Information provided by the entity
(IPE) is any information that is produced by the company and provided as audit evidence, whether it be for your controls testing or substantive procedures performed by external audit.
What is IPE testing in audit?
Information Provided by the Entity (IPE) represents
all information used by an auditor in arriving at the conclusions on which the audit opinion is based
, whether for testing internal controls or performing substantive procedures.
How do we test IPE?
Testing approaches include: Obtain
and evaluate programs
/queries generating the reports; ● Obtain and evaluate parameters used; ● Sample data in resulting report; and ● Identify data sources (e.g. database, system).
What is IPE and IUC?
Information “Produced or Provided” by the Entity (IPE)
is evidence for the audit that is generated by the entity and used by the auditors to test a control. Information Used by the “Company or Entity” (IUC) is evidence that is used by the Company/Entity, in order to perform or execute their internal controls.
How many IPE forms are there?
Let’s take a closer look at the
three types
of IPE, from most to least risky.
Is IPE an invoice?
A vendor invoiceNoAccording to ISACA (2015), vendor invoices
are not IPE
because they are generated from a third party and are not a part of the organizations internal control.
What is considered an IPE?
“
Information produced by the entity
” (IPE) is any information that is produced internally by a company being audited and provided as audit evidence, whether for use in the execution of internal controls or for substantive audit procedures performed by an external auditor.
Why do we test IPE?
What Is an IPE Audit and Why Must We Address It? Information provided by the entity (IPE) is
any information that is produced by the company and provided as audit evidence
, whether it be for your controls testing or substantive procedures performed by external audit.
What are general IT controls?
IT general controls (ITGC) are
the basic controls that can be applied to IT systems such
as applications, operating systems, databases, and supporting IT infrastructure. The objectives of ITGCs are to ensure the integrity of the data and processes that the systems support.
How do you test the completeness and accuracy of a report?
Procedures. There are generally two ways to gain assurance for completeness and accuracy.
One is to compare the report to information or data external to the system and the other is to compare the report to the internal database.
What is an SOC audit?
A SOC 2 (Service Organization Control) audit report provides
detailed information and assurance about a service organisation’s security, availability, processing integrity, confidentiality, and/
or privacy controls, based on their compliance with the AICPA’s (American Institute of Certified Public Accountants) TSC ( …
What is report logic in IPE?
The
computer code, algorithms or formulas for transforming, extracting or loading the relevant source data
and then creating the report can be called report logic. Report logic may include standardized report programs, user-operated tools (e.g., query tools and report writers) or Excel spreadsheets etc.
What is EUC Sox?
A key accountability under Sarbanes Oxley (SOX) involves a concept known as
end-user computing
. End-user computing generally involves the use of department-developed spreadsheets and databases, which are frequently used as tools in performing daily work.
What is an IT dependent control?
IT Dependent Manual Controls – These are
processes that are manually performed by individuals, but rely on computer generated information
.
What is Gitc testing?
Change evaluation. A change can be initiated either due to a new requirement or when an enhancement is required in an already implemented functionality of IT applications. In any of these cases, change is to be developed, tested and then implemented in the Production environment.
What are the 3 types of controls?
Three basic types of control systems are available to executives:
(1) output control, (2) behavioural control, and (3) clan control
. Different organizations emphasize different types of control, but most organizations use a mix of all three types.