PCAOB updates, SOX ITGC guidance, SOC report deep-dives, and AI in governance — written by practitioners who have sat in both the auditor's chair and the client's.
Fresh digest items generated automatically — no manual posting required. loading…
The PCAOB's 2026 inspection cycle is placing unprecedented emphasis on IT General Controls, cybersecurity disclosures, and the use of AI tools in the audit process. Here's what audit teams and user entities need to address before fieldwork begins.
Read full article →A deep-dive into Segregation of Duties — how violations occur in SAP and Oracle ERP systems, what auditors test under Section 404, and how modern automated analysis closes the gap.
SAP GRC has dominated enterprise compliance for a decade. We break down both platforms side-by-side on cost, AI capability, deployment time, and multi-ERP coverage.
A 7-step methodology for extending internal audit and ITGC rigor to AI and machine learning systems, plus a downloadable playbook with worked examples and a control matrix.
The new quality control standard requires registered firms to implement risk-based QC systems by December 15, 2025. What changed and how it affects ITGC audit engagements.
Item 1.05 of Form 8-K has generated over 400 material incident disclosures. We examine the ITGC implications and common deficiencies auditors are now flagging.
From automated workpaper generation to anomaly detection in access logs — LLMs are reducing audit fieldwork time by up to 40% in early adopter firms.
Both certifications address information security, but they answer different questions. Here's how to choose — and when you need both.
New staff practice alerts address cloud-hosted ERP systems, automated controls, and the reliance on IT-dependent manual controls. Key changes every ITGC auditor needs to know.
Migrating to S/4HANA doesn't clean up your SOD landscape — it often makes it more complex. Here are the conflicts that cause the most audit exceptions.
A bridging letter extends SOC report coverage to a period not covered by the formal opinion. When are they acceptable, and what does your auditor need to see?
The 2023 supplemental guidance introduces new considerations for technology risk, AI controls, and ESG data integrity. Key differences mapped to the original 17 principles.
Requires a risk-based quality control system covering engagement performance, resources, and governance. IT audit implications are significant for firms using automated audit tools.
Updated guidance addresses testing considerations for cloud-hosted ERPs (SAP BTP, Oracle Cloud, Workday) where traditional ITGC scope must be re-mapped to shared responsibility models.
Proposed changes would require auditors to explicitly consider risks arising from the use of AI by the client in financial reporting processes, including AI-generated journal entries.
The 2025 inspection cycle found ITGC deficiencies in 67% of reviewed engagements — up from 58% in 2024. Logical access reviews and change management remain the top finding categories.
Reminds auditors that use of AI-generated workpapers does not diminish their professional responsibility. Requires documentation of how AI outputs were evaluated and validated.
A registered firm was sanctioned for failing to test the IT controls underlying an automated revenue recognition system, instead relying on management's assertion without independent validation.