SMSFs may use service organisations to provide investment management services including:

• custody (including IDPS such as WRAP accounts);
• asset management (including hedge fund management and private equity).
• property management;
• investment administration, including fund accounting and/or fund administration;
• registry; and
• valuation services.

These investment management services may take various forms including WRAP accounts, individually managed portfolio services, individual mandates or platform investments. Further guidance is provided in GS 007.

The use of a service organisation by a SMSF is a consideration for the auditor when planning the level of substantive testing for balances and transactions maintained by the service organisation. ASA 402 provides some relief, stating that in the absence of obtaining a direct understanding of the internal control environment of a service entity, the auditor should obtain a type 1 report or type 2 controls report. ASAE 3402 provides detailed requirements and guidance on the preparation of these assurance reports.

Type 1 or Type 2 Reports on Controls

A type 1 report provides an opinion on the description and design of controls at the service organisation, provided by the service entity’s management and cannot be relied on to reduce the level of substantive audit testing conducted by the SMSF auditor.

A type 2 report provides a further opinion over the effectiveness of controls beyond that of a type 1 report and includes the service auditor’s opinion on the management’s description of the control environment after tests of the controls are undertaken. The type 2 report may be used in some circumstances to reduce the level of substantive testing undertaken by the SMSF auditor.

The extent of the reliance to be placed on a service auditor’s assurance report provided in conjunction with a service entity’s annual investor statement is determined after a review of the assertions made relevant to information contained in the report. For example, does the assurance report limit the scope of the engagement undertaken by the service auditor. Some reports only cover existence rights and obligations, which would require the fund auditor to test for valuation. In these instances, the auditor may partially rely on the service auditor’s report and would consider conducting testing to obtain evidence on the valuations contained in the tax statement. Where the fund uses a custodian but the custodian does not engage an independent auditor to issue a ASAE 3402 assurance report on the investments, the SMSF auditor may need to conduct additional procedures for investment, income, expenses and tax information included in the custodian's report.

A type 2 report on controls can be relied on to the extent the SMSF auditor can map the tests of controls against the assertions in the service provider’s assurance report. SMSF auditors need to ensure that any report issued complies with ASAE 3402 requirements otherwise further audit procedures may be required by the auditor to obtain sufficient appropriate audit evidence. Greater consideration may be necessary if the service organisation operates overseas.

The use of a service organisation by a SMSF may render the audit evidence required less readily accessible to the auditor, if the service organisation provides some of the record keeping or compliance functions of the SMSF. The location of audit evidence at the service organisation does not alter the overall scope and objective of the financial audit and compliance engagement of the SMSF. It remains the responsibility of the auditor to obtain sufficient appropriate audit evidence to support the auditor’s financial audit and compliance assurance opinions. The requirements of the AUASB Standards relating to obtaining sufficient appropriate evidence on which to form an opinion are the same as would apply if the records and supporting documentation were maintained by the SMSF.

Operators of IDPSs and IDPS-like services are required under ASIC Class Orders CO 13/762^[77] or CO 13/763^[78] to obtain an auditor’s report providing:

1. an opinion as to whether the internal controls and other procedures of the relevant IDPS or IDPS-like operator and other persons acting on behalf of the relevant operator were suitably designed and operated effectively in all material respects to ensure that the annual investor statements, quarterly reports and any information that is made accessible electronically, are not materially misstated;
2. an opinion as to whether the aggregate of assets, liabilities, revenue and expenses in the annual investor statement for the relevant IDPS or IDPS-like financial year have been properly reconciled in all material respects to the corresponding amounts shown in the reports prepared by the custodian which have been independently audited; and
3. a statement as to whether or not the auditor has any reason to believe that any annual investor statements, quarterly reports or information accessible electronically is materially misstated.

ASIC’s Regulatory Guide RG 148 Platforms that are managed investment schemes and nominee and custody services details the requirements of CO 13/762 and CO 13/763:

1. RG 148.71 to 75 stipulates the requirement for IDPS operators to maintain, document and comply with adequate internal control procedures to ensure compliance with financial services laws and to have the procedures audited annually by a registered company auditor.
2. RG 148.126 to 133 details the requirement to provide an annual investor statement and auditor’s report within three months of the end of the financial year. The auditor’s report must set out whether the auditor has reason to believe that the investment statements have been given without material misstatement and their opinion on whether the annual investor’s statements have been properly reconciled.

Assets held under custody are held as a single holding in the name of the custodian. Individual investors hold a specified number of units which determine the value of the individual holding. An annual independent audit of the IDPS is required to provide assurance on the reconciliation of the attribution to individual investors. The planning of a SMSF audit considers the independent audit of the custodian, as reports provided under these class orders may provide sufficient appropriate audit evidence for a user auditor.