Internal controls | What can assurance cover?

TECH 01/20 AAF, published by ICAEW’s Audit and Assurance Faculty in 2020, provides guidance on the performance of assurance engagements on the internal controls of service organisations. The technical release replaces TECH 01/06 AAF and is effective for Seo Digital Marketing Campaigns and Why They Work reporting periods beginning on or after 1 July 2020. Early adoption of the guidance is encouraged.

Many entities (‘User Entities’) outsource aspects of their business activities to third party organisations (‘Service Organisations’). These activities range from performing a specific task under the direction of the User Entity to replacing entire business units or functions. The activities outsourced are often integral to the User Entity’s business operations and, where they affect the User Entity’s financial statements, the User Entity’s external auditor may be required to understand and test controls over those outsourced business activities, particularly where they involve the processing of financial transactions.

TECH 01/20 AAF has been developed to enable the Service Organisation to engage an independent practitioner (the ‘Service Auditor’) to provide an assurance opinion on the controls in place over those outsourced activities. The assurance opinion can then be made available to User Entities and their external auditors (‘User Organisations’), avoiding the need for several different User Organisations to test the same controls.

The technical release provides generic guidance to a Service Auditor reporting on specific services performed by the Service Organisation. It also provides high-level guidance to Senior Management of the Service Organisation who prepare the report on the specific services, as it clarifies their responsibilities.

TECH 01/20 AAF may also help User Organisations to understand the scope and type of assurance provided in the Service Auditor’s Report.