Our Technology Compliance and Controls Audit services provide independent assurance over the design and operating effectiveness of technology and operational controls.
This helps organisations meet the expectations of customers, regulators, payment schemes and trustees who require clear, defensible assurance over critical services and processes.
We deliver assurance tailored to the Australian regulatory and commercial environment, where control expectations are shaped by APRA, ASIC, payment scheme operators and superannuation trustees. Our focus is on assurance that stands up to external scrutiny, whether that scrutiny comes from regulators, scheme operators, auditors or counterparties, while remaining practical and proportionate to the risks in scope.
Our services include:
SOC 1 & ASAE 3402 audits
Independent SOC 1 and ASAE 3402 audits provide assurance over controls relevant to financial reporting, supporting customer and auditor reliance on service organisation controls. These engagements help reduce follow‑up queries from customers and external auditors and provide confidence in the design and operating effectiveness of key financial and technology controls.
GS 007 audits
GS 007 audits provide controls assurance reporting for service organisations supporting financial services and superannuation trustees. These engagements help demonstrate that technology and operational controls meet the expectations of APRA, ASIC and trustees, particularly where services underpin critical functions, member outcomes or material outsourced arrangements. Our GS 007 audits focus on governance, control design and operating effectiveness across technology, security and operational processes to provide robust, independently tested assurance suitable for trustee, customer and regulator scrutiny.
ASAE 3150 audits
ASAE 3150 audits provide tailored assurance over controls beyond financial reporting, aligned to defined subject matters such as operational resilience, system reliability, security or regulatory compliance. These engagements are designed around specific assurance questions and stakeholder expectations, providing focused assurance over areas critical to service delivery and risk management.
Payment scheme compliance
Independent assessments and reporting support compliance with card and payment scheme requirements, including eftpos and NPP scheme rules, and related operational, security and incident management obligations. These engagements help reduce compliance risk, support relationships with scheme operators and acquiring institutions, and provide confidence that payment controls are operating effectively in complex payment environments.
Operational due diligence & resilience assurance
Operational due diligence and resilience reviews support funds, trustees and regulated entities to assess the operational robustness of service providers and investment managers, particularly in preparation for APRA CPS 230. Reviews focus on governance, operational resilience, technology dependencies, information security, business continuity and third party risk. Where relevant, our approach aligns with industry guidance for investment management operational due diligence developed by ASFA and JANA, reflecting expectations around independence, consistency and resilience across the superannuation sector.
Agreed‑upon procedures & custom assurance
Agreed‑upon procedures and custom assurance engagements are designed around specific risks, stakeholder needs or contractual obligations where standard reports are not fit for purpose. This flexible approach provides targeted, decision‑relevant assurance to support governance, oversight and informed decision‑making.
Our experienced assurance specialists combine deep technical knowledge with a strong understanding of Australian regulatory, scheme and trustee expectations. We deliver clear, decision‑ready reporting that supports compliance, demonstrates control effectiveness and provides confidence to stakeholders who rely on your services.
