Resources | AssuranceLab

Understanding GS 007

Written by Roghan McMahon | Feb 10, 2025 1:50:43 AM

A quick search for information on the GS 007 audit framework is enough to make your head spin. This article aims to clear some of the confusion by providing a clear understanding of GS 007's requirements and helping you determine whether it aligns with your organization's needs.

What is GS 007? 

GS 007 is an assurance framework used in Australia to evaluate the controls of service organizations that provide investment management services. The framework is issued by the Australian Auditing and Assurance Standards Board (AUASB) and follows ASA 402 and ASAE 3402, which are Australian equivalents of ISA 402 and ISAE 3402.

 

Who Does GS 007 apply to?

It is mainly used by service organizations that support investment management, such as: 

  • Custodians - holding assets on behalf of investors
  • Fund administrators - managing investment funds
  • Unit registries - tracking who owns investment units
  • Investment platforms - handling investor transactions and reporting

What is the structure of GS 007? 

GS 007 outlines seven key control areas, which represent critical functions within investment management services.

Not all seven are mandatory for every service organization. The applicability of each control area depends on the specific services provided by the organization.

Control Area

Description

Mandatory?

Custody

Managing the safekeeping, recording, and settlement of assets and related income on behalf of clients.

Only if relevant

Asset Management

Investing client funds by executing transactions, ensuring compliance, reconciling portfolios, and reporting performance.

Only if relevant

Property Management

Managing real estate investments through property transactions, compliance monitoring, reconciliations, and reporting.

Only if relevant

Superannuation Member Administration

Administering superannuation member accounts, including contributions, benefits, investment instructions, and reporting.

Only if relevant

Investment Administration

Maintaining records of portfolio assets and liabilities, valuing portfolios, and providing financial and performance reports.

Only if relevant

Registry

Maintaining investor records, processing transactions and corporate actions, controlling share/unit issuance, and managing voting processes.

Generally expected

Information Technology (IT) Controls

Ensuring IT systems supporting investment management services are secure, reliable, and support accurate financial reporting.

Generally expected

GS 007 reporting & assurance types

GS 007 follows the Type 1 and Type 2 reporting structure, similar to SOC 1 or SOC 2:

  • Type 1 Report
    • Evaluates the design of controls at a specific point in time
    • Does not assess whether the controls operated effectively over a period
  • Type 2 Report
    • Evaluates both the design and operational effectiveness of controls over a defined period (usually 6 to 12 months)
    • Provides a higher level of assurance
For more information on how AssuranceLab delivers assurance reports, please refer to our knowledge base article linked here

 


Ready to learn more?

Want to find out more about the GS 007 standard and how it might tie into your audit requirements? Head to our contact page and fill out the form. Our portfolio manager, Roghan McMahon, will be in touch regarding your GS 007 requirements. 
View full post