The PCAOB’s requirements regarding IPE and Electronic Audit Evidence have impacted the requisite workload for controls testing. The question for CAEs is: what do these new requirements mean for their company, and how can Internal Audit manage it?
Read below for our article discussing the pain points of managing IPE audits, developing IPE controls and best practices for staying compliant. Learn more by downloading your free copy of AuditBoard’s IPE Best Practices guide.
What Is an IPE Audit and Why Must We Address It?
Information provided by the entity (IPE) is any information that is produced by the company and provided as audit evidence, whether it be for your controls testing or substantive procedures performed by external audit. In some environments, this is also referred to as electronic audit evidence (EAE) or key reports/spreadsheets.
Why Are ITGCs Not Enough?
In some cases, they can be. Ultimately, it depends on how comfortable auditors are with the accuracy and completeness of IPE in a particular company. Most companies still rely on spreadsheets to some extent and reports coming out of systems can be modified by the end user.
Thus, there is still a risk that the information could be misreported based on human error or fraud. In these cases, auditors will still require there to be some additional procedures around completeness and accuracy of reports/spreadsheets.
How Do We Manage IPE in Our Environment?
A good starting point is to identify all reports and spreadsheets currently being used by business owners for your existing SOX controls. This should give you a good starting population of all your IPE. From here, you should identify any other key financial documents that your company is generating which are critical to financial statements, either directly or indirectly.
Once you have a population, there are several approaches Internal Audit teams can take to manage IPE risk, including:
- Locking up your IT environment.
- Enhancing existing business process controls.
- Maintaining a separate category of “IPE” controls.
- Automating IPE control management.
Learn More about IPE Audits and Controls
Want to learn more about IPE audits and controls? Download our free guide on IPE Best Practices below.