Related Posts
I am on bench from 1 nov 2022. I am PA.
Additional Posts in Risk Assurance
What makes more money IT Audit or IT GRC?
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.




Yes if you have the knowledge to do a code review and validate C&A of the query
Yep and of course if ITGCs around the reporting application are operating effectively - if not, the auditors may choose to reject effectiveness of any IT-dependent KR testing.
Bowl Leader
Oh the days of risk assurance….
Why not try and tie it back to a standard report covered by the applications SOC 1?
Because it may not have a SOC 1. Then you have to follow a sample transaction from the report generated back to the query of a database. Perform a tie-out or reperform for completeness and accuracy