Resources | AssuranceLab

Understanding GS 007

Written by Roghan McMahon | Feb 10, 2025 1:50:43 AM

A quick search for information on the GS 007 audit framework is enough to make your head spin. This article aims to clear some of the confusion by providing a clear understanding of GS 007's requirements and helping you determine whether it aligns with your organization's needs.

Written by Roghan McMahon, Audit Manager 

 

What is GS 007? 

GS 007 is an assurance framework used in Australia to evaluate the controls of service organizations that provide investment management services. The framework is issued by the Australian Auditing and Assurance Standards Board (AUASB) and follows ASA 402 and ASAE 3402, which are Australian equivalents of ISA 402 and ISAE 3402.

 

Who Does GS 007 apply to?
It is mainly used by service organizations that support investment management, such as: 

  • Custodians - holding assets on behalf of investors
  • Fund administrators - managing investment funds
  • Unit registries - tracking who owns investment units
  • Investment platforms - handling investor transactions and reporting

What is the structure of GS 007? 
GS 007 outlines seven key control areas, which represent critical functions within investment management services.


Not all seven are mandatory for every service organization. The applicability of each control area depends on the specific services provided by the organization.

 

Control Area

Description

Mandatory?

1. Custody of Assets

Ensures client assets are securely held, recorded accurately, and reconciled correctly.

Only if relevant

2. Investment Administration

Covers investment transactions, reconciliations and reporting.

Only if relevant

3. Unit Pricing and Valuation

Ensures accuracy in the calculation of unit prices and fund valuations.

Only if relevant

4. Registry Services

Manages investor records, transactions, and reporting accuracy.

Only if relevant

5. Information Technology (IT)

Focuses on IT security, system access, change management, and data integrity.

Yes (if IT systems support services provided)

6. Risk Management & Compliance

Ensures compliance with laws, regulations, and internal policies.

Generally expected

7. Financial Reporting Controls

Covers the accuracy and integrity of financial reports provided to clients.

Generally expected

GS 007 reporting & assurance types
GS 007 follows the Type 1 and Type 2 reporting structure, similar to SOC 1 or SOC 2:

  • Type 1 Report
    • Evaluates the design of controls at a specific point in time
    • Does not assess whether the controls operated effectively over a period
  • Type 2 Report
    • Evaluates both the design and operational effectiveness of controls over a defined period (usually 6 to 12 months)
    • Provides a higher level of assurance
For more information on how AssuranceLab delivers assurance reports, please refer to our knowledge base article linked here

 

 

Ready to learn more?

Want to find out more about the GS 007 standard and how it might tie into your audit requirements? Head to our contact page and fill out the form. Our portfolio manager, Roghan McMahon, will be in touch regarding your GS 007 requirements. 
View full post