Are you experiencing challenges in your ‘IPE’ (“Information Produced by the Entity”) approach and are you confident that your data supports all your key controls for Sarbanes-Oxley (SOX) compliance?
What is IPE procedure?
IPE is any information that is produced internally by a company being audited and provided as audit evidence, whether for use in the execution of internal controls or for substantive audit procedures performed by an external auditor.
Is IPE a bank statement?
IPE used in the performance of controls is, by definition, internal information. Therefore, external information used as audit evidence (e.g., bank statements, industry pricing data and other sources of information used in the performance of controls) is not subject to the requirements of paragraph 9 of CAS 500.
What is IPE source data?
– Source Data: The information from which the IPE is created. This may include data maintained in the IT system (e.g., within an application system or database) or external to the system (e.g., data maintained in an Excel spreadsheet or manually maintained), which may or may not be subject to general IT controls.
Is invoice an IPE?
Therefore, payroll data changes are IPE from transaction processes. A vendor invoice No According to ISACA (2015), vendor invoices are not IPE because they are generated from a third party and are not a part of the organizations internal control.
What is Scot in audit?
2) SCOTs (Significant classes of transactions) a. Staff performs walkthrough, an evaluation of each step in the critical path for WCGW (what can go wrong) 3) Team planning events. 4) Walkthrough with internal audits.
What is key report testing?
Report testing is the process of assessing accuracy and completeness of key reports: • Accuracy is a precise representation of source documentation on the report (i.e., items that. appear on the report can be traced back to source documentation and confirmed). Page 2.
How do I find my IPE?
Characteristics – Authentic IPE wood is brown, with small variations that add character to it. In some cases, you should be able to find a few boards in a darker shade of brown that are almost black. Some are red, and some may be greenish. In any case, the texture should be very fine, with a lovely graining pattern.
What is the SOX compliance?
A SOX compliance audit is a mandated yearly assessment of how well your company is managing its internal controls and the results are made available to shareholders. The primary purpose of a SOX compliance audit is to verify the company’s financial statements, however, cybersecurity is increasingly important.
What is the difference between IPE and PBC?
PBC usually refers to requests made to the client by the external or internal auditors (for example you would request population file, support for testing, support for walkthrough etc). IPE is a general term for information produced by entity meaning anything that the client creates.
