Information Provided by the Entity (IPE) represents all information used by an auditor in arriving at the conclusions on which the audit opinion is based, whether for testing internal controls or performing substantive procedures. 当使用IPE作为审计证据时, the auditor must evaluate whether it is sufficient and appropriate for the purposes of the audit, which is accomplished by performing procedures to test the accuracy and completeness of the information or by testing the controls over the accuracy and completeness of that information.
大多数公司仍然严重依赖各种电子表格, system uploads and manual updates in their day-to-day operations. These procedures create numerous opportunities for information to be misreported due to error or possible fraud. Although financial systems and other technologies continue to advance, companies – as well as auditors – must continuously assess the risks related to the information generated from these applications (i.e.,主要报告).
When assessing IPE, pertinent risks to be addressed include:
- Data processed by the application (source data where IPE is produced) is not complete or accurate
- Data extracted from the application (defined parameters or range to execute and obtain IPE results) is not complete or accurate
- Computations or classifications performed (creation of IPE) from the application are inaccurate
- Data output from the application to the end-reporting tool is modified or lost (exporting issues) in the transfer
- 添加或更改的信息(手动更新), including computations and classifications using the end-reporting tool, 是不完整的, 不准确的或不恰当的
To address risks related to IPE, assessment questions should be covered in detail:
- Which reports, spreadsheets and other key sources of information are used?
- 这些报告是从哪些基础数据中提取的?
- How does the process owner verify that information contained within the report is extracted as intended?
- How does the process owner verify that calculations performed by or classifications assigned by the system are accurate?
- How does the process owner ensure that data exported is complete and accurate?
- How does the process owner ensure the integrity of any modifications made to the exported data?
- 这个过程可以自动化以降低整体风险吗?
- Can an RPA be developed for this process to increase efficiency?
通过自动化可以降低风险, ITGC测试和SOC报告的可靠性, while others require thorough documentation of an overall assessment of IPE. Verifying the accuracy and completeness of this information is crucial, as it is relied on for the performance of daily tasks and controls.