What have we learnt upon completion of an AAF 01/20 report?
The AAF 01/20 replaced the well-established AAF 01/06 and became effective for periods beginning on or after 1 July 2020.
The concept of producing an AAF 01/20 report remains consistent however control objectives have been updated to place more reliance on IT controls and the specifics and the aim is to achieve a higher standard of controls assurance whilst putting a greater essence of reporting on management.
With the increase of pension scams and malicious attacks we are required to ensure there are internal controls in place to protect systems and mitigate risks arising.
Key changes we will request from you:
- Requirement to highlight any significant changes to processes during the period within the Management Statement
- Supporting documentation to be provided in relation to your Management Statement
Key changes you should expect to see from us:
- For sub-service organisations discuss and confirm whether we will be performing a ‘carve-out’ method or ‘inclusive’ method.
- Changes to our Service Auditor report to reflect updates in the AAF 01/20
We have found that the AAF 01/06 outlined a control objective relating to the annual report and accounts produced by pension administrators. This has become an illustrative control objective within the AAF 01/20 and is optional dependent on the Service Organisation. This is an area we would discuss with you at the planning stage to develop and highlight whether it would be beneficial to be included for prospective clients.
- Review and update your control activities to reflect the revised control objectives