This article is part of a comprehensive series exploring IPE. You can download the complete whitepaper here.
What is information produced by entity?
Sarbanes Oxley (SOX) is no stranger to the ebbs and flows of accounting trends. Every year, the Public Company Accounting Oversight Board (PCAOB) reviews a sample of audits for compliance. One of the constant themes is that firms are struggling with identifying and documenting the completeness and accuracy of IPE or Information Produced by the Entity. To help you avoid this challenge, let’s define IPE, including its main categories and essential testing methodologies.
So, what is IPE?
The PCAOB defines IPE as all the information, whether obtained from audit procedures or other sources, that is used by the auditor in arriving at the conclusions on which the auditor’s opinion is based. Audit evidence consists of both information that supports and corroborates management’s assertions regarding the financial statements or internal control over financial reporting and information that contradicts such assertions.
When conducting an audit in accordance with Internal Controls over Financial Reporting (ICFR), auditors typically break IPE into two groups: Key Reports and Populations. Key reports are classified as any data used by management in the performance of a control whereas populations are data obtained by auditors to select a sample of transactions to verify management’s process.
Regardless of which type of IPE is present, the auditor has an obligation to document the procedures performed to gain comfort over the completeness and accuracy of the data which is discussed in the Differentiating Populations and Key Reports article.
What Does Completeness and Accuracy Mean?
When evaluating the completeness and accuracy of IPE, the PCAOB states that when using information produced by the company as audit evidence, the auditor should evaluate whether the information is sufficient and appropriate for purposes of the audit by performing procedures to test the accuracy and completeness of the information, or test the controls over the accuracy and completeness of that information; and evaluate whether the information is sufficiently precise and detailed for purposes of the audit.
Simply put, when evaluating the IPE used in a control, the auditor must document the methods and rational for how they obtained comfort over the accuracy (individual line items) and completeness (report totals). When determining the audit procedures required to validate the completeness and accuracy of the data, each audit firm will have their own guidance depicting the required procedures, but it will also vary based upon the IPE report type. It is important to align testing plans with your external audit partner as you develop your IPE approach.
Related Articles
- IPE 101 – Differentiating Populations and Key Reports
- IPE 101 – Assessing Management IPE Controls and Report Risks
About Schneider Downs Risk Advisory
Our team of experienced risk advisory professionals focus on collaborating with your organization to identify and effectively mitigate risks. Our goal is to understand not only the risks related to potential loss to the organization, but to drive solutions that add value to your organization and advise on opportunities to ensure minimal disruption to your business.
Explore our full Risk Advisory Service offerings or contact the team at [email protected]
