SOX Professionals Group

Have any users encountered controls which the business utilizes PowerBI for data visualization and/or PowerApps for modeling?  We're getting questioned on whether that means these tools are "in scope" and subject to ITGC testing.  

------------------------------
Paige Testerman
Lead Auditor
Evergy
------------------------------

Keeping an eye on this.  It wasn't in scope for us this past year for our new acquisition, but there were controls that they used it for and we got dinged for not having enough evidence of review documented due to the nature of the app.

------------------------------
Andrew Sabia
Internal Audit Manager
RBC Bearings
------------------------------

Original Message:
Sent: 05-18-2023 12:14 PM
From: Paige Testerman
Subject: PowerBI and PowerApps

Have any users encountered controls which the business utilizes PowerBI for data visualization and/or PowerApps for modeling?  We're getting questioned on whether that means these tools are "in scope" and subject to ITGC testing.  

------------------------------
Paige Testerman
Lead Auditor
Evergy
------------------------------

Thank you!  Any chance you know what remediation looks like?  Do you think it'll be in scope this year?  

------------------------------
Paige Testerman
Lead Auditor
Evergy
------------------------------

Original Message:
Sent: 05-18-2023 02:09 PM
From: Andrew Sabia
Subject: PowerBI and PowerApps

Keeping an eye on this.  It wasn't in scope for us this past year for our new acquisition, but there were controls that they used it for and we got dinged for not having enough evidence of review documented due to the nature of the app.

------------------------------
Andrew Sabia
Internal Audit Manager
RBC Bearings

Original Message:
Sent: 05-18-2023 12:14 PM
From: Paige Testerman
Subject: PowerBI and PowerApps

Have any users encountered controls which the business utilizes PowerBI for data visualization and/or PowerApps for modeling?  We're getting questioned on whether that means these tools are "in scope" and subject to ITGC testing.  

------------------------------
Paige Testerman
Lead Auditor
Evergy
------------------------------

Similar to what Amanda said, we have ITGCs over the data warehouse, etc, I will have to double check again on exactly why Power BI was not in scope.  Our control that failed was due to lack of EOR so to remediate, the process owner will now screenshot the Power BI report and send it in an email (as a precursor to a meeting).  So then we had EOR, dated, and he had comments in there expressing any concerns/improvements the report was showing.

------------------------------
Andrew Sabia
Internal Audit Manager
RBC Bearings
------------------------------

Original Message:
Sent: 05-18-2023 03:15 PM
From: Paige Testerman
Subject: PowerBI and PowerApps

Thank you!  Any chance you know what remediation looks like?  Do you think it'll be in scope this year?  

------------------------------
Paige Testerman
Lead Auditor
Evergy

Original Message:
Sent: 05-18-2023 02:09 PM
From: Andrew Sabia
Subject: PowerBI and PowerApps

Keeping an eye on this.  It wasn't in scope for us this past year for our new acquisition, but there were controls that they used it for and we got dinged for not having enough evidence of review documented due to the nature of the app.

------------------------------
Andrew Sabia
Internal Audit Manager
RBC Bearings

Original Message:
Sent: 05-18-2023 12:14 PM
From: Paige Testerman
Subject: PowerBI and PowerApps

Have any users encountered controls which the business utilizes PowerBI for data visualization and/or PowerApps for modeling?  We're getting questioned on whether that means these tools are "in scope" and subject to ITGC testing.  

------------------------------
Paige Testerman
Lead Auditor
Evergy
------------------------------

Hi Paige,
I have encountered this at my last bank, and building them at the current bank. We have ITGCs over the data warehouse and data transformation (normalizing data for business use) that are tested as part of the annual audit.  We apply specific completeness and accuracy controls when the reporting is in connection with business decisions by Management or the Board, and when used in connection with the financial statements.

For example, we used a Power BI dashboard for prepayments on loans, that data was used as a factor in the allowance calculation; therefore completeness and accuracy testing is required each quarter.

We are working on a process where we can create a watermark on the visualization or exported report/extract that indicates if the report has been "verified" with C&A, to ensure the user of the information knows C&A has not been completed.  This is a work in progress at this point.. 

------------------------------
Amanda Nino
VP/Internal Control Manager
Coastal Community Bank
------------------------------

Original Message:
Sent: 05-18-2023 12:14 PM
From: Paige Testerman
Subject: PowerBI and PowerApps

Have any users encountered controls which the business utilizes PowerBI for data visualization and/or PowerApps for modeling?  We're getting questioned on whether that means these tools are "in scope" and subject to ITGC testing.  

------------------------------
Paige Testerman
Lead Auditor
Evergy
------------------------------