The hurried changes made to employee benefit plans as a result of the coronavirus pandemic make thorough documentation an important tool for EBP auditors in the current environment.
Penalty-free withdrawals for plan participants, delays of 2019 contribution deadlines for plan sponsors, and required minimum distribution suspensions are examples of changes that have made EBP practices and audit considerations different from the past.
“As practitioners, we like to have a little bit more time to process things, and that wasn’t afforded,” Tiana Wynn, CPA, a partner at SB & Company LLC in Baltimore, said in reference to the EBP changes resulting from the Coronavirus Aid, Relief, and Economic Security (CARES) Act, P.L. 116-36.
“And I have some plan sponsors that would have liked to have more time to consider, ‘Are we going to implement these provision changes or are we not?’ I imagine many plan sponsors didn’t have ample time to evaluate the impact of the changes on their control environment. When you have things that are rushed into reality, we’re going to find hiccups. We’re going to find bumps.”
Amid these changes, documentation is the surest way for practitioners to deliver quality services that internal reviewers or regulators will be able to completely understand. Wynn will co-present a session on documentation best practices next month at the AICPA & CIMA Employee Benefit Plans Online Conference. The conference will be held May 3–5, with complimentary preconference sessions scheduled for April 28.
A foundational practice
Thorough documentation, of course, is a foundational practice in auditing. Auditing standards generally accepted in the United States explain that proper documentation assists in the planning, performance, and supervision of an audit and enables the engagement team to show that it is accountable for its work.
And many practitioners have been urged often by a supervisor to document, document, document.
Anne Morris, CPA, who will co-present with Wynn at the EBP conference, said proper documentation provides a step-by-step description that can be followed by internal reviewers or regulators as they retrace the processes and actions taken during the audit.
“It’s better to overdocument than to underdocument, and to write as much as you possibly can, and [that way] you kind of cover all your bases,” said Morris, an audit principal at Windham Brannon in Atlanta.
Documentation also provides evidence that the practitioner completely understands the standards, can describe the purpose for any procedure, and can demonstrate the appropriateness of the nature, timing, and extent of any testing, Wynn said.
“One of the things that we learn early on as practitioners is that if it’s not documented, it wasn’t done,” she said. “So that has really rung true for me. If you’ve completed it, take credit for it by getting it into the work papers so that your opinion and the procedures can be validated by that documentation and stand up to any reviews.”
Documentation best practices
In any EBP audit, documentation demonstrates an understanding of the entity and the plan, with descriptions of the type of plan, the plan’s design, who’s covered, who’s not covered, and any special requirements that the auditor needed to keep in mind throughout the engagement.
Documentation also generally describes the risk assessment for both processes and key accounts, as well as the audit procedures that were done to obtain reasonable assurance that those risks have been mitigated.
Morris’s tips for successful documentation include:
- Be specific. Don’t write that you pulled the distribution report. Write, for example, that you pulled the Fidelity R25 check register. Don’t write that you talked to John to get an answer to your question. Write that you spoke with Jane Doe, the human resources director, on April 12, and report what she said.
- Document the purpose, procedure, and conclusion of each test. “I should be able to retrace and retest any work paper with all the supporting documentation and be able to look at the same things they did and come to the same conclusion,” Morris said.
- Do away with “N/A” on an audit program. Same goes for “None,” and “Not considered necessary.” Explain why it was not applicable or not necessary. For example, if a step regarding employer contributions to a plan wasn’t necessary because the employer doesn’t match contributions, explain that in the work paper.
- Make sure each work paper can stand on its own. “If someone were just to find that one work paper they could figure out every test that you did and who you talked to, and what you looked at,” Morris said.
As a result of the pandemic, there are several new issues for auditors to consider and document. Internal control changes resulting from a rise in remote work should be examined for gaps and described in work papers. Auditors will have to make sure they get the latest copy of every plan amendment that was made, whether as a result of the pandemic or not, and record the content of the amendment documents and how they were acquired.
Auditors may have process memos in their files indicating which employees of the plan are responsible for specific activities related to the plan. Those process memos will need to be reviewed carefully to see where responsibilities changed and whether any important matters have fallen through the cracks.
“I anticipate us from a documentation standpoint having some changes in our memos just specifically for 2020,” Morris said. “If there are no memo changes, then I will be a little suspect on that, because most people are at home and they have shifted to different roles or at least different ways of doing their job and their day-to-day tasks.”
Practitioners will have to keep in mind an auditing standards change specific to EBP audits that takes effect for 2021 calendar year-end financial statements. Statement on Auditing Standards No. 136, Forming an Opinion and Reporting on Financial Statements of Employee Benefit Plans Subject to ERISA, as amended, prescribes new performance requirements for auditors and changes the form and content of the auditor’s report.
The standard addresses requirements for foundational issues such as engagement acceptance, risk assessment, and communication with those charged with governance that will need to continue to be thoroughly documented.
“SAS No. 136 may have practitioners reconsidering certain performance requirements on ERISA audits, including considerations of relevant plan provisions and how they impact our risk assessments, and whether we have obtained all of the plan documents, adoption agreements, and amendments from management,” Wynn said. “And the only way to successfully complete these engagements is to ensure proper documentation.”
Wynn emphasized the importance of documenting any resources or articles used to arrive at a judgment, so that it will be easy to understand how a conclusion was reached. If a conversation at the water cooler leads to someone sending an important citation that you use, that should be documented.
“You want to remember, ‘How did I get there again?’” she said. “And you can say, ‘I pulled these standards, and we reviewed these articles.’ … Really just being able to document that so if someone comes behind, while they may not agree with the judgment that you took, they can understand how you got there.”
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is the JofA’s editorial director.