ERISA section 103(a)(3)(c) allows the plan administrator to instruct the auditor not to perform any auditing procedures with respect to investment information prepared and certified by a bank or similar institution or by an insurance carrier that is regulated, supervised, and subject to periodic examination by a state or federal agency who acts as trustee or custodian. The election is available, however, only if the trustee or custodian certifies both the accuracy and completeness of the information submitted.
The limited-scope audit exemption is implemented by 29 CFR 2520.103-8 of the DOL's Rules and Regulations for Reporting and Disclosure under ERISA. The limited-scope exemption does not exempt the plan from the requirement to have an audit. Guidance on the auditor's report and responsibilities for this type of limited-scope audit is provided in the AICPA Audit and Accounting Guide, Employee Benefit Plans.
The exemption applies only to the investment information certified by the qualified trustee or custodian, and does not extend to participant data, contributions, benefit payments or other information whether or not it is certified by the trustee or custodian. Thus, except for the investment related functions performed by the trustee/custodian, an auditor conducting a limited-scope audit would need to include in the scope of the audit functions performed by the plan sponsor or other third-party service organizations, such as third-party welfare plan claims administrators or third-party savings plan administrators, if circumstances necessitate. The nature and scope of testing will depend on a variety of factors including the nature of the functions being performed by the third-party service organization, whether a SOC 1 report that addresses areas other than investments is available, if deemed necessary, and, if so, the type of report and the related results.
Certifications that address only accuracy or completeness, but not both, do not comply with the Department of Labor's (DOL) regulation, and therefore are not adequate to allow plan administrators to limit the scope of the audit. This limited-scope audit provision does not apply to information about investments held by a broker/dealer or an investment company. In addition, if a limited-scope audit is to be performed on a plan funded under a master trust arrangement or other similar vehicle, separate individual plan certifications from the trustee or the custodian should be obtained for the allocation of the assets and the related income activity to the specific plan.
- DOL regulations in section 29 CFR 2520.103-5 - Transmittal and certification of information to plan administrator for annual reporting purposes - Defines which institutions can qualify for a limited scope exemption, what information the custodian/trustee needs t o certify, and the required wording of the certification.
- DOL regulations in section 29 CFR 2520.103-8 – Limitation on Scope of Accountant's Examination - Authorizes auditors to forego audit procedures on information obtained by a qualifying institution when requested by the plan administrator.
- DOL Advisory Opinion to Mr. Richard Bentley, Paine Webber Inc., dated August 3, 1993 - Clarifies definition of an institution qualified to issue a certification.
- DOL Information Letter to Mr. Richard Steinberg, Chair, AICPA Employee Benefit Plans Expert Panel, dated May 17, 2002 - Provides guidance on authorized relationships with institutions qualified to sign certification letters.
Tools and Resources
Documentation of the Auditor’s Evaluation of a Limited Scope Audit Certification
The tool is intended to assist members in documenting their evaluation of whether a certification provided by a qualified institution meets the requirements of Title 29 U.S. Code of Federal Regulations (CFR) Part 2520.103-8.
Common Deficiencies in Employee Benefit Plan Limited Scope Audit Certifications
This tool to is intended to help plan administrators understand their responsibilities for determining the acceptability of a limited scope certification; help auditors understand their responsibilities for determining whether a certification can be relied upon to limit the scope of the audit; and to help both plan administrators and auditors identify common deficiencies in limited scope certifications.
Plan Advisory on Limited Scope Audits of Employee Benefit Plans
This plan advisory may be used to help you educate your plan clients about the limited scope audit.
Primer on Limited Scope Audits of Employee Benefit Plans
The AICPA Employee Benefit Plan Audit Quality Center has prepared a primer to provide a general understanding of limited scope audits under ERISA section 103(a)(3)(C).
Limited Scope Decision Tree
Decision tree format for conditions that generally allow for limited-scope audits.