Internal Audit

Best Practices for IPE Audits and Controls [2021 Updated]

Art Turrubiartes |
Best Practices for IPE Audits and Controls [2021 Updated]

The PCAOB’s requirements regarding IPE and Electronic Audit Evidence have impacted the requisite workload for controls testing. The question for CAEs is: what do these new requirements mean for their company, and how can Internal Audit manage it?

Read below for our article discussing the pain points of managing IPE audits, developing IPE controls and best practices for staying compliant. Learn more by downloading your free copy of AuditBoard’s IPE Best Practices guide.

What Is an IPE Audit and Why Must We Address It?

Information provided by the entity (IPE) is any information that is produced by the company and provided as audit evidence, whether it be for your controls testing or substantive procedures performed by external audit. In some environments, this is also referred to as electronic audit evidence (EAE) or key reports/spreadsheets.

Why Are ITGCs Not Enough?

In some cases, they can be. Ultimately, it depends on how comfortable auditors are with the accuracy and completeness of IPE in a particular company. Most companies still rely on spreadsheets to some extent and reports coming out of systems can be modified by the end user.

Thus, there is still a risk that the information could be misreported based on human error or fraud. In these cases, auditors will still require there to be some additional procedures around completeness and accuracy of reports/spreadsheets.

How Do We Manage IPE in Our Environment?

A good starting point is to identify all reports and spreadsheets currently being used by business owners for your existing SOX controls. This should give you a good starting population of all your IPE. From here, you should identify any other key financial documents that your company is generating which are critical to financial statements, either directly or indirectly.

Once you have a population, there are several approaches Internal Audit teams can take to manage IPE risk, including:

  1. Locking up your IT environment.
  2. Enhancing existing business process controls.
  3. Maintaining a separate category of “IPE” controls.
  4. Automating IPE control management. 

Learn More about IPE Audits and Controls

Want to learn more about IPE audits and controls? Download our free guide on IPE Best Practices below.

Fill out the form below to get your free copy of IPE Best Practices, updated for 2021.

IPE Best Practices
Art Turrubiartes

Art Turrubiartes, CPA, is the Senior Manager of Product Solutions at AuditBoard. Before joining AuditBoard, Art was a Risk consultant at EY, and has 5 years of internal audit experience within the Technology and Media & Entertainment sectors. Art’s focus at AuditBoard is to help internal audit teams drive efficiency in their programs and ultimately provide the best product solutions to clients.

You Might Like

Learn how AuditBoard's integrated suite of easy-to-use software (audit management software, SOX compliance software, risk management software, audit workflow software, and compliance management software) can empower your team.