Have any users encountered controls which the business utilizes PowerBI for data visualization and/or PowerApps for modeling? We're getting questioned on whether that means these tools are "in scope" and subject to ITGC testing.
Keeping an eye on this. It wasn't in scope for us this past year for our new acquisition, but there were controls that they used it for and we got dinged for not having enough evidence of review documented due to the nature of the app.
Thank you! Any chance you know what remediation looks like? Do you think it'll be in scope this year?
Similar to what Amanda said, we have ITGCs over the data warehouse, etc, I will have to double check again on exactly why Power BI was not in scope. Our control that failed was due to lack of EOR so to remediate, the process owner will now screenshot the Power BI report and send it in an email (as a precursor to a meeting). So then we had EOR, dated, and he had comments in there expressing any concerns/improvements the report was showing.
Hi Paige,I have encountered this at my last bank, and building them at the current bank. We have ITGCs over the data warehouse and data transformation (normalizing data for business use) that are tested as part of the annual audit. We apply specific completeness and accuracy controls when the reporting is in connection with business decisions by Management or the Board, and when used in connection with the financial statements.For example, we used a Power BI dashboard for prepayments on loans, that data was used as a factor in the allowance calculation; therefore completeness and accuracy testing is required each quarter.We are working on a process where we can create a watermark on the visualization or exported report/extract that indicates if the report has been "verified" with C&A, to ensure the user of the information knows C&A has not been completed. This is a work in progress at this point..
2900 University BlvdAmes, IA 50010