Key advice update No. 1, 2015
Managing outsourced financial services
Purpose of this document
This key advice update aims to support public sector agencies to comply with the Standing Directions of the
Minister for Finance (Directions). It focuses on the requirements of Direction 3.1.5 Managing outsourced
financial services, in particular how to obtain assurance over outsourced services.
What is outsourcing?
Outsourcing is a process by which a specific service or group of services is provided for an agency by a third party
through an agreement, e.g. contract. Services are typically outsourced to achieve cost savings, improve quality,
and access specialised skills or other efficiencies. Some examples of commonly outsourced services include
payroll, investment consulting, debt collection and the maintenance of financial systems.
What are the requirements of Direction 3.1.5?
Direction 3.1.5 requires agencies to ensure effective management of outsourced financial functions to obtain
the required levels of service and maintain compliance with the Financial Management Act 1994 (FMA), the
Financial Management Regulations 2004 and the Directions.
Why is assurance of outsourced financial services important?
Outsourcing does not diminish the responsibilities of the Chief Finance and Accounting Officer (CFAO) and the
Accountable Officer – a service can be outsourced, but the risk and responsibilities cannot.
An outsourced financial service will impact on the financial management, financial processing or financial
statements of an agency. Accordingly, specific assurance on the control procedures of the outsourced service
provider is needed to ensure the:
•
agency continues to meet the requirements of the FMA, the Directions and any other relevant
legislation;
•
agency’s responsibilities and accountabilities for good governance and sound financial management
are not negatively impacted by the outsourced activities;
•
provider is complying with the agreed terms and conditions (e.g. performance measures as outlined
in the contract or Service Level Agreement);
•
controls for activities and processes are effective and result in accurate reporting of financial and
other relevant information;
•
control environment surrounding the outsourced services facilitates complete and accurate
processing of underlying transactions and/or data; and
•
Accountable Officer and CFAO can sign off on their formal annual statement as required by Direction
2.2(d) for public sector agencies and (w) departments, that the:
(i) financial reports are presented fairly;
(ii) risk management, internal compliance and control framework is sound; and
(iii) internal control framework is operating effectively and efficiently.
What to consider when determining the type of assurance required?
Before engaging an outsourced service provider, an agency should understand the Assurance or Auditing
Standard requirements1, and liaise with its internal and/or external auditors to discuss the best approach to
obtain assurance. This will assist the agency to ensure that assurance reports received are fit for purpose and
provide an accurate reflection of the control environment in the outsourced provider.
The type and level of assurance required should be determined in the context of an agency’s individual risk
profile (i.e. complexity of operations and size) and be factored in as part of the initial contract negotiation. The
service contract should also provide access to the service provider’s information by an agency’s internal and
external auditors.
Note: If an agency is aware that several agencies are using the same outsourced service provider, it may initiate
discussions with those agencies and the provider to obtain a combined assurance report. However, such a report
must meet the individual assurance needs of each agency.
What are the options for obtaining assurance?
The following options for obtaining assurance may be considered:
Option 1:
Assurance from the outsourced service provider
This may be either:

A publicly available opinion on internal control (usually this is an opinion in accordance with
Australian Auditing Standards that is made available to all customers of the outsourced service
provider); or

An opinion or report specifically designed (i.e. letter of comfort) for the use of the agency. In these
instances, a tailored scope of work will typically be requested by the agency, but the work is
performed and report provided by the outsourced service provider’s internal or external auditors.
1
Australian Standard on Assurance Engagements ASAE 3402 Assurance Reports on Controls at a Service Organisation or
Auditing Standard AUS 810 Special purpose reports on the effectiveness of control procedures.
2
Option 2:
Assurance provided by an independent auditor
An agency may arrange for an independent auditor (i.e. the agency’s internal auditor or a third party)
to visit the outsourced service provider to obtain assurance.
In these instances, the agency will determine the scope of work and results will be reported in a format
the agency is familiar with.
It is strongly recommended that if using this option, the agency seeks the opinion of its internal and
external auditors to interpret the information received.
Factors that need to be considered in interpreting the results include, but are not necessarily limited to:

What type of opinion or report has been issued?
o Is there a reference to an auditing standard? If so, is there an expression of the level of
assurance provided and are there any limitations on scope referred to?

What period of time is covered by the opinion or report?
o Is this consistent with the period of interest to the agency?

What locations, specific business processes and/or transactions have been reviewed and reported
on?
o Do these cover the full scope of the agency’s activities or transactions provided by the
outsourced service provider? If not, are the activities or transactions not covered material or
significant to the agency?

What issues or concerns have been identified? What is their impact?

What resolution plans has the provider put in place?
Further information on managing outsourced financial services
The Financial Management Compliance Framework User Guide provides further information on outsourcing of
financial services. This can be accessed via the following link: (http://www.dtf.vic.gov.au/files/be8f6f19-9be94b07-bcfb-a26000b92759/FMCF-User-Guide.docx).
Agencies should also consider the Victorian Government Purchasing Board’s policies and guidance material and
any other standard procedures relevant to the agency.
You are free to re-use this work under a Creative Commons Attribution 3.0 Australia licence, on the condition that you credit
the State of Victoria as author. The licence does not apply to any images, photographs or branding.
2