Whether you work in a public company setting or your organization is considering the public company route, you may have been asked: “How do you get comfortable with the completeness and accuracy of this report?”
The adage of Sarbanes-Oxley (SOX) compliance as a ‘checking the box’ exercise has gone by the wayside. In recent years, the Public Company Accounting Oversight Board (PCAOB) has put greater emphasis on the following:
- How organizations gain comfort over the completeness and accuracy of information used for financial reporting.
- How to perform internal controls, often called IPE (Information Produced by Entity).
And it’s not just reports; the concept of IPE can include everything from standard reports to queries generated using business intelligence software to complex spreadsheets and end user-maintained data.
Additionally, we have seen another common issue: organizations often need help recognizing the required data the accompanying IPE applies to. The answer is quite simple.
IPE requirements apply to any information used in financial reporting and to perform key controls. With that said, how an organization implements controls to address the IPE requirements can be complex.
Plan For IPE Completeness and Accuracy Requirements
Begin by identifying all relevant items which require consideration of completeness and accuracy. This will help tailor your plan to your business needs.
Other core steps should include:
- Inventory of key data elements that support internal controls (including reports, queries, statements from 3rd parties, complex spreadsheets/models, etc.).
- Performing discovery to understand the source of the data, how it is generated, and what manipulation may occur before being utilized for performing key controls.
- Baselining and benchmarking procedures for applicable reports.
- Establishing end-user computing controls to address data input and function out of complex spreadsheets.
The specific techniques used to support completeness and accuracy may vary based on the source and type of key data.
For help with developing your internal controls and ensuring your IPE requirements are adequately addressed and documented, contact Joshua Heller (firstname.lastname@example.org).
By: Joshua Heller, Senior Consultant