6. IT audit. Communication with client. 1558

IT audit. Communication with client. 1558

  • S

    Question is : what is a format of communication between SOX IT auditor and client?. What are the requirments to auditor?. Should auditor co-ordinate with client the scope of work to be done ?
    And about procedure of documents retention: as SEC directs - auditors should keep audit related documents for seven years. Is there an analagous requirement to those who are SOX audited (except local legislative requirements)?
    TIA.

    0
  • M

    Hi,
    The Public Company Accounting Oversight Board (PCAOB) provides guidance for auditor communications in the audit of internal controls over financial reporting (SOX Audit).
    This can be found at:
    pcaobus.org/Rules/Rules_of_the_Board/Auditing_Standard_2.pdf
    Be sure to insert www. in front of the link above.
    The guidance is found in section 207-214, ‘REQUIRED COMMUNICATIONS IN AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING’.
    The protocol for the SOX IT Auditor communication is no different as that for the non-IT SOX Auditor.
    Hope this helps,
    Milan

    0
  • D

    On a formal level I would not distinguish between the Auditor and the IT Auditor - they will be the same firm.
    On a practical level though it is something that may need to be carefully managed. Essentially IT Auditors need to review controls over systems where the financial process is heavily reliant on systems controls. We have had a number of instances where IT Audit exceeded their scope and looked at systems that were not directly relevant to the financial process or where it was more effective to rely on manual controls than carry out
    Sometimes these issues arise because we allow IT Audit to liaise directly with IT rather than keeping a close eye on their scope by making sure it runs through the financial auditor.

    0
Log in to reply