If a telco has more than 99,999 ‘services in operation’, it needs to appoint an ‘External Qualified Assessor’ to provide a ‘Statement of Independent Assessment’ that must be lodged with its ‘First Compliance Attestation’ no later than 1 April 2013.
We’ve prepared an FAQ to deal with issues that may arise in satisfying the ‘Independent Assessment’ requirement.
Which telcos must appoint an ‘External Qualified Assessor’?
The requirement applies to any ‘Large Supplier’, defined as ‘a Supplier with 100,000 services or more in operation’.
Does that mean 100,000 customers?
‘Service’ is not a defined term under the TCP Code, so we must assume it has its normal meaning. If that’s right, a single customer with a mobile phone, home landline and DSL counts as three services (even if they are supplied under a contracted bundle).
That means that a supplier with 90,000, or 80,000, or maybe even 60,000 might qualify as a ‘Large Supplier’ if enough customers have multiple services. A B2B telco with 25,000 or 35,000 customers with an average 3 to 5 services each could also qualify as a Large Supplier.
On the streets, we have heard quite a few people misquote the TCP Code as defining a Large Supplier as having 100,000+ customers. That’s almost certainly wrong.
Who can be appointed as ‘External Qualified Assessor’?
There are five criteria for a valid appointment.
- The External Qualified Assessor must be external to, and independent of, the supplier.
- They must not be ‘with the supplier’s Immediate Circle’. (This includes a typo. It means to say ‘within the supplier’s Immediate Circle’. We’ll explain the ‘Immediate Circle’ in a moment.)
- The telco must consider that the External Qualified Assessor has suitable qualifications to assess that the telco’s Compliance Plan has been prepared in accordance with principles and guidance outlined in the Australian Standard on Compliance Programs. (This is a tricky issue. Again, we’ll explain below.)
- The External Qualified Assessor must be a member of a professional organisation such as a professional auditing body or the Australian Compliance Institute. (Another typo. The body is actually called the Australasian Compliance Institute.)
- The telco must have contracted with the External Qualified Assessor for them to perform that role.
What does the ‘Immediate Circle’ restriction mean?
It’s a reference to a term that’s defined by section 23 of the Telecommunications Act 1997.
If a telco is a company, its ‘Immediate Circle’ consists of:
- any of its directors or other officers
- any related body corporate (within the meaning of section 50 of the Corporations Act 2001)
- any director or other officer of a related body corporate.
None of these are eligible to be appointed as the telco’s External Qualified Assessor.
What does the External Qualified Assessor have to certify?
There’s a big ‘gotcha’ here. In effect, the TCP Code addresses the question three times. Twice, it gives the same answer. The third time, it gives a significantly different answer.
The first answer
We’ve already seen the first reference to what needs to be certified. It is one of the five appointment qualifications listed above:
to assess that the telco’s Compliance Plan has been prepared in accordance with principles and guidance outlined in the Australian Standard on Compliance Programs.
That may be a relatively simple exercise: to look at the Compliance Plan, and judge whether it is consistent with the Australian Standard. (However, as we have explained in another article, it isn’t really clear what the TCP Code means on this topic.)
The second answer
In clause 9.4.1, the TCP Code requires that:
[a] Statement of Independent Assessment must state that an External Qualified Assessor has determined that the Supplier’s documented Compliance Plan has been prepared in a manner consistent with the principles and guidance provided in the Australian Standard on Compliance Programs …
That’s the same as the first answer. So far, so good.
The third answer
The TCP Code requires that a Large Supplier files a Statement of Independent Assessment, and it defines what it actually is:
a written statement by an External Qualified Assessor engaged by a Supplier confirming that the Supplier’s Compliance Plan has been prepared in accordance with the principles and guidance outlined in the Australian Standard on Compliance Programs, and that the External Qualified Assessor has determined that the implementation of the Compliance Plan by the Supplier will provide appropriate assurance on Code compliance.
The highlighted words are a significantly different and more onerous certification for an External Qualified Assessor to give. “This company’s Compliance Plan has been prepared in accordance with the Australian Standard and, if it is implemented, provides appropriate assurance that the company will comply with the TCP Code.’
It isn’t clear how this additional requirement came to be ‘stuck on’ to the definition, but it is clear that a certificate that doesn’t confirm that the External Qualified Assessor has determined that the implementation of the Compliance Plan by the Supplier will provide appropriate assurance on Code compliance is not a valid ‘Statement of Independent Assessment’.
How does a telco engage with an External Qualified Assessor?
It can be a problem to locate one right now. There are plenty of compliance auditors around but how many have the slightest familiarity with the TCP Code?
Faced with an obligation to certify that a particular Compliance Plan is adequate, if implemented, to provide appropriate assurance on Code compliance, potential assessors need to be very clear about the nature and extent of their engagement.
Telcos that may need an External Qualified Assessor should be approaching candidates as soon as possible. Ask yourself: If our regular financial auditors aren’t comfortable about an engagement for a specialist assessment and certification under the TCP Code, who would we approach?
Where can an External Qualified Assessor get legal background and support?
Cooper Mills Lawyers offers legal support for potential External Qualified Assessors, including:
- TCP Code orientation sessions
- expert compliance checklists
- custom legal opinion.