If you are a new auditor or being subjected to an audit for the first time, then you may have heard a reference to an “Audit Request List” or “PBC Request List”. The two can be used interchangeably, for the purpose of this article, we will use “PBC Request List”.
You may be asking yourself “what is a PBC Request List?”, but don’t worry, you’re not the first, and you won’t be the last to ask that question.
Firstly, the acronym PBC stands for “Prepared by Client” or “Provided by Client”, depending on who you ask.
A PBC Request List is frequently introduced during the audit preparation or planning phase, shortly after the audit announcement. It is important to know that the PBC Request List is a living list that gets updated throughout the audit process. The PBC Request List is a list of requested supporting documents (e.g., policies, schedules, reports, system generated exports, etc.) that the auditors need from the clients. The documents requested are used by the audit team to gain an understanding of the in-scope controls and processes, and to begin fieldwork testing. As business-process-walkthroughs and fieldwork testing progresses, the audit team frequently will add new requests to the list.
The process of managing the PBC Request List can be difficult and cumbersome if the audit team manually maintains and updates the list, frequently sending out a new version. However, modern workflow tools like Audit Suite now exist which allow auditors and clients to quickly and painlessly navigate through the PBC process.