Part 2 of 3: Why ASAE 3402 Assurance Matters
There has been a fair bit of commentary across the SMSF industry on data feeds of late – particularly around what the term ‘reliable’ means in relation to data feeds, how data feeds differ (or are they all the same?), and where ASAE 3402 and share registry data fit into the whole picture.
We’ve put together a three part blog series exploring data feeds. In this article, Part 2 of our Data Feed Series, we examine the benefits of ASAE 3402 Assurance.
What is ASAE 3402 and why is it important?
ASAE 3402 is an Auditing and Assurance Standards Board standard that provides auditors with the assurance that the necessary controls are in place at a service organisation.
For example, Class has achieved ASAE 3402 Type I and Type II certification for its data feeds system (the only SMSF software provider to do so). This provides administrators and auditors with the assurance that Class has controls in place within its data feeds system that manage the security, integrity and availability of data – and in turn means that auditors can substantially reduce the amount of testing required for balances and transactions maintained by Class.
To further explain this - there could be correct data coming through from banks or financial institutions into SMSF software, however if the software provider does not have a secure and reliable system to manifest the data to end customers, the data may be prone to duplication, error or simply be incomplete. It could also potentially be tampered with by anyone who has access to the system, and without traceability. The ASAE 3402 standard ensures there are controls and processes in place to minimise that risk, which are then audited by a third party on a regular basis.
How does ASAE 3402 allow auditors to rely on data feeds?
While direct-connect data feeds are more secure, there can still of course be intermittent errors with the data itself. However, having the right controls and processes in place means that those errors can be identified promptly and resolved.
Let’s run through an example:
- A data feed comes through from a financial institution, and is missing some transactions
- The Class systems and data feeds team identifies the issue, contacts the provider and gets a corrected file sent through
- Meanwhile, the issue is highlighted in the Class application so the accountant or administrator is aware
- Once the new file is processed, the client can see from the Class application that the issue has been resolved
ASAE 3402 provides the auditor with assurance that despite any intermittent errors, and the rectification steps that have been taken, the final data has within reason been sourced correctly, been processed correctly and hasn’t been tampered with.
Without the ASAE 3402 certification, auditors are professionally bound to be sceptical1 that operational processes work effectively.
"With the ASAE 3402, we are able to do less testing in regards to bank and broker transactions that have been processed via the data feed. For bank transactions and balances, we will no longer need to see the actual bank statements where the transactions and balances have come through on the data feed. Similarly for broker transactions, we will no longer need to see contract notes or broker transaction summaries for trades that have come through on the data feed.
The ASAE 3402 will mean that there is less paperwork for Class customers to provide at the end of each year, and should make our auditing process faster and more streamlined in most cases."
Joe Buttigieg, Director, Super Know How, Auditors
1 ASA 200, para 15
Read now: Data Feeds - The Facts That Matter. Part 1: Back to Basics
Read now: Data Feeds - The Facts That Matter. Part 3 - Brokers vs Share Registries.