Soooo has the audit environment escalated recently in your opinion? I have a client who runs a report out of a MS Access system that they use to create a journal entry to which they attach the report. The auditors are requiring the the report generate in a secure file folder so that the original file and NEVER by deleted or changed. This is a new requirement this year by the auditors. . . Is anyone else running into this requirement?
The Audit Environment - Big 4
Answers
One forgets that a) you pay these auditors, b) they aren't always correct, c) they have bosses and d) sometimes simple logic needs to prevail.
So that's one source file for one JE.
What do these auditors want about source data for all the other JEs that go into your GL? I refer to Wayne's item d above:)
What you are experiencing is how the big firms behave and how they may structurally change audit approaches after their annual PCAOB inspections. The PCAOB inspections are very rigorous and so given that the PCAOB makes the rules, they interpret the rules, enforce the rules and are the final arbitrator in any "audit findings" post an internal inspection, the big guys change/modify approaches, primarily audit documentation procedures to address the inspection results. If you are publicly traded, you have little or no choice. However, if you are a privately owned company, with an liquidity event likely being a sale/merger and not a public offering, you really have to ask yourself if your current service provider fits to your scale and needs.
We have had the same or very similar experience. Your
Today's audit environment is significantly more complex with greater regulation and big data. This requires a much different type of auditor. To avoid ridiculous recommendations that don't make sense do your best to simplify matters for your auditors and provide examples with live data on how to get comfortable with reports that are critical to
Audit procedures have recently changed. Auditors are now required to attest to the security of the data they are auditing.
So now the auditor is an expert on
Why does this sound just plain wrong,especially since they are only required to take one (1) single college course on auditing.. as well as
@Wayne:
A college accounting professor (lecturer actually, with real world
He said (in about 1978 mind you) that, CPA firms and professional organizations were trying to elevate themselves in the public's eye to be on par with doctors and lawyers. But he said, they were just too full of themselves. And, they were really hurting themselves in the long run and should remain focused on their core offering of independent auditors.
A few years later, I was in the income tax prep business at several different subunits over the years including having my own tax prep practice. And, I was at a great disadvantage without having a CPA.
CPAs were taking advantage of the public misperception as them being "tax experts" and really ripping clients off. I saw it first hand. I'd take an EA over a CPA in tax matters any day of the week. Although, there are certainly a few CPAs with enough knowledge and training in taxes to be real tax experts.
And, over the years as a
If CPAs went back to being first class auditors as that professor said, we'd all be a lot better off.
I'll share a little bit of my current nightmare (leading to 3 full blown audits this year). Our data is maintained in a monitoring system that does not have an adequate reporting package. Additionally, due to the uniqueness of our business we have basically bastardized the system we are using to handle our business. To move to another system starts at $2.5M before you add consultants and testing, etc.
I am not given access to the original data from this parent system and have to rely on the SQL reports that are created for me using all sorts of tables and modifications to pull data as we need it. Somewhere along the line, someone stretched the logic far enough that it is no longer logical or reasonably manageable (we have 90,000 clients). Each year that I have been here, I have had to explain and further reconcile 'agings' that don't tie to schedules as a result of changes in bill payers and/or invoice headers, etc. This year the auditors pulled some random invoices and we determined that the report we were relying on had the wrong aging date, making everything look 60 days better than it should have. We had already created more headaches with this process when we add all the special rules for how we age based on categories.
The additional requirements from the auditors are to protect themselves from the nightmare client we have become. Following each audit myself and our CFO sit down with the IS department and demand access to the original data files so we can process our own reports. And each year, the IS department is ready with 'reasons' they cannot do this. While this audit season has been extremely taxing on me, I think this is the best thing that has happened for us and I look forward to what I expect will be new colleagues in a sister department.
I look forward to meeting or exceeding the auditors' requirements as it means I am on top of my game and the information I provide to the company owners is accurate. Everyone can wordsmith a response to pass a test, but the real test is how you can document and illustrate processes that are solid and auditable.
If I understood you correctly is that you want to run reports (only) off the original data, from an IS and Auditing POV, there is no reason why you can't.
A report does not change data, it gathers, and reports data.
For the CFO to accept this as a status quo tells me the corporate structure is broken.
For the record, if one needed to update the raw data, I could understand that temporary (intermediary) files may be used for validation purposes, but again, I don't think this is the case here.