30 July 2018

Rise in investor assurance reports in private equity

With the recent rise in requests for controls assurance reports, we review each report and its benefits

As a successful business within the private equity or hedge fund industry, you will no doubt be aware of the recent rise in the request from new and existing investors for controls assurance reports. With the increased economic uncertainty, geo-political change and market competition, it is perhaps not surprising that investors are now demanding more transparency, rigour and security from those they might trust with their wealth. Whilst these reports have proven to be an extremely valuable marketing tool, they can provide the platform and framework for a whole host of benefits to ensure you continue to thrive in a changing world. This article seeks to lay out the various assurance reports and, more importantly, the benefits they can bring.

Service Organisation Controls

SOC reports (also known as ISAE3402, SSAE18 or even SAS70 reports in old money) are more than a standard health check, a SOC report is an instrument providing independent assurance to investors that an organisation has robust controls in place and meets industry best practice. There are two types of reports private equity firms may either combine or elect to commission one or the other. These are known as Type 1 or Type 2 reports:

Type 1 – looks at the description and design of the controls in place at your business.
Type 2 – as well as looking at control description and design, this report also addresses the operating effectiveness of those controls over a given period (not less than six months).

For Type 1 reports, the reporting accountant will seek to verify that the procedures and controls as described by management have been implemented. The reporting accountants will express an opinion on whether management’s description fairly presents the service organisation’s control system, and whether the controls were suitably designed.

For Type 2 reports, the reporting accountant will also seek evidence to express an opinion on whether the controls operated effectively throughout the specified period. Where exceptions have been found, such as controls not operating effectively, these will be reported.

SOC report benefits

As previously stated, many of our clients also use their SOC report proactively as a marketing tool to gain a competitive advantage over rivals through the demonstrating the strength of their control environment, highlighting a commitment towards best practices. Increasingly, this is even becoming a pre-requisite for doing business, particularly with US investors. However, there are also many internal benefits that can be derived from such reports if conducted and utilised effectively:

Auditing – You will be familiar with the challenge of managing demands from your clients’ auditors or fund administrators for access to your systems to test the adequacy of internal controls. With a SOC report in place, rather than each fund administrator/audit firm coming to your premises to conduct their own tests, they could use the report to gain assurance on the adequacy of controls in place.

Risk management – SOC reports also play a part in risk management concerning the delivery of services to clients. Management can gain peace of mind as to the operational effectiveness of their controls and hence their ability to provide services consistently and securely.

Investor service levels – In the wider context of the business, SOC reports can enable you to factually measure and evaluate your investor service level and performance, meaning root cause analysis can be performed to identify themes and to manage your contractual obligations.

Business processes – SOC reports can allow you, as the report writer, to evaluate your business processes giving you increased control awareness across the organisation and identify opportunities for improvement.

The roadmap

While we would be more than happy to discuss SOC reports in further detail with you, we do not subscribe to a one size fits all mentality, especially with regards to specialist assurance. The report needs to suit your business model and structure, your growth strategies and, of course, your investors’ needs.

So, we are offering you a no obligations meeting with a member of our financial services specialist assurance team to explore your businesses particular risks and opportunities in order to produce a bespoke roadmap of the ISAE journey for your business. This will provide a good starting point for identifying the scope and direction of the assurance you might need.

If you would like to organise for this to be undertaken for your business, please contact Emma MacArthur or Gareth Magee to arrange a meeting.