PCAOB Staff Audit Practice Alert No. 11 – Part 5
Information Technology (IT) Considerations, Including System-Generated Data and Reports
When selecting internal controls for testing, it is critical to document and test the completeness and accuracy of system-generated data or reports used in the operation of those controls. Without this additional effort, the evaluation of the internal control will be insufficient. For instance, when testing management’s review of an account analysis, if the review includes the assessment of a system-generated report or schedule, then additional procedures should be performed on the completeness and accuracy of that report used by management during their review. Otherwise, the evaluation of that review will be insufficient as the underlying report or schedule utilized by management during that review may be incomplete or inaccurate.
When performing the additional evaluation of system-generated data or reports, consider testing:
- Information technology general computer controls that are important to the effective operation of the applications that generated the data or reports, and
- The logic of the queries (or parameters) used to extract data from the IT applications used in the reports.
Our next blog regarding the PCAOB Staff Audit Practice Alert No. 11 will cover items to consider with roll-forward controls tested at an interim date and use of the work of others.