2018 is flying by and it won’t be long before the end of the year! But before that fresh, new start in 2019 comes the audit season. That time of year when your friendly auditors show up to interrupt your already busy day! As an auditor, I get it… it is stressful and burdensome but we try to help you get through it!
One thing that has impacted the audit function over the last few years is a push for completeness and accuracy of the files requested. If you provide your auditor with a report, they need to know that they can rely on the report: Were there any filters applied, Was it pulled for the entire population, Is the software producing reliable reports, etc.?
As our technology-dependent workplace relies more on software to provide information, the more we need to understand what is behind the report. You have probably heard it before: ‘Trust but Verify’, it is the basis of auditing. So you will likely get more questions about the software and the reports you are requested to provide than you have heard in the past. YHB has increased this over the last few years and I am sure you have seen this from other auditors.
So your auditor will be asking more about the reports but is there more to this issue? Probably. Obviously, the auditor is worried about financial reporting but you should also be concerned from an operational perspective. What if you were investigating the number of transactions occurring at each location in order to make a decision on closing locations or opening more in a certain region? You will be relying on reports from the system that you are likely requesting from someone else. What if they didn’t understand exactly what you needed and limited the search to specific days or just certain locations? You would be making decisions based on incomplete or inaccurate data. What if their best friend worked at a low producing location? Could they put a filter on the report to inaccurately reflect the data?
While most software works accurately and there shouldn’t be a problem, there is always room for errors. Some system generated reports ask for parameters that the user may not fully understand. They may be selecting the one that sounds right but alters the results.
So be expecting more requests about the completeness and accuracy of your reports from auditors and the next time you request a report (or generate it yourself) give some thought to how you get comfort in the accuracy and completeness of the report. Don’t just rely on the name of the report or the fact that it came from ‘the system’.
LEARN MORE ABOUT OUR RISK ADVISORY SERVICES
Throughout his time at YHB Curtis has provided IT audit and consulting to clients, even while holding the position of the firm’s IT director for several years. Now, as head of the YHB Risk Advisory Services Team, Curtis focuses on assisting organizations in a variety of industries with internal audits and IT-related audit and consulting services. Also, he frequently speaks and gives presentations on SOX compliance, internal controls, and data security.