
GS 007 - What’s involved
GS 007 | The essential things you need to know about the GS 007 control objectives
In our first article (GS 007 – The Essentials), we provided an initial overview of GS 007's requirements to help assess whether the framework aligns with your organisation’s needs. We also outlined the types of companies that are typically required to obtain a GS 007 audit and introduced the key control objectives covered under the standard.
In this article, we take a closer look at the main control objectives. Identifying which objectives apply to your organization is a critical first step in preparing for a GS 007 audit.
GS 007 minimum control objectives for each investment management service
GS 007 is split into 7 Investment Management Service areas; Custody, Asset Management, Property Management, Superannuation Member Administration, Investment Administration, Registry & Information Technology.
Each investment service area is further divided into control objectives, representing the minimum expectations that a service auditor and users of a Type 1 or Type 2 report may reasonably anticipate.
These objectives should be addressed in the service organisation’s description of its investment management system for each service area. However, they are not intended to be exhaustive.
A. Custody
Custody involves managing assets on behalf of user entities, including:
- Safekeeping physical or electronic assets and maintaining related records.
- Collecting and distributing income from the assets.
- Processing and recording corporate actions affecting the assets.
- Recording asset purchase and sale transactions.
- Managing payments and settlements for asset trades.
B. Asset management
Asset management involves investing client funds and includes:
- Initiating and executing investment transactions, either under client instruction or discretionary authority.
- Ensuring transactions comply with client guidelines and restrictions.
- Reconciling portfolio records with custodian statements.
- Reporting portfolio performance and activities to clients.
C. Property management
Property management involves managing real estate assets and includes:
- Initiating and executing property transactions under client instruction or discretionary authority.
- Ensuring transactions comply with client guidelines and restrictions.
- Reconciling property transaction records with custodian statements.
- Reporting property performance and activities to clients.
D. Superannuation member administration
Superannuation member administration involves managing member accounts and includes:
- Maintaining and updating membership data.
- Receiving and allocating contributions and transfers.
- Calculating and paying member benefits and handling related third-party payments.
- Processing member investment instructions and investment switches.
- Deducting and remitting insurance premiums, fees, and taxes.
- Managing insurance claims and benefit payments for death, TPD, and income protection.
- Allocating fund earnings to member accounts.
- Conducting annual account reviews, benefit calculations, and reporting to members and trustees.
E. Investment administration
Investment administration involves supporting investment operations and includes:
- Maintaining records of securities, cash, and portfolio assets and liabilities.
- Valuing portfolio assets and liabilities and determining net asset values (NAVs).
- Providing periodic performance and compliance reports to relevant stakeholders.
- Preparing periodic financial reports.
F. Registry
Registry involves maintaining investor records and supporting shareholder or unitholder transactions, including:
- Maintaining records of shareholder/unitholder details and ownership positions.
- Recording validated purchases, redemptions, switches, transfers, and reinvestments.
- Updating holdings following corporate actions based on validated instructions.
- Monitoring and controlling the issuance of shares/units to prevent unauthorised or excess issuance.
- Managing stakeholder meetings and voting processes, including communication distribution and reporting.
G. Information technology
Information technology (IT) control objectives apply to all investment management services, as IT is essential to their delivery. IT controls are assessed alongside the specific control objectives for each service, focusing on systems relevant to the financial reporting of user entities.
Which Control Objectives are applicable to an organisation?
An organisation determines which GS 007 control objectives are applicable based on the investment management services it provides to its user entities.
The process typically involves:
1. Identifying the Services Provided
The organisation must first map out the specific services it offers to clients (e.g., custody, asset management, superannuation member administration, registry services, property management, investment administration).
2. Matching Services to GS 007 Categories
- For example:
- If the organisation provides custody services, the Custody control objectives are applicable.
- If it manages client portfolios, Asset Management control objectives apply.
- If it administers member records for a superannuation fund, Superannuation Member Administration objectives apply.
3. Considering Supporting Functions
Information Technology (IT) control objectives are always applicable because IT systems support all investment management services.
4. Documenting the Scope
The organisation should formally document:
- The services it provides.
- The corresponding control objectives selected.
- Any exclusions or assumptions.
Not sure where to start?
Get in touch with our team today to see how we can help your organisation navigate the GS 007 standard and determine the audit scope.