Can Independent Auditors Share Risk Assessment with IA? 3210

  • Hi All - In our organization, IA performs SOX testing for management who makes the assessment. Management performs a risk assessment based on materiality but it does not include the specific risks or accounts associated with each control. Management has no plans to provide this information so IA would like to prepare it on our own to provide all of the auditors working on the project with additional guidance and context. We know that our independent auditor prepares a detailed risk assessment and we were hoping that they would be willing to share at least some of the information so we wouldn’t have to reinvent the wheel but they say they can’t. Is this typical? I can speculate about why they are unwilling to share but it seems unreasonable to me. Is the sharing of this information prohibited?

Log in to reply