Assessing SAS 134-140: How Did It Go?

Andrea Wright, CPA Partner, Johnson Lambert LLP
Trends in Accounting, Auditing, and Consulting

As auditors prepare for another busy season and three new, significant statements of auditing standards (SAS 143-145) for periods ending on or after Dec. 15, 2023, it’s a good time to reflect on the previous suite of standards and offer some post-implementation reminders.

As you may recall, SAS 134-140 became effective for audits of financial statements for periods ending on or after Dec. 15, 2021. The most visible changes were to the auditor’s report required by SAS 134 and 136. Here’s an overview on both:

SAS 134

SAS 134 changed the layout and the content of the auditor’s report to more closely align with the Public Company Accounting Oversight Board and the International Auditing and Assurance Accounting Standards Board. It required the content to be presented in the following sequence:

1. Opinion.
2. Basis for opinion.
3. Key audit matter (optional).
4. Responsibilities of management for the financial statements.
5. Auditor’s responsibilities for the audit of financial statements.

As noted above, reporting key audit matters (KAMs) is optional; they’re only required when those charged with governance have engaged the auditor for the information. Notably, the determination of KAMs is a matter of professional judgment, and therefore, the reporting of KAMs will vary between entities—even within the same industry—as well as from period to period for the same entity.

In determining which matter(s) to report on when engaged by governance to report, the auditor should evaluate matters that required significant attention during the audit. These matters include:

• Areas of high-assessed risk of material misstatement.
• Significant risks.
• Areas requiring significant auditor judgment.
• The impact of significant transactions and/or events.

Lastly, an item reported as a KAM shouldn’t be included as an emphasis-of-matter paragraph or other paragraph in the auditor’s report.

OTHER INFORMATION IN ANNUAL REPORTS AND THE AUDITOR’S RESPONSIBILITY

Many organizations issue annual reports that include “other information,” which is defined as financial and non-financial information other than financial statements and the auditor’s report. When other information is included in an annual report, and the annual report is available before the auditor’s report is issued, the auditor’s report is required to include an “other information” section. This section is required to detail the responsibilities of both management and the auditor regarding other information included in the annual report and a statement that the auditor’s opinion doesn’t cover the other information.

Notably, SAS 134 defines “annual report” and provides examples of reports that don’t meet the definition, such as IRS Form 990 and Form 5500.

SAS 136

SAS 136 applies to audits of employee benefit plans that are subject to the Employee Retirement Income Security Act of 1974 (ERISA). This standard changed:

• The form and content of the auditor’s report, including when management elects to have an audit performed pursuant to ERISA Section 103(a)(3)(c)—the audit formerly known as “limited scope.”
• Conforming modifications to the engagement letter, communications to those charged with governance, and management’s representation letter.
• Procedures related to audit risk assessment and response.
• Considerations related to filing Form 5500.

The most significant change brought on by SAS 136 was to the auditor’s opinion, particularly when management has elected to have auditors exclude testing of certain investment information that’s prepared and certified by a qualified institution (as described in 29 CFR 2520.103-8). This election no longer constitutes a scope limitation, and as a result, the disclaimer of opinion paragraph is eliminated.

Of course, the objective of SAS 136 was to provide more transparency to users of employee benefit plan financial statements. As such, the audit opinion of an ERISA Section 103(a)(c)(3) audit now includes information on the procedures performed on both certified and non-certified information.

Appendix A of the AICPA’s “Audit and Accounting Guide: Employee Benefit Plans,” provides illustrative examples of the auditor’s report. When management has elected the ERISA Section 103(a)(3)(c) option, the content of the auditor’s report should be presented in the following sequence:

1. Scope and nature of the ERISA Section 103(a)(3)(c) audit.
2. Opinion.
3. Basis for opinion.
4. Responsibilities of management for the financial statements.
5. Auditor’s responsibility for the audit of financial statements.
6. Other matters, such as a supplemental schedule required by ERISA.

As you can see, the changes brought on by SAS 134 and 136 were significant—both to the report and required communications. Therefore, it would be wise for auditors to take a post-implementation assessment of these changes before tackling the latest suite of standards to ensure they’re remaining compliant.

Related Content:

• SAS 134-140: A Review of Upcoming Audit Changes: As the effective date of SAS 134-140 arrives, auditors should prepare for the biggest changes to the audit process and auditor’s report.
• What Happens When Audit Meets AI? New research on artificial intelligence in audit examines the impact when human auditors trust—or don’t trust—the machines.