IPE Assessment Best Practices

Information Provided by the Entity (IPE) represents all information used by an auditor in arriving at the conclusions on which the audit opinion is based, whether for testing internal controls or performing substantive procedures.  When using IPE as audit evidence, the auditor must evaluate whether it is sufficient and appropriate for the purposes of the audit, which is accomplished by performing procedures to test the accuracy and completeness of the information or by testing the controls over the accuracy and completeness of that information.

Most companies still rely heavily on various spreadsheets, system uploads and manual updates in their day-to-day operations.  These procedures create numerous opportunities for information to be misreported due to error or possible fraud.  Although financial systems and other technologies continue to advance, companies – as well as auditors – must continuously assess the risks related to the information generated from these applications (i.e., key reports).

When assessing IPE, pertinent risks to be addressed include:

  • Data processed by the application (source data where IPE is produced) is not complete or accurate
  • Data extracted from the application (defined parameters or range to execute and obtain IPE results) is not complete or accurate
  • Computations or classifications performed (creation of IPE) from the application are inaccurate
  • Data output from the application to the end-reporting tool is modified or lost (exporting issues) in the transfer
  • Information added or changed (manual updates), including computations and classifications using the end-reporting tool, is incomplete, inaccurate or inappropriate

To address risks related to IPE, assessment questions should be covered in detail:

  • Which reports, spreadsheets and other key sources of information are used?
  • From what underlying data are these reports pulling?
  • How does the process owner verify that information contained within the report is extracted as intended?
  • How does the process owner verify that calculations performed by or classifications assigned by the system are accurate?
  • How does the process owner ensure that data exported is complete and accurate?
  • How does the process owner ensure the integrity of any modifications made to the exported data?
  • Can this process be automated to reduce the overall risk?
  • Can an RPA be developed for this process to increase efficiency?

Risks can be mitigated through automation, ITGC testing and SOC report reliance, while others require thorough documentation of an overall assessment of IPE.  Verifying the accuracy and completeness of this information is crucial, as it is relied on for the performance of daily tasks and controls.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Benefits of a Trusted Co-Source Audit Partner During the Great Resignation
United States Deals with Baby Formula Shortage
Business Continuity and Disaster Recovery Planning
What Should a Service Organization Consider When Determining Its SOC Report Testing Period?
Benefits of a Contract Lifecycle Management System
Changes in Athletics with the New NCAA Constitution Approval
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.