Navigating the GS 007 audit framework can be overwhelming. This guide offers a clear overview of GS 007, who it applies to, and how to determine whether it’s the right fit for your organization’s assurance needs.
GS 007 is an assurance framework used in Australia to evaluate the controls of service organizations that provide investment management services. The framework is issued by the Australian Auditing and Assurance Standards Board (AUASB) and follows ASA 402 and ASAE 3402, which are Australian equivalents of ISA 402 and ISAE 3402.
Who Does GS 007 Apply To?
GS 007 applies to service providers that support investment management. These typically include:
- Custodians – Safekeeping assets on behalf of investors
- Fund administrators – Overseeing the operations of investment funds
- Unit registries – Managing records of investment ownership
- Investment platforms – Facilitating investor transactions and reporting
What Is the Structure of GS 007?
GS 007 outlines seven key control areas representing critical functions within investment management services.
Not all seven are mandatory for every service organization. The applicability of each control area depends on the specific services provided by the organization.
| Control Area | Description | Mandatory? |
| Custody | Managing the safekeeping, recording, and settlement of assets and related income on behalf of clients. | Only if relevant |
| Asset Management | Investing client funds by executing transactions, ensuring compliance, reconciling portfolios, and reporting performance. | Only if relevant |
| Property Management | Managing real estate investments through property transactions, compliance monitoring, reconciliations, and reporting. | Only if relevant |
| Superannuation Member Administration | Administering superannuation member accounts, including contributions, benefits, investment instructions, and reporting. | Only if relevant |
| Investment Administration | Maintaining records of portfolio assets and liabilities, valuing portfolios, and providing financial and performance reports. | Only if relevant |
| Registry | Maintaining investor records, processing transactions and corporate actions, controlling share/unit issuance, and managing voting processes. | Generally expected |
| Information Technology (IT) Controls | Ensuring IT systems supporting investment management services are secure, reliable, and support accurate financial reporting. | Generally expected |
GS 007 Reporting & Assurance Types
- Type 1 – Evaluates the design of controls at a specific point in time
- Type 2 – Evaluates both the design and operational effectiveness over a period (usually 6 to 12 months), offering a higher level of assurance
Minimum Control Objectives
Each investment management service area includes specific control objectives outlining minimum expectations for assurance reporting. These should be addressed in your organization’s description of its systems and controls. While comprehensive, the objectives are not exhaustive—additional controls may be needed, depending on your services.
The seven service areas include:
1. Custody
Custody involves managing assets on behalf of user entities, including:
- Safekeeping physical or electronic assets and maintaining related records.
- Collecting and distributing income from the assets.
- Processing and recording corporate actions affecting the assets.
- Recording asset purchase and sale transactions.
- Managing payments and settlements for asset trades.
2. Asset management
Asset management involves investing client funds and includes:
- Initiating and executing investment transactions, either under client instruction or discretionary authority.
- Ensuring transactions comply with client guidelines and restrictions.
- Reconciling portfolio records with custodian statements.
- Reporting portfolio performance and activities to clients.
3. Property management
Property management involves managing real estate assets and includes:
- Initiating and executing property transactions under client instruction or discretionary authority.
- Ensuring transactions comply with client guidelines and restrictions.
- Reconciling property transaction records with custodian statements.
- Reporting property performance and activities to clients.
4. Superannuation member administration
Superannuation member administration involves managing member accounts and includes:
- Maintaining and updating membership data.
- Receiving and allocating contributions and transfers.
- Calculating and paying member benefits and handling related third-party payments.
- Processing member investment instructions and investment switches.
- Deducting and remitting insurance premiums, fees, and taxes.
- Managing insurance claims and benefit payments for death, TPD, and income protection.
- Allocating fund earnings to member accounts.
- Conducting annual account reviews, benefit calculations, and reporting to members and trustees.
5. Investment administration
Investment administration involves supporting investment operations and includes:
- Maintaining records of securities, cash, and portfolio assets and liabilities.
- Valuing portfolio assets and liabilities and determining net asset values (NAVs).
- Providing periodic performance and compliance reports to relevant stakeholders.
- Preparing periodic financial reports.
6. Registry
Registry involves maintaining investor records and supporting shareholder or unitholder transactions, including:
- Maintaining records of shareholder/unitholder details and ownership positions.
- Recording validated purchases, redemptions, switches, transfers, and reinvestments.
- Updating holdings following corporate actions based on validated instructions.
- Monitoring and controlling the issuance of shares/units to prevent unauthorized or excess issuance.
- Managing stakeholder meetings and voting processes, including communication distribution and reporting.
7. Information technology
Information technology (IT) control objectives apply to all investment management services, as IT is essential to their delivery. IT controls are assessed alongside the specific control objectives for each service, focusing on systems relevant to the financial reporting of user entities.
Determining Applicable Control Objectives
Understanding which parts of GS 007 apply to your organization is key in preparing for an audit.
1. Identify Your Services
Start by mapping out your organization’s investment management services, such as custody, registry, or investment administration.
2. Match Services to GS 007 Categories
Each service corresponds to a GS 007 control area. For example:
- If you manage investment portfolios, the Asset Management objectives apply.
- If you administer superannuation accounts, the Superannuation Member Administration objectives apply.
3. Include Supporting IT Controls
Regardless of the services provided, IT controls are generally required, as they support all other functions.
4. Define and Document Your Scope
Clearly document:
- The services provided
- The corresponding control objectives
- Any exclusions or assumptions
This documentation is essential for scoping your Type 1 or 2 assurance engagement.
If your organization is considering a GS 007 audit or evaluating its control readiness, our team can help. We’ll guide you through scoping, applicability, and preparation so your audit delivers meaningful, actionable assurance.
Contact us to learn how GS 007 applies to your organization.
