IT audit. Communication with client. 1558
shama_n last edited by
Question is : what is a format of communication between SOX IT auditor and client?. What are the requirments to auditor?. Should auditor co-ordinate with client the scope of work to be done ?
And about procedure of documents retention: as SEC directs - auditors should keep audit related documents for seven years. Is there an analagous requirement to those who are SOX audited (except local legislative requirements)?
milan last edited by
The Public Company Accounting Oversight Board (PCAOB) provides guidance for auditor communications in the audit of internal controls over financial reporting (SOX Audit).
This can be found at:
Be sure to insert www. in front of the link above.
The guidance is found in section 207-214, ‘REQUIRED COMMUNICATIONS IN AN AUDIT OF INTERNAL CONTROL OVER FINANCIAL REPORTING’.
The protocol for the SOX IT Auditor communication is no different as that for the non-IT SOX Auditor.
Hope this helps,
Denis last edited by
On a formal level I would not distinguish between the Auditor and the IT Auditor - they will be the same firm.
On a practical level though it is something that may need to be carefully managed. Essentially IT Auditors need to review controls over systems where the financial process is heavily reliant on systems controls. We have had a number of instances where IT Audit exceeded their scope and looked at systems that were not directly relevant to the financial process or where it was more effective to rely on manual controls than carry out
Sometimes these issues arise because we allow IT Audit to liaise directly with IT rather than keeping a close eye on their scope by making sure it runs through the financial auditor.