IDW PS 951
The auditing standard 951 of the Institut der Wirtschaftsprüfer in Deutschland eV , usually abbreviated as IDW PS 951 nF , is an auditing standard published by the Institut der Wirtschaftsprüfer in Deutschland (IDW) , which regulates the audit of an outsourced internal control system to a service company.
background
On October 16, 2013 the currently valid new version (nF) of the IDW auditing standard was published, which includes the IDW auditing standard: " The audit of the internal control system at the service company for functions outsourced to the service company " i d. F. of September 9, 2010. The standard takes into account and is based on the international standard ISAE 3000 and represents the national counterpart to the international standard ISAE 3402. In direct comparison to ISAE 3402, the IDW PS 951 nF takes into account special features from a national point of view, above all legal and other requirements including compliance and security requirements according to IDW RS FAIT 1.
commitment
The audit standard is used by service companies that require evidence of appropriate and effective measures for the service-related internal control system implemented. This is particularly the case when a customer has outsourced functions to a service company that can affect the accounting of the outsourcing company. In the event of outsourcing, the internal control system contained in these outsourced functions remains the responsibility of the outsourcing company. Typical examples are the outsourcing of payroll accounting or the data center operation of relevant IT systems.
Implementation and reporting
The subject of the audit is the description of the service-related internal control system (briefly: ICS description) and the control objectives and controls (or measures) described therein to meet these objectives. In the service-related internal control system, all the measures, controls and procedures (rules) of the service company in areas and processes that directly or indirectly affect the provision of the promised service are considered.
A detailed report is written about the audit, which shows the implemented internal control system (ICS) at the service company. The audit procedures carried out by the auditing company and the results are also part of the reporting.
There are two types for the test according to IDW PS 951 nF, which is either the test
- the adequacy of the internal control system presented and the implementation of these controls (type 1 '), or
- the appropriateness, implementation and effectiveness for a defined period of time (type 2).
Type 2 is particularly relevant for the annual audit. The audit then usually includes the financial year as the effective period.
In addition to the service company itself, the addressees of the audit report are in particular the customers and their auditors. Outsourcing companies and their auditors require evidence of the implementation of high security standards and an appropriate and effective internal control system due to increasing regulatory requirements and risks.
Description of the internal control system
The requirements for the design of the internal control system of the service company are derived from the regulatory requirements, in particular from customer contracts and customer expectations. This clearly includes taking into account the regulatory environment of the customers as well as the requirements of their stakeholders and auditors. The IDW PS 951 is a criteria-based auditing standard and in this respect the requirements mentioned must be defined and laid down in writing. The final assessment is based on the consideration and implementation of the specified requirements in the service company's area of application to be defined. This area of application can refer to the entirety of the service-related processes and thus to all customers. However, it is also possible to restrict this to a specific group or customer and to adapt the reporting accordingly.