Many entities outsource aspects of their business activities to service organisations. These activities range from performing a specific task directed by the entity to replacing entire business units or functions. The activities may be integral to the entity’s business operations and, affect the financial statements and so the entity’s external auditor may be required to understand and test controls over those outsourced business activities, particularly where they involve the processing of financial transactions.
This guidance enables the service organisation to engage an independent practitioner to provide an assurance opinion on the controls in place over the outsourced activities they perform for other entities. As the service organisation more often than not works for more than one entity, this means they can efficiently commission and share this independent assurance opinion with the entities they work for, saving numerous sets of external auditors testing the same internal controls.
The demand for these types of reports is particularly prevalent in the asset management sector and the guidance could also be applied to other activities, where appropriate control objectives can be identified.
The Technical Release provides guidance to those performing assurance engagements and is intended to promote consistency in approach. It also provides high-level guidance to senior management of the service organisation who prepare the report on the specific services and may also help entities that use service organisations to understand the scope and type of assurance provided in the assurance report.
The Technical Release is effective for reporting periods beginning on or after 1 July 2020 although early adoption is permitted.
Assurance reports on internal controls of service organisations available to third parties (TECH 01/06 AAF) was withdrawn on 30 June 2020.
TECH 01/20 AAF
Download the full technical release 'Assurance on internal controls of service organisations (TECH 01/20 AAF)'
Download now