More and more companies are outsourcing specific supporting business processes to external service providers. Through PS 951, a comprehensive audit of these providers’ internal controls creates a high level of transparency and accountability. The standard helps organisations ensure that their partners meet appropriate requirements in terms of risk management and security.
PS 951 provides a reliable framework for assessing the effectiveness of internal controls, fostering transparency and strengthening the trust of all stakeholders. By applying this standard, organisations enhance their audit processes while demonstrating a clear commitment to the highest governance standards.
A PS 951 audit evaluates both the design and the effectiveness of internal controls that impact financial reporting. An external auditor reviews the design of the controls (Type I) as well as their operational effectiveness over a defined period (Type II). The resulting audit report typically includes a control matrix that clearly outlines the risk management framework, control objectives, control activities, and the corresponding audit results.
A PS 951 Type I report provides an external auditor’s assessment of the controls in place as of a specific date. The auditor evaluates whether these controls are appropriately designed to provide reasonable assurance of achieving financial reporting objectives and whether the controls actually exist.
A PS 951 Type II report evaluates not only whether controls are appropriately designed and in place but also whether they have been operating effectively over a defined period. In practice, this means the external auditor conducts a thorough review of the service organisation’s internal controls and verifies that all controls have been implemented and are functioning effectively in accordance with established processes and procedures.
Organisations across all industries regularly consult the register. By registering your report, you demonstrate compliance with the PS 951 requirements and establish your reputation as a trusted service provider.
PS 951 is not a certification but an audit report that confirms your outsourced processes are managed in a way that ensures reliable and accurate financial reporting.
IT processes and other operational activities are increasingly being outsourced to service providers. When data is handled by external vendors, the requirements for information security and oversight of these processes become more demanding. Many organisations focus on their core business and outsource supporting functions to third parties. Because these dependencies can affect the level of trust between companies and their service providers, there is a growing need for effective control mechanisms to ensure that outsourced processes are secure and reliable. A PS 951 report provides clients with the assurance that appropriate controls are in place and that the service organisation meets the necessary standards for security and risk management.
A PS 951 report is reviewed by an independent auditor and must be prepared in accordance with the applicable auditing standards. Having staff with prior audit experience can make the preparation process significantly smoother. In addition, specialised service providers can assist in compiling the report and managing the audit process to ensure that all requirements for controls and documentation are fully met.
If certain processes within your organisation have a significant impact on the service provider’s financial statements, obtaining a PS 951 report is appropriate. Companies operating under the supervision of regulatory bodies—such as the FSA—must also be able to demonstrate that outsourced processes are effectively managed. A PS 951 report provides this assurance by confirming that internal controls are properly implemented and operating effectively.
PS 951 is an internationally recognised standard for overseeing outsourced processes. In both national and international tenders, a PS 951 report is often requested as evidence that key control standards are being met. In addition, implementing PS 951 helps organisations structure and formalise their internal workflows, improving overall efficiency and enhancing transparency throughout the business.
