Top 3 incredible claims about ABS Outsourcing debunked!

We had great conversations with Outsourcing organisations on their material outsourcing arrangements over the past year. Thought we share some of the incredulous claims made by service providers to Outsourcing organisations.

 

Incredible Claim No 1 РOur policies and procedures are robust and effective. Moreover we are compliant to ISO27001/COBIT/XXXX framework, therefore we do not need to be further audited.

Congratulations on obtaining ISO27001/COBIT/XXXX certification! The processes and procedures you’ve implemented will make obtaining the Outsourced Service Provider’s Audit Report (OSPAR) sign off much easier but your organisation will still have to obtain OSPAR sign off. OSPAR signoff has to be signed off by an appointed external auditor who:

Excerpt from ABS Outsourcing Guidelines (Criteria for Qualification External Auditor; 1st June 2017)

“a. must have audited at least 2 commercial banks operating in Singapore in the last 5 years; and
b. The engagement partner, who signs off the Audit Report, must have audited at least 2 commercial banks in Singapore in the last 5 years.”

 

Incredible Claim No 2 – Just audit us directly. There is no need to get the OSPAR signoff from an auditor.

That could probably be true prior to 1st June 2017. Service providers cannot be audited directly by the outsourcing organisation from 1st June 2017 onwards.

Excerpt from FAQ on ABS Outsourcing Guidelines (15th June 2017)

“OSPs are required and expected by the financial industry to engage an external auditor to perform its service control audit.”

 

Incredible Claim No 3 – Our HR onboarding policy require the screening applicant’s background. In fact, personnel screening service is provided by Interpol!

HR process guidelines in the ABS Outsourcing Guidelines require implementing candidate background screening procedures. Screening should include background checks to assess character, integrity and track record.

Interpol does provide access to their databases via the I-24/7 network which is accessible via each country’s National Crime Bureaus (law enforcement). However, these database access are not provided to service providers.

Or were your providers merely checking Interpol’s Wanted Persons list?

 

Dynafense’s experienced professionals has helped Outsourcing organisations to review and assess the processes and procedures operated by service providers in accordance to the requirements in the ABS Outsourcing Guidelines.

Contact us

Leave a Reply

Your email address will not be published. Required fields are marked *