Armanino Blog
Could Your Software Company Benefit from a Model Validation Review?
May 22, 2017

Updated February 02, 2022

As we have all experienced, there has been a significant increase in the proliferation of cloud-based software applications in both our personal and business lives. From payroll processors to time and expense apps, cloud-based and other application options are widely available to help business consumers meet their needs.

The increase in available software options has led software companies to look for ways to differentiate themselves from their competition. An increasingly popular differentiator is to obtain a system and organization controls (SOC) report. This important report addresses the internal control environment of the software companies to help ensure the application’s stability and security. Typically, the scope of these reports addresses general IT control procedures. However, it does not include procedures to help ensure that the application is functioning as expected.

To help confirm that an application is operating as expected, more companies are requesting an independent third party to perform model validation reviews. This review report can be a positive reaffirmation that the functionality of the application has been validated. These reviews are particularly popular for software companies serving the banking industry as banking regulators require banks to have an independent party verify the functionality and configuration of software applications used to identify fraud-related transactions.

Key steps in a model validation review project include:

  • Defining scope — Understanding how the application is used by customers and the functionality on which these customers rely. This step involves defining the scenarios under which the application operates and is critical to ensuring that the report will ultimately meet each customer’s requirements.
  • System interface review — Understanding how the application interfaces with the customer’s applications to receive or transmit information. This step involves reviewing automated and manual controls around the transfer of data and helps ensure that the information is transferred completely and accurately.
  • Logic review — Understanding how the logic in the application functions at a basic level to help ensure its consistency with the expected automated procedures.
  • Operational review — Understanding how the application processes transactions to help ensure that the procedures performed are consistent with expectations. This step usually involves testing a sample of transactions through the application.

These review procedures are performed under the guidelines of the Standards for Consulting Services Standard No. 1 of the American Institute of Certified Public Accountants.

Upon completion of this project, a firm would issue a report to management that includes a detail of the review procedures performed (with the level of detail defined by management) and the results of those procedures. The report should be written in a manner so that customers can fully understand how the procedures performed relate to the elements of the application that they see when operating it daily. The overall outcome is expected to provide these customers with a comfort level that the application is operating as intended as determined by an independent party.

If you believe that your company could benefit from a model validation review, contact our experts.

Stay In Touch

Sign up to stay up-to-date with the latest accounting regulations, best practices, industry news and technology insights to run your business.

Related News & Insights
Penetration Testing: What It Is, Why It’s Important and How It Can Benefit Your Business
Do you know where your cybersecurity blind spots are? A pen test can help you find out.

March 20, 2023
Lessons Learned From SVB: Update Your Investment Management Policy to Mitigate Risk
Take proactive steps to strengthen your investment management policy and ensure your company’s long-term stability.

March 20, 2023
Insurer Validates and Optimizes HR System Changes Through Benefit Audit
Case Study
Learn how audit services helped an insurer validate their current system processes and uncover fixes to minimize risk.

February 16, 2023