The keenly awaited update for AAF 01/06 became available in January 2020 with Control Objectives for administrators, investment managers and other data recording industry. Technical release AAF 01/20 replaces AAF 01/06 reporting for periods beginning on or after 1 July 2020. Early adoption is encouraged.
The revised Control Objectives can be found in Appendix 1 for businesses using custody, fiduciary management, fund accounting, investment management, investment administration, pension administration, private equity, property investment management, property investment administration, transfer agency and information technology. The term Reporting Accountant’ is revised to ‘Service Auditor’ and ‘control procedures’ are called ‘control activities’ to be more in line with international standards.
In addition, AAF 01/20 has helpful explanations in section 2 (#13-34) of:
The AAF 01/20 is a technical release from the Institute of Chartered Accountants in England & Wales Audit and Assurance Faculty at icaew.com/auditandassurance. The ICAEW has regular seminars on assurance and IT so it is worthwhile investing in joining the ICAEW Audit and Assurance Faculty and the ICAEW Tech Faculty to get access to the comprehensive and accessible packages of guidance and technical advice they offer.
Like AAF 01/06, the AAF 01/20 follows the framework for assurance engagements set out in the IIASB Assurance Framework and International Standard on Assurance Engagements (ISAE 3000 (Revised) Assurance Engagements other than Audits or Reviews of Historical Financial Information, published by the IAASB. AAF 01/20 is also intended to be compatible with ISAE 3402 Assurance Reports on Controls at a Service Organization.
As a reminder AAF 01/20 has been developed to enable a Service Organisation (a third party organisation that provides information processing and other services for entities such as a company pension fund (‘User Entities’) to engage an independent practitioner (the ‘Service Auditor’) to provide an assurance opinion over the relevant controls which seek to manage risks on behalf of User Entities. The independent assurance opinion can then be made available to User Entities and their external auditors (‘User Organisations’) to avoid the need for several different User Organisations to test the same controls.
Actions you should take are:
The AAF 01/20 is a 78-page document that needs some thought.