullvs.limitedscopeaudit)?Haveallchanges inauditscopebeenidentified?
TheEBPAQCtoolERISA Audit Inventory and Staffing Scheduleassistsmembersin conducting a firm-wide inventory, as described above.
D. Haveallserviceprovidersforeachplanbeenidentified, includingtheneedtoobtaina SOC1®report?
E. RegardingSOC1reports:
- HasthetypeofSOC1report(i.e.-TypeIorTypeII)neededforeachplanbeenidentified?
- HasitbeendeterminedwhethereachSOC1 reportwillcovertheapplicableobjectives?
III.ClientReviewandRisk Analysis
Itis importanttoperformanannualclientacceptancereview andriskanalysisofnewandexistingplanclients.
A.Fornewengagements
- Hasaclientacceptanceformbeencompleted?
- Havetherisksassociatedwiththeacceptanceofthe newengagementbeenevaluated?
1. Havechangesattheclientthataffectrisk been evaluated?
2. Haveengagementsbeenclassifiedaccordingto risk?
C. Haveallprioryearauditreporting/opinionissuesbeen consideredforeachengagement?
1. Unmodifiedopinions
a.Noemphasis-of-matterorother-matter paragraph
b.Emphasis-of-matterparagraph
c.Other-matterparagraph
2. Qualifiedopinions
a.Goingconcern
b.Otherqualification
3. Disclaimersofopinion
a.Limitedscope
b.Other
4. Adverseopinions
D. Regardingindependenceissues:
1. Havenon-auditservicesprovidedbythefirmto planclientsbeenevaluatedforcompliancewith AICPAethicsandDOLindependence requirements?
2. Haveallotherindependenceissuesbeen considered,includingfamilyandfinancial relationships?
The EBPAQC Auditor Independence Resource Center includes tools to assist firms evaluate independence, including DOL and AICPA Independence Rule Comparison;Documentation of Review of AICPA Independence Requirements Where Nonattest Services Are Performed for an Employee Benefit Plan Audit Client, and Frequently Asked Questions: Application of the Independence Rules to Affiliates of Employee Benefit Plans
IV.ReportingRequirementsandDeadlines
A. Haveall ERISAauditrequirementsbeenidentifiedand evaluated?
B. Withregardto Form 5500:
1. HavetherequiredForm5500schedulesbeen
identified?
2. Havefilingdeadlinesbeenidentifiedand communicated?
C. Havecommonfinancialreportingdisclosureissuesbeen identified?[AICPA Employee Benefit Plans—Best Practices in Presentation and Disclosurecontainsillustrativedisclosuresfor financialstatementsofemployeebenefitplans]
D. Hasareportdisclosurechecklistbeenprepared?(AICPA offers Defined Contribution Retirement Plans: Checklists and Illustrative Financial Statements.)
E. HasoversightresponsibilityformeetingallfirmEBPaudit requirementsanddeadlinesbeenassigned?
V. StaffingandScheduling
A. Havemanager,supervisoryandin-chargeassignments beenmadeforeachengagement?
B. Haveassignedstaffbeenevaluatedtodetermine:
1.Appropriateresponsibilitiesforvariouslevels?
2.Abilitytoperformatassignedlevel?
TheEBPAQCtoolERISA Audit Inventory and Staffing Scheduleassistsmembersin staffing and scheduling ERISA audit engagements, as described above.
The AICPA Competency Framework: Employee Benefit Plan Auditing(the Framework) is designed to help CPAs understand the knowledge and skills necessary to perform high-quality EBP audits.
VI.TrainingCurriculumandFeedback
A. HasrecentERISAaudittrainingbeencompletedbystaff assignedtoplanaudits?
B. Haveupcomingtrainingneedsbeenconsideredand appropriatelymetateachof thefollowinglevels?
1. Newhire
2. Supervisory
3. Partner
C. Aretrainingevaluationsobtainedandreviewedforpossible improvementstotrainingopportunities?
The EBPAQC offers webinars to members (free with no CPE; paid with CPE) on various technical topics specific to employee benefit plan auditing. Click here to see a schedule of 2018 webinars.
VII.AuditToolsandResources
A.Doesthefirmhavethefollowingaudittoolsandresources?
Currenteditionof theAICPAAuditandAccounting Guide,EmployeeBenefitPlans
CurrentyearAICPAAuditRisk Alert,Employee
BenefitPlansIndustryDevelopments
Auditprogramsforplanning,fraudassessment andotherauditprogrampracticechecklists
AICPA Employee Benefit Plans—Best Practices in Presentation and Disclosure
AICPAUsinga SOC 1ReportinAuditsofEmployee BenefitPlans
CurrentAICPAStatementsonAuditingStandards
DC Plan Financialstatementdisclosurechecklist
StatementsonFinancialAccountingStandards; FASBInterpretations,TechnicalBulletins,
ConceptsStatements,FASBStaffPositions;EITF Consensus
AICPATechnical Questions and Answers
VIII.ConsiderationofCommonAuditDeficiencies
A. Inplanningeachengagementandpreparingaudit programs,havecommonERISAauditdeficienciesbeen considered,as identifiedby:
1. U.SDOLEBSA?[SeeEBPAQC CommonEBPAuditDeficienciesandPlanning Tool: Summary of Common EBP Audit Deficiencies, Audit Guidance and Resources]
2. AICPApeerreview?
3. Internalinspection?
X.Firm Self-Inspections
[EBPAQCfirmsarerequiredtoestablishannualinternal inspectionproceduresthatincludea reviewofthefirm’sERISA employeebenefitplanauditpractice-refertotheCenter membership requirementsandrelatedquestionsandanswerson annualinternalinspectionprocedures.]
See theEBPAQCtool, Annual Internal Inspections: A Key to EBP Audit Quality.
A. Withrespecttoself-inspections,havethefollowingissues beenconsidered:
1. Timing?
2. Planningandapproach?
3. Multi-officeissues?
4. Qualificationsoftheindividualsperformingtheself- inspections?
5. Scopeoftheinspectionsberepresentativeof the firm’sERISAemployeebenefitplanpractice[i.e.- consideringthenumberanddifferenttypesofplan audits(e.g.-definedbenefit,definedcontribution, healthandwelfare,multiemployer,ESOPs,limitedandfullscope)andthevariouslocationsatwhichthoseauditsareperformed?]
B. Hasqualifiedstaffbeenassignedtoperformthe inspections?
C. HasthefirmobtainedtheAICPA peer review supplemental checklist for employee benefit plan engagements(PRP Section20,700),or developeditsownchecklistforusein performingself-inspections?