5.65 AU section 314 paragraph .102 states that the auditor should identify and assess the risks of material misstatement at the financial statement level and at the relevant assertion level related to classes of transactions, account balances, and disclosures. For this purpose, the auditor should
a. identify risks throughout the process of obtaining an understanding of the plan and its environment, including relevant controls (for example, controls at the plan sponsor and outside service provider) that relate to the risks, and considering the classes of transactions, account balances, and disclosures in the financial statements.
b. relate the identified risks to what could go wrong at the relevant assertion level.
c. consider whether the risks are of a magnitude that could result in a material misstatement of the financial statements.
d. consider the likelihood that the risks could result in a material misstatement of the financial statements.
5.66 Reading and gaining an understanding of a SAS No. 70 report from an outside service provider may help the auditor to assess the risks of material misstatement and to design further audit procedures to respond to risks.
5.67 The auditor should use information gathered by performing risk as-sessment procedures, including the audit evidence obtained in evaluating the
P1: KVU
ACPA132-05 ACPA132.cls April 10, 2010 0:32
126
Employee Benefit Plansdesign of controls and determining whether they have been implemented, as audit evidence to support the risk assessment. The auditor should use the as-sessment of the risks of material misstatement at the relevant assertion level as the basis to determine the nature, timing, and extent of further audit proce-dures to be performed.
Identification of Significant Risks
5.68 As part of the assessment of the risks of material misstatement, the auditor should determine which of the risks identified are, in the auditor's judg-ment, risks that require special audit consideration (such risks are defined as significant risks). The determination of significant risks, which arise on most audits, is a matter for the auditor's professional judgment. In exercising this judgment, the auditor should consider inherent risk to determine whether the nature of the risk, the likely magnitude of the potential misstatement including the possibility that the risk may give rise to multiple misstatements, and the likelihood of the risk occurring are such that they require special audit consid-eration. Risks for employee benefit plan audits include the following risks:
r
For all plans:— Hard-to-value investments (that is, securities that do not have a readily determinable market value for which es-timates are based on unobservable inputs that are not corroborated by observable market data) are not valued at fair value.
— The disclosure of the basis for valuation of hard-to-value investments (that is, securities that do not have a read-ily determinable market value for which estimates are based on unobservable inputs that are not corroborated by observable market data) is not sufficient.
— Investments that use net asset value (NAV) (or its equiv-alent) as a practical expedient to estimate fair value and NAV (or its equivalent) is not as of the plan's reporting date or NAV (or its equivalent) is not calculated in a man-ner consistent with the measurement principles of Fi-nancial Accounting Standards Board (FASB) Accounting Standards Codification (ASC) 946, Financial Services—
Investment Companies.
— New accounting guidance is not presented and disclosed in accordance with GAAP.
— Derivatives are not accounted for or disclosed in accor-dance with GAAP.
— Securities lending is not presented or disclosed in accor-dance with GAAP.
— In plans which receive a transfer of assets from another plan, that the transfer of assets is not complete.
— Significant transactions are processed by an outside ser-vice provider and no SAS No. 70 report is available.
— Significant transactions are processed by an outside ser-vice provider and the SAS No. 70 report has qualifica-tions, exceptions or carve-outs.
r
For defined contribution plans:— Employee and employer contributions are incorrect due to the use of a definition of compensation different than specified in the plan document.
— Employee contributions are not remitted to the trustee and or custodian in accordance with DOL regulations, causing a prohibited transaction.
— The integrity of the individual account balances are not maintained when the recordkeeper has changed or where there is a transfer of assets received from another plan.
— In a private company ESOP, that company stock is not valued at fair value in accordance with GAAP.
r
For health and welfare benefit plans:— Not all activity of a health and welfare plan is reflected in the financial statements.
— Incurred but not reported claims have not been properly recorded.
r
For defined benefit plans:— In an ongoing cash balance defined benefit pension plan, the activity of the hypothetical balances is not appropri-ate because of the application of an incorrect interest rappropri-ate, incorrect service credits, or use of incorrect beginning bal-ance.
— In the year of conversion of a defined benefit pension plan to a cash balance benefit formula, the beginning balance of the hypothetical accounts is misstated.
— In a frozen defined benefit pension plan, the demographic information is incorrect.
— Benefit payments, including lump-sum benefit payments, in a defined benefit pension plan are not properly calcu-lated.
— Benefit payments are not calculated in the correct amounts when the plan has different benefit formulas for different time periods for employee groups (this may oc-cur as a result of numerous plan mergers over the history of the plan) or when the plan has terminated.
— In a defined benefit pension plan for which the sponsor is having financial difficulty, a contribution receivable is recorded at greater than the collectable amount.
5.69 Refer to paragraphs .45 and .53 of AU section 318, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (AICPA, Professional Standards, vol. 1), for further audit procedures pertaining to significant risks.
P1: KVU
ACPA132-05 ACPA132.cls April 10, 2010 0:32