Perhaps your practice has more work to do than staff to do it. Or you’re investigating ways to trim your costs. Either way, outsourcing is likely to be on your radar.

Outsourcing means assigning work to an external service provider – an entity that provides services set out in an outsourcing agreement with you.  

Outsourced service providers often market themselves as being able to provide seamless, professional and trustworthy solutions that free up time for you and your team. This can come at a relatively low cost, as the work is often undertaken offshore in India or the Philippines.  

It’s critical to know that, if you’re in public practice, you’re still responsible for the work an outsource provider does for you. In Australia APES GN 30 Outsourced Services, revised September 2023, sets out your obligations. It includes useful guidance on how to uphold your professional, ethical and legal obligations when you provide or use outsourced services.  

So before you outsource, ask yourself these seven questions:   

1. Have you done due diligence on the provider?

Before engaging the provider and sharing any confidential information, first work out if the outsourced service provider has the required professional competence, skills, capacity, policies and procedures to do the work and manage the associated risks. This includes evaluating the provider’s controls to safeguard information and prevent unauthorised access, and the systems they’ve implemented so they consistently provide quality service. 

2. Are your clients comfortable with outsourcing, especially if it’s offshore? 

If you plan to use an outsourced service provider for a client, including IT applications, make sure you communicate and include information about the outsourced services in your client engagement documents. APES 305 Terms of Engagement specifically outlines the need to communicate and document the geographical location, nature and extent of the outsourced services.  

3. Have you obtained consent? 

Client consent is paramount. Obtain consent in written form from your client such as in a signed engagement letter that sets out the outsourced service

4. Can you meet your obligations to professional competence and due care? 

If you use an outsourced service provider, you retain primary responsibility for the delivery of the professional services as set out in your Terms of Engagement with your client. This includes compliance with the ethical requirements of APES 110, The Code of Ethics and applicable Professional Standards.

Consider how much work you’ll need to undertake – you may need to train the outsource service provider’s staff to deliver work to the standard you require, which can take a lot of your time and effort. You may find yourself developing extensive procedure manuals or training videos for the provider’s staff to follow. 

Consider whether monitoring, review time and subsequent re-work outweigh the benefits.

5. How will you manage the risks? 

It’s your responsibility to closely manage the risk of something going wrong due to the outsourcing arrangement. Key risk areas include how the provider communicates with you, how your clients’ confidentiality will be safeguarded and how the quality of the work will be monitored. This includes how the work will be reviewed and any errors corrected.

Also consider your current contractual arrangements and if existing contracts could affect an outsourcing agreement. Check whether your PI insurance policy will be affected by the arrangement.   

6. What are the terms of the outsourcing agreement? 

Carefully examine the outsourcing agreement with the service provider including:  

• the duration, start date, minimum and maximum terms and termination provisions 
• the description of the type and scope of services provided 
• the descriptions of how the service will be performed 
• the initial transition process including actions and responsibilities  
• ongoing management of confidentiality, privacy and information security 
• the process for monitoring and reviewing performance  
• whether the length of time that the outsourced service provider retains files for is sufficient to meet your needs and relevant regulation 
• your accessibility to the outsourced service provider’s files  
• ownership of documents and records 
• penalties for poor performance by the provider. 

7. What information are you passing on? 

Consider the risk of passing information to the outsourced service provider. Is it being transmitted securely both ways? How is the provider storing this information? Are you permitted to pass this information to third parties? You’ll need to decide how you will manage information security and your ethical and legal obligation around privacy and confidentiality of client data. 

What if I want to provide outsourced services? 

Perhaps you see an opportunity to provide outsourced services to other accountants or organisations. If so, think through how you’ll manage your risks, including: 

• how you’ll comply with regulatory frameworks  
• your communication protocols, including how you’ll report to your client 
• how you’ll maintain client and third-party confidentiality 
• how you’ll review the quality of work. 

Make sure you document and communicate your Terms of Engagement and review your professional indemnity insurance policy to check whether you have adequate coverage to expand into outsourced service provision.  

What about cloud computing?  

Cloud computing, including IT applications and services, entrusts a remote third party with client data through networks, servers, data storage, databases, software and applications. If you plan to use cloud computing, first ask your clients if they’ll agree to this. 

Whether or not your use of cloud computing is considered an outsourced service, you should still follow the guidance in APES 305. This means disclosing details about the cloud computing provider to your clients, its geographical location and where your client’s confidential information will be stored. 

GN 30 also contains 14 outsourcing and cloud computing example scenarios to help you learn more. 

Wrapping up, you’ll also need to assess whether outsourcing makes good business sense. Also ensure you get legal advice when entering into a significant commercial contract, such as for outsourced services.   

Where to go for more information 

Do you have any further questions or need practical guidance on a complex professional issue? CA ANZ members can speak directly to an experienced member of the Professional Standards and Ethics Advisory team.  

Call the CA ANZ Professional Standards and Ethics Advisory Team on 1300 137 322 (Australia) or 0800 4 69422 (NZ) or email us at [email protected].