Quick Links: Regulatory Links | Tools and Resources | Excerpts from past Audit Risk Alerts | Archived Center Live Forum Webinar
ERISA section 103(a)(3)(c) allows the plan administrator to instruct the auditor not to perform any auditing procedures with respect to investment information prepared and certified by a bank or similar institution or by an insurance carrier that is regulated, supervised, and subject to periodic examination by a state or federal agency who acts as trustee or custodian. The election is available, however, only if the trustee or custodian certifies both the accuracy and completeness of the information submitted.
The limited-scope audit exemption is implemented by 29 CFR 2520.103-8 of the DOL's Rules and Regulations for Reporting and Disclosure under ERISA. The limited-scope exemption does not exempt the plan from the requirement to have an audit. Guidance on the auditor's report and responsibilities for this type of limited-scope audit is provided in the AICPA Audit and Accounting Guide, Employee Benefit Plans.
The exemption applies only to the investment information certified by the qualified trustee or custodian, and does not extend to participant data, contributions, benefit payments or other information whether or not it is certified by the trustee or custodian. Thus, except for the investment related functions performed by the trustee/custodian, an auditor conducting a limited-scope audit would need to include in the scope of the audit functions performed by the plan sponsor or other third-party service organizations, such as third-party welfare plan claims administrators or third-party savings plan administrators, if circumstances necessitate. The nature and scope of testing will depend on a variety of factors including the nature of the functions being performed by the third-party service organization, whether a SOC 1 report that addresses areas other than investments is available, if deemed necessary, and, if so, the type of report and the related results.
Certifications that address only accuracy or completeness, but not both, do not comply with the Department of Labor's (DOL) regulation, and therefore are not adequate to allow plan administrators to limit the scope of the audit. This limited-scope audit provision does not apply to information about investments held by a broker/dealer or an investment company. In addition, if a limited-scope audit is to be performed on a plan funded under a master trust arrangement or other similar vehicle, separate individual plan certifications from the trustee or the custodian should be obtained for the allocation of the assets and the related income activity to the specific plan.
Tools and Resources
Documentation of the Auditor’s Evaluation of a Limited Scope Audit Certification
The tool is intended to assist members in documenting their evaluation of whether a certification provided by a qualified institution meets the requirements of Title 29 U.S. Code of Federal Regulations (CFR) Part 2520.103-8.
Common Deficiencies in Employee Benefit Plan Limited Scope Audit Certifications
This tool to is intended to help plan administrators understand their responsibilities for determining the acceptability of a limited scope certification; help auditors understand their responsibilities for determining whether a certification can be relied upon to limit the scope of the audit; and to help both plan administrators and auditors identify common deficiencies in limited scope certifications.
Primer on Limited Scope Audits of Employee Benefit Plans
The AICPA Employee Benefit Plan Audit Quality Center has prepared a primer to provide a general understanding of limited scope audits under ERISA section 103(a)(3)(C).
Limited Scope Decision Tree
Decision tree format for conditions that generally allow for limited-scope audits.
Excerpts from past Audit Risk Alerts
Excerpt from the Employee Benefit Plans Industry Developments - Audit Risk Alert - 2007
States that the trustee or custodian should certify to the fair value of the plan investments.
Excerpt from the Employee Benefit Plans Industry Developments - Audit Risk Alert - 2008
Discusses the auditor's responsibilities in regards to the investment information in a limited scope audit.
Archived Center Live Forum Webinar
In April 2009, the Center sponsored a webinar, Limited Scope Audits, Basics and Beyond. Presenters discussed the basic requirements of these audits and the issues in the current environment with these certifications.