In our first article (GS 007 – The Essentials), we provided an initial overview of GS 007's requirements to help assess whether the framework aligns with your organisation’s needs. We also outlined the types of companies that are typically required to obtain a GS 007 audit and introduced the key control objectives covered under the standard.
In this article, we take a closer look at the main control objectives. Identifying which objectives apply to your organization is a critical first step in preparing for a GS 007 audit.
GS 007 is split into 7 Investment Management Service areas; Custody, Asset Management, Property Management, Superannuation Member Administration, Investment Administration, Registry & Information Technology.
Each investment service area is further divided into control objectives, representing the minimum expectations that a service auditor and users of a Type 1 or Type 2 report may reasonably anticipate.
These objectives should be addressed in the service organisation’s description of its investment management system for each service area. However, they are not intended to be exhaustive.
An organisation determines which GS 007 control objectives are applicable based on the investment management services it provides to its user entities.
The process typically involves:
1. Identifying the Services Provided
The organisation must first map out the specific services it offers to clients (e.g., custody, asset management, superannuation member administration, registry services, property management, investment administration).
2. Matching Services to GS 007 Categories
3. Considering Supporting Functions
Information Technology (IT) control objectives are always applicable because IT systems support all investment management services.
4. Documenting the Scope
The organisation should formally document:
Not sure where to start?
Get in touch with our team today to see how we can help your organisation navigate the GS 007 standard and determine the audit scope.