Auditing and Corporate Governance

What Is Information Produced by the Entity (IPE) for an Audit?

Learn the critical process auditors use to verify the trustworthiness of a company's internally produced financial data for audit assurance.

Information Produced by the Entity (IPE) refers to information generated by a company or organization that auditors use as evidence during a financial statement audit. This information forms foundational audit evidence for forming an opinion on the financial statements. The reliability of IPE directly influences the auditor’s ability to assess the effectiveness of internal controls and the accuracy of financial reporting. Without dependable IPE, auditors face challenges in evaluating whether controls operate as intended or if financial statements contain material misstatements.

The Public Company Accounting Oversight Board (PCAOB) and other professional standards bodies, like the American Institute of Certified Public Accountants (AICPA), emphasize the importance of IPE reliability. High-quality IPE streamlines the audit process and supports accurate insights. Consequently, auditors focus on evaluating the integrity of this information to ensure its reliability for audit conclusions.

Defining Information Produced by the Entity

IPE encompasses any data, reports, or other information generated by an entity’s internal systems or processes that auditors utilize as evidence during an audit. This includes information from IT applications, end-user computing tools, or other methods.

Examples of IPE are varied and stem from both automated systems and manual preparations. System-generated reports include general ledger details, sub-ledgers, inventory reports, and sales reports. Data extracts or queries from internal systems, such as a list of widget sales over a specific period, also qualify as IPE.

Manually prepared schedules or reconciliations, such as bank reconciliations, accounts receivable aging schedules, or depreciation schedules, also fall under IPE. Spreadsheets used for calculations or analysis, even if they incorporate data from other sources, are considered IPE if developed or maintained by the entity and used as audit evidence.

IPE can be categorized into types based on their source and modification potential. Standard or “canned” reports are developed by software providers and come pre-formatted with enterprise resource planning (ERP) systems, often with limited modification capabilities. Custom reports are built by a company’s in-house IT team to meet specific business needs, often involving custom queries. Ad-hoc queries are non-standard queries created on an as-needed basis, typically carrying higher risk due to varied parameters and less vetting.

Characteristics of Reliable IPE

For IPE to be considered reliable and useful as audit evidence, it must possess specific qualities related to its creation and content. These qualities include completeness, accuracy, and appropriateness for its intended purpose. The entity’s internal processes and controls play a direct role in ensuring these characteristics are present in the IPE it produces.

Completeness in IPE means that all relevant transactions, data, or items that should be included are present, with no omissions. For example, if a report is intended to list all sales transactions for a period, completeness ensures every sale within that period is captured. Entities strive for completeness through proper system configurations, which ensure that all data is recorded as it occurs. They also employ data validation procedures, such as sequence checks or reconciliation to control totals, to confirm that no data has been lost or excluded.

Accuracy refers to the correctness of the data within the IPE, meaning information is correctly recorded, calculations are correct, and the data matches underlying source documentation. For instance, if a report shows a total value, accuracy means that the individual entries sum up correctly to that total. Entities maintain accuracy through internal controls over data entry, such as automated checks that flag inconsistencies or manual review procedures. Regular reconciliation procedures, where IPE is compared to independent records, also help ensure that the information is free from mathematical errors or misstatements.

Appropriateness for purpose means the IPE is relevant and suitable for the specific audit objective it supports. This involves ensuring that the report or data extract contains the necessary fields and is generated with parameters that align with the information needed for a particular audit test. For example, an accounts receivable aging report used to test the allowance for doubtful accounts must be generated with appropriate filters and date ranges. Entities ensure appropriateness by designing reports and data queries to meet specific operational and financial reporting needs, considering the intended use of the information.

Auditor’s Procedures for Evaluating IPE

Auditors employ specific procedures to assess the completeness, accuracy, and appropriateness of Information Produced by the Entity (IPE). The Public Company Accounting Oversight Board (PCAOB) Audit Standard (AS) 1105 specifies that auditors must evaluate IPE by testing its accuracy and completeness, or by testing the controls over its accuracy and completeness.

A primary step involves understanding and testing the entity’s internal controls relevant to IPE. Auditors assess IT general controls (ITGCs) that govern the overall IT environment, such as controls over program changes, system access, and computer operations. They also evaluate application controls embedded within software that process transactions, and manual controls that involve human intervention in data input or processing. If ITGCs are found to be ineffective, auditors may need to perform additional substantive testing procedures to gain comfort over the completeness and accuracy of the IPE.

Direct testing of IPE involves several specific methods. Reconciliation procedures compare IPE to other independent sources or underlying records. For example, an auditor might reconcile a sales report to shipping documents and customer invoices to confirm that all sales were recorded and that the amounts are correct. Another common reconciliation involves comparing the general ledger balance to a sub-ledger or an external statement, like a bank reconciliation.

Recalculation and re-performance are used to independently verify mathematical accuracy. Auditors may recalculate totals in a spreadsheet, verify formulas used for depreciation or interest expense, or re-perform system logic to ensure calculations are correct. This provides direct evidence of the accuracy of specific amounts. Testing parameters and logic involves examining the filters, date ranges, and underlying code or algorithms used to generate system-produced reports or data extracts. This ensures that the IPE captures and processes information as intended, aligning with the audit objective.

Data analytics tools are increasingly utilized to analyze large volumes of IPE. Auditors use these tools to perform comprehensive completeness checks, identify anomalies or trends, and conduct detailed substantive procedures that would be impractical manually. This technology assists in identifying patterns or outliers that might indicate misstatements or control deficiencies.

Finally, auditors corroborate IPE with other audit evidence. This means comparing information obtained from IPE to evidence from different sources, such as external confirmations from banks or customers, physical observations, or inquiry with entity personnel. Corroboration strengthens the overall audit evidence and helps confirm the reliability of the IPE. The documentation of these procedures, collected evidence, and conclusions must be sufficiently detailed to allow another auditor to reach the same result.

Previous

How Is Auditing Related to Accounting? A Look at Both

Back to Auditing and Corporate Governance
Next

Why a Financial Audit Is Important for Your Business