Nonprofit Accounting Basics

Updated Management Responsibilities Under SAS 136 (for Retirement Plans)


The implementation of SAS 136 is finally here. After being delayed an additional year during the pandemic, this new standard represents the first significant change to retirement plan audits in the past several years. For organizations subject to an audit of their retirement plan, below are several changes that management is required to adopt for the 2021 plan year audit.

Key Changes

  • The engagement acceptance process will require more understanding and attestation information from management.
  • The auditor will perform amended risk assessment procedures related to the plan instrument, tax status, and prohibited transactions.
  • Written communications of additional matters (reportable findings) to those charged with plan governance are required.
  • The auditor will perform certain additional audit procedures unique to ERISA plans.
  • The auditor will issue a new form of the “Independent Auditor’s Report”.
  • The auditor will be required to obtain a substantially complete draft form 5500 prior to issuance of the audit report.

Plan Management Impacts

While most items will impact your audit team, there are also several provisions that the AICPA provides as “key changes that plan management should know”.

  1. Before the auditor can accept the audit, management will have to attest (in writing) its understanding of responsibilities for the following:
    • Maintaining a current plan instrument (plan document, adoption agreement, etc.) including all amendments,
    • Administering the plan including ensuring transactions comply with plan provisions and maintaining records to support those transaction, and
    • When Management elects an ERISA 103(a)(3)(c), management must document:
      • An ERISA Section 103(a)(3)(c) is permissible,
      • Investment information is prepared and certified by a qualified institution as described in the guidance,
      • Certification meets the requirements under the guidance, and
      • Certified investment information is appropriately measured, presented, and disclosed in accordance with the financial reporting framework.
  1. Management provides information on how the ERISA 103(a)(3)(c) evaluation was made.
  2. Management provides a substantially complete draft of the 5500 to the auditor before the dating of the audit report.


For more information about the new audit standard, review the AICPA’s Employee Benefit Plan Audit Quality Center’s Plan Advisory.