PS 951 Ensuring Transparency and Accountability with PS 951

More and more companies are outsourcing specific supporting business processes to external service providers. Through PS 951, a comprehensive audit of these providers’ internal controls creates a high level of transparency and accountability. The standard helps organizations ensure that their partners meet appropriate requirements in terms of risk management and security.

Why PS 951?

PS 951 provides a reliable framework for assessing the effectiveness of internal controls, fostering transparency and strengthening the trust of all stakeholders. By applying this standard, organizations enhance their audit processes while demonstrating a clear commitment to the highest governance standards.
choose-icon

IT Service Providers

Comprehensive risk management and robust controls
choose-icon

Financial Service Providers

Risk management to ensure regulatory and financial compliance
choose-icon

Real Estate Management

Securing financial processes and implementing comprehensive safeguards

PS 951 Reporting and Assurance

A PS 951 audit evaluates both the design and the effectiveness of internal controls that impact financial reporting. An external auditor reviews the design of the controls (Type I) as well as their operational effectiveness over a defined period (Type II). The resulting audit report typically includes a control matrix that clearly outlines the risk management framework, control objectives, control activities, and the corresponding audit results.
ISAE 3402 vs ISO 27001
A PS 951 Type I report provides an external auditor’s assessment of the controls in place as of a specific date. The auditor evaluates whether these controls are appropriately designed to provide reasonable assurance of achieving financial reporting objectives and whether the controls actually exist.
A PS 951 Type II report evaluates not only whether controls are appropriately designed and in place but also whether they have been operating effectively over a defined period. In practice, this means the external auditor conducts a thorough review of the service organization’s internal controls and verifies that all controls have been implemented and are functioning effectively in accordance with established processes and procedures.

How to Obtain a PS 951 Report

right-dot

1.Understand the Requirements

Gain a thorough understanding of the PS 951 criteria and assess how they apply to your organization and your clients.

2. Preparing for the Audit

Select an independent auditor and define the scope of the audit, including the key processes and controls to be covered.
left-dot
right-dot

3. Documentation and Analysis

Document your existing controls and develop a risk control matrix; then perform a gap analysis to identify potential weaknesses.

4. Internal Reviews

Carry out internal control testing and update your documentation based on the results of these tests.
right-dot
right-dot

5. Execution of the External Audit

Prepare all required documentation for the external auditor and provide access to relevant processes and supporting materials.

6. Analyze Results and Drive Improvements

Review the auditor’s report, assess the findings, and implement the recommended actions to continuously improve your processes and controls.
right-dot

Why It Makes Sense to Register a PS 951 Report

Organizations across all industries regularly consult the register. By registering your report, you demonstrate compliance with the PS 951 requirements and establish your reputation as a trusted service provider.
Submit Your Report Today

Frequently Asked Questions

PS 951 is not a certification but an audit report that confirms your outsourced processes are managed in a way that ensures reliable and accurate financial reporting.
IT processes and other operational activities are increasingly being outsourced to service providers. When data is handled by external vendors, the requirements for information security and oversight of these processes become more demanding. Many organizations focus on their core business and outsource supporting functions to third parties. Because these dependencies can affect the level of trust between companies and their service providers, there is a growing need for effective control mechanisms to ensure that outsourced processes are secure and reliable. A PS 951 report provides clients with the assurance that appropriate controls are in place and that the service organization meets the necessary standards for security and risk management.
A PS 951 report is reviewed by an independent auditor and must be prepared in accordance with the applicable auditing standards. Having staff with prior audit experience can make the preparation process significantly smoother. In addition, specialized service providers can assist in compiling the report and managing the audit process to ensure that all requirements for controls and documentation are fully met.
If certain processes within your organization have a significant impact on the service provider’s financial statements, obtaining a PS 951 report is appropriate. Companies operating under the supervision of regulatory bodies—such as the FSA—must also be able to demonstrate that outsourced processes are effectively managed. A PS 951 report provides this assurance by confirming that internal controls are properly implemented and operating effectively.
PS 951 is an internationally recognized standard for overseeing outsourced processes. In both national and international tenders, a PS 951 report is often requested as evidence that key control standards are being met. In addition, implementing PS 951 helps organizations structure and formalize their internal workflows, improving overall efficiency and enhancing transparency throughout the business.