This article will count 0.25 units (15 minutes) of unverifiable CPD. Remember to log these units under your membership profile.
Is that PDF invoice really what the vendor sent?
Is your client's bank feed data as clean as it looks?
With more and more audit and assurance work relying on digital documents and automated feeds, a new staff guidance AS 1105.10A issued by the Public Company Accounting Oversight Board (PCAOB) brings much-needed clarity on how to evaluate the reliability of external information received in electronic form.
NOTE: While the guidance is aimed squarely at auditors under PCAOB standards, the lessons apply much more broadly. If you're doing compilations, reviews, or any other form of assurance, this is essential reading.
The PCAOB's guidance says auditors must evaluate whether external information, i.e. like a vendor invoice or bank confirmation, remains reliable when provided electronically by the company. In plain terms: just because a client emails you a PDF or bank feed doesn't mean you can trust it without question. If there's any meaningful risk that the company could have altered or misused the data, even unintentionally, the auditor must take steps to test its reliability. This might mean cross-checking it against original sources or testing the internal controls around how the data is received and handled.
Whether you're auditing, reviewing, or compiling, don't take digital data at face value. Here's how to protect yourself and your engagement:
Understanding the data flow from source to your hands is step one in assessing reliability.
✅ Test the Information or the Controls (Assurance engagements only)
If there's a risk the data was altered, you need to either:
For lower-risk areas with clean, unedited data, minimal or no extra testing may be needed.
✅ Document the Source -- Even in Compilations
If you're compiling financial statements, you may not be required to verify data, but you still need to document:
This protects you if questions arise later, and demonstrates your professional judgment.
✅ Rely on Other Audit Work if It Covers Reliability
Already compared tax rates to official sources? That counts. If other procedures already confirm the accuracy of external info, you don't need to duplicate effort. Just be sure it's clearly documented.
The guidance offers practical examples:
Whether you're preparing financials for a compilation or doing limited assurance, these principles still matter. If you're relying on electronic documents, but not always verifying the trail. It's not enough to know where it came from, you need to understand how it got to you. Understanding the risks of electronic data and how it flows through client systems helps you safeguard your engagement and avoid issuing misleading reports.