How do I interpret audit results? 1779

  • Hi all. I have not been on the forum in quite a while. I am glad to be back.
    We hired outside consultants to perform the testing (404) part of our SOX compliance. Their workpapers have summarized everything down to ‘pass’ and then ‘exceptions’.
    I have two questions:

    1. Isn’t SOX a pass or fail? No exceptions?
    2. Is it typical to change the opinion of the testers when it is deemed the exception is not significant. For instance, a journal entry did not have support. While this is the control it’s failure is quite minor in nature.

  • Using various sample sizes allows you to estimate with a degree of certainty that a control is operating as intended. An exception, especially in a large sample size, does not necessarily mean that a control fails. You should define in advance of your testing what the allowable exception rate is. In some cases, an exception would suggest that you pull an additional sample to test prior to determining that a control is not working. In other cases (failure of one sample in a population of 15 or less) would suggest that the control is not working.
    Also, if exceptions can be explained, then you do not necessarily fail a control. For example, if your primary clerk responsible for reconciling a ledger account is out on leave when an account reconciliation is due to be performed, then it may not be completed that month, but is caught up in the following month. Assuming that the controls reads that ‘all accounts are reconciled every month’, then pulling for testing the month that the clerk did not complete the reconciliation would show an apparent control failure, when it was known by the controller that the reconciliation was not going to be performed that month. In this case, you would pull another month to test and not fail the control.

  • Thank you for your input. I had viewed many of these exceptions as explanable as you defined or just not a control failure since the population size was so large. This definitely gives me more leverage for stating my position.

Log in to reply