What Is IPE for Audit and Compliance?
Blog

What Is IPE for Audit and Compliance?

Learn what Information Provided by the Entity is and best practices for IPE assessment.

Information produced by the entity (IPE) is first-hand data from a company or organization. The term “information provided by the entity” is also used occasionally and shortened using the same IPE acronym. Auditors can also refer to this data as management representation because the leadership of the organization being audited provides it. 

Auditors typically use the data in IPE to assess company performance, check for accuracy and test current accounting and compliance processes. Ultimately, IPE helps auditors draw conclusions and provide insights to company decision-makers or regulators. 

The accuracy of IPE is imperative because it is used as evidence for the auditors’ conclusions. Reports will point to specific pieces of IPE to support findings or suggestions. 

Importance of reliable IPE for accurate auditing

According to the Public Company Accounting Oversight Board (PCAOB), the reliability of information for an audit depends on how auditors obtain it. IPE comes from the company, but auditors may look for independent, external data to corroborate the statements from company management. They run tests and analyze the data to ensure it is accurate and complete. 

However, reliability is critical because it can streamline the auditing process and provide more accurate and valuable insights during internal audits. The PCAOB points out that information provided by the company is more reliable if the company has good controls and can provide original documents and statements. 

High-quality IPE is essential because it provides a complete picture of company processes and operations. Also, it serves as evidence for the auditor’s findings. They will seek patterns, outliers and trends in this data, and base their opinions, in part, on analysis of IPE. 

Inaccurate IPE or data that paints a different picture than information from external sources can complicate the audit. Auditors will be forced to find accurate data before continuing with their analysis. 

Examples of IPE in audit

Auditors need different types of records to complete their analysis. Here are examples of the types of information companies might supply to support the audit. 

  • Financial reports: These documents show financial performance. They are required for external audits meant to show compliance with financial reporting laws. The statements include balance sheets, income statements and cash flow records. 
  • Inventory and asset listings: These records show the flow of inventory and the accumulation of assets at the company. Auditors check the accuracy of record-keeping in these areas. 
  • Legal records: These documents are meant to show company activity related to compliance with relevant laws. 
  • Internal accounting processes: This data shows how the company keeps records and performs accounting processes. It includes information about internal controls, which the firm uses to check and verify its work. 
  • Contracts or agreements: These documents show the different agreements and obligations a company has to other parties. 

This is by no means an exhaustive list of all examples of IPE. Companies keep a broad range of documents and records. In today’s digitized workplace, companies create a trail of records for various processes automatically. 

The connection between IPE and compliance

Certain companies need to make annual and quarterly filings, with executives signing off on the accuracy of data contained in the submitted documents. Most countries will have their own filing board. In Canada, for instance, all publicly traded companies and corporations with more than 50 shareholders must supply financial statements that meet the Generally Accepted Accounting Principles of Canada (GAAP of Canada) standard. 

Incorrect or incomplete IPE can lead to issues for companies trying to comply with these regulations. In some instances, inaccurate statements may be due to data loss. Companies need to consistently back up data and update record-keeping software to avoid these scenarios. 

Regardless of the reason for the incorrect IPE, inaccuracies can lead to concerns of fraud. Fraud in financial statements is increasingly common, and auditors look for possible evidence of purposely hidden or altered IPE. Even if the problem was due to poor internal controls or accounting flaws, it could cause additional investigations or reports to authorities. 

Risks associated with IPE

Several different risks can lead to inaccurate, incomplete or unreliable IPE: 

  • Manipulated or biased data: Companies often have internal controls to ensure the accuracy of information. However, some high-level employees may be able to override these controls or ask that information be organized or presented in a way that inaccurately represents financial performance. 
  • Disorganized records: Sometimes, accountants may be asked to provide IPE, but their records are incomplete or disorganized, so they cannot find all the necessary information before the audit begins. 
  • Poor internal controls: The company may intend to provide accurate data, but be unable to do so because of poor internal controls meant to prevent or check for errors.
  • Major operational changes: Significant changes, such as a switch to remote work for an accounting department, can cause a disruption to data collection and record-keeping and change familiar processes that employees rely on to ensure accuracy. 

These risks can affect the accuracy of IPE and lead to delays, inaccuracies or compliance problems during an audit. 

The best strategy for dealing with the risk of IPE is to carefully update internal controls and record-keeping processes to address potential risks. 

  • A company can rely on multiple people to verify, check and test record-keeping processes to ensure they produce accurate data for IPE.
  • Management can seek outside expertise to assess internal controls. For instance, if a company needs to provide financial records to comply with regulations, it can hire an internal auditor to test its systems and suggest corrections to ensure accuracy.
  • Ongoing evaluation of data can also help avoid risks. For instance, companies with well-organized digital accounting systems can check information continuously to ensure accuracy. This continuous evaluation helps find issues early before they lead to large amounts of inaccurate IPE.

With strong internal controls and multiple people verifying the information, a company can reduce the risk of inaccurate or manipulated IPE.

Best practices for IPE assessment

The steps for assessing IPE can depend on a company’s processes and systems. However, best practices for this task usually include these three steps: 

  • Data validation: The process verifies that data is complete, error-free, from the qualified source, and obtained securely without manipulation. 
  • Cross-referencing: This involves finding the same data or supporting data from another record. For instance, an accountant could look at bank statements or invoices to verify the correctness of ledger entries. 
  • Periodic reviews of accounting practices and internal controls: A review of internal controls at least once per year can help find inefficiencies or errors. 

Software can help facilitate these checks and verifications, streamlining the process of IPE production and collection. 

The role of technology in IPE assessment

Software can streamline the process of IPE assessment and automate certain aspects of data collection to reduce the risk of human error or manipulation. For instance, preparation, compilation and review (PCR) software can simplify the process of preparing financial statements by automating repetitive data entry tasks. 

Similarly, automated auditing software can reduce risks and also help analyze IPE to find trends or anomalies that humans might miss. 

Getting started with effective IPE management

The first step in establishing a plan for effective IPE management is to identify the types of information relevant to auditors. Once you establish these targets, you can define roles for collecting, organizing and checking this information for accuracy. A cloud-based centralized repository for IPE will make the data accessible to everyone involved in the process and ensure maximum transparency. 

Well-reviewed internal controls and a carefully-planned, cloud-based system for collecting and organizing IPE can help companies avoid the risk of inaccurate information complicating the audit process.