Could Your Software Company Benefit from a Model Validation Review?

Updated February 2, 2022

As we have all experienced, there has been a significant increase in the proliferation of cloud-based software applications in both our personal and business lives. From payroll processors to time and expense apps, cloud-based and other application options are widely available to help business consumers meet their needs.

The increase in available software options has led software companies to look for ways to differentiate themselves from their competition. An increasingly popular differentiator is to obtain a system and organization controls (SOC) report. This important report addresses the internal control environment of the software companies to help ensure the application’s stability and security. Typically, the scope of these reports addresses general IT control procedures. However, it does not include procedures to help ensure that the application is functioning as expected.

To help confirm that an application is operating as expected, more companies are requesting an independent third party to perform model validation reviews. This review report can be a positive reaffirmation that the functionality of the application has been validated. These reviews are particularly popular for software companies serving the banking industry as banking regulators require banks to have an independent party verify the functionality and configuration of software applications used to identify fraud-related transactions.

Key steps in a model validation review project include:

• Defining scope – Understanding how the application is used by customers and the functionality on which these customers rely. This step involves defining the scenarios under which the application operates and is critical to ensuring that the report will ultimately meet each customer’s requirements.
• System interface review – Understanding how the application interfaces with the customer’s applications to receive or transmit information. This step involves reviewing automated and manual controls around the transfer of data and helps ensure that the information is transferred completely and accurately.
• Logic review – Understanding how the logic in the application functions at a basic level to help ensure its consistency with the expected automated procedures.
• Operational review – Understanding how the application processes transactions to help ensure that the procedures performed are consistent with expectations. This step usually involves testing a sample of transactions through the application.

These review procedures are performed under the guidelines of the Standards for Consulting Services Standard No. 1 of the American Institute of Certified Public Accountants.

Upon completion of this project, a firm would issue a report to management that includes a detail of the review procedures performed (with the level of detail defined by management) and the results of those procedures. The report should be written in a manner so that customers can fully understand how the procedures performed relate to the elements of the application that they see when operating it daily. The overall outcome is expected to provide these customers with a comfort level that the application is operating as intended as determined by an independent party.

Reassure Your Clients and Validate Your Application

From small errors in logic to mismatches with a client’s system interface, there are many things that can prevent your software application from functioning as expected. A model validation review can help you — and potential clients — verify and feel confident about your product’s functionality and configuration. Contact our System and Organization Controls (SOC) experts to find out more about independent model validation and how to achieve a quality review report.