Armanino Blog
Article

Could Your Software Company Benefit from a Model Validation Review?

May 22, 2017

Updated February 02, 2022

As we have all experienced, there has been a significant increase in the proliferation of cloud-based software applications in both our personal and business lives. From payroll processors to time and expense apps, cloud-based and other application options are widely available to help business consumers meet their needs.

The increase in available software options has led software companies to look for ways to differentiate themselves from their competition. An increasingly popular differentiator is to obtain a system and organization controls (SOC) report. This important report addresses the internal control environment of the software companies to help ensure the application’s stability and security. Typically, the scope of these reports addresses general IT control procedures. However, it does not include procedures to help ensure that the application is functioning as expected.

To help confirm that an application is operating as expected, more companies are requesting an independent third party to perform model validation reviews. This review report can be a positive reaffirmation that the functionality of the application has been validated. These reviews are particularly popular for software companies serving the banking industry as banking regulators require banks to have an independent party verify the functionality and configuration of software applications used to identify fraud-related transactions.

Key steps in a model validation review project include:

  • Defining scope — Understanding how the application is used by customers and the functionality on which these customers rely. This step involves defining the scenarios under which the application operates and is critical to ensuring that the report will ultimately meet each customer’s requirements.
  • System interface review — Understanding how the application interfaces with the customer’s applications to receive or transmit information. This step involves reviewing automated and manual controls around the transfer of data and helps ensure that the information is transferred completely and accurately.
  • Logic review — Understanding how the logic in the application functions at a basic level to help ensure its consistency with the expected automated procedures.
  • Operational review — Understanding how the application processes transactions to help ensure that the procedures performed are consistent with expectations. This step usually involves testing a sample of transactions through the application.

These review procedures are performed under the guidelines of the Standards for Consulting Services Standard No. 1 of the American Institute of Certified Public Accountants.

Upon completion of this project, a firm would issue a report to management that includes a detail of the review procedures performed (with the level of detail defined by management) and the results of those procedures. The report should be written in a manner so that customers can fully understand how the procedures performed relate to the elements of the application that they see when operating it daily. The overall outcome is expected to provide these customers with a comfort level that the application is operating as intended as determined by an independent party.

If you believe that your company could benefit from a model validation review, contact our experts.

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Resources
Related News & Insights
SOX Internal Control Crypto
Webinar
Knowing when to implement or improve a process can help your organization save countless resources.

June 9, 2022 | 11:00 AM - 12:00 PM PT
Top Risks Organizations Will Face in 2022
Webinar
Understand ESG, data privacy and other key risk areas and how to avoid them.

March 29, 2022 | 11:00 AM - 12:00 PM PT
Impact of the California Privacy Rights Act on Your Organization
Webinar
How will the California Privacy Rights Act (CPRA) affect your organization and the way it uses artificial intelligence?

February 23, 2022 | 10:00 AM - 11:00 AM PT