top of page

Authorised Push Payment Regulatory Audits as a Service (APP RAaaS) External Auditor Brief

External Auditor Process:

 

​​​​1)  Arrange the external interview call with the audit client and send relevant invites

​

2)  Review the CRM file on vTiger including website, social media, glass door reviews, trust pilot reviews, FCA register, Co House,                  annual financial reports and people and governance using LinkedIn​

 

3)  Review the submitted app insurance application form in Sharepoint and associated attachments (if applicable - please make note on audit paper if not)​

​

4)  Review the submitted policies and documents in Sharepoint and highlight any missing documents and policies on the policy and document checklist (also in client folder in Sharepoint)​

​

5)  Review the heatmap for APP controls

​

6)  Review how the app fraud compared with the PSR latest app fraud report

​

7)  Review the scores and submitted comments from the APP participants on the Deep Fathom pinpoint system ​

​

8)  Compile a list of questions (example format) for the audit lead and submit to audit lead prior to call​

​

9)  Conduct the interview with the client audit lead (INSERT NAME AND DETAILS)​

​

10) Complete the RAaaS external audit document and policy review adding comments where necessary (INSERT EA RVISTA LINK)​

​

11) Complete the RAaaS external audit report adding comments where necessary (INSERT EA RVISTA LINK)​

​

12) Complete written external auditor report to include:

  • Any mandatory requirements before APP insurance can be granted 

  • Points that require investigation and clarification (especially intended improvements and/or project plan to improve APP)

  • Suggested follow up items to be checked within (1 month, 3 months, 6 months)

 

13) Submit written external auditor report to Deep Fathom ​

​

14) Independent QA review of final report (reviewed by a Green Swan Compliance oversight partner) ​

​

15) Confirm approval to GSC team who will password protect the final report and issue to Elmore and client

​​

Useful links:

Maturity index key and heatmap examples 

RAaaS external audit statements and responses

​​​

bottom of page