If you are a new auditor or being subjected to an audit for the first time, then you may have heard a reference to an “Audit Request List” or “PBC Request List”. The two can be used interchangeably, for the purpose of this article, we will use “PBC Request List”.
You may be asking yourself “what is a PBC Request List?”, but don’t worry, you’re not the first, and you won’t be the last to ask that question.
Firstly, the acronym PBC stands for “Prepared by Client” or “Provided by Client”, depending on who you ask.
A PBC Request List is frequently introduced during the audit preparation or planning phase, shortly after the audit announcement. It is important to know that the PBC Request List is a living list that gets updated throughout the audit process. The PBC Request List is a list of requested supporting documents (e.g., policies, schedules, reports, system generated exports, etc.) that the auditors need from the clients. The documents requested are used by the audit team to gain an understanding of the in-scope controls and processes, and to begin fieldwork testing. As business-process-walkthroughs and fieldwork testing progresses, the audit team frequently will add new requests to the list.
The process of managing the PBC Request List can be difficult and cumbersome if the audit team manually maintains and updates the list, frequently sending out a new version. However, modern workflow tools like Audit Suite now exist which allow auditors and clients to quickly and painlessly navigate through the PBC process.
Craig Solowski is the Founder and President of Audit Suite. A graduate from The University of Maryland, Craig is passionate about audit and leveraging technology that enhances audit processes and helps organizations manage their risks. With almost 10 years in the industry, Craig has experience ranging from working on the Financial Statement Audit for the U.S. Federal Government to supporting the Internal Audit department at a Fortune 100 company. In 2018, Craig developed Audit Suite to automate the PBC request process and reduce audit cycle time for his clients using the cloud.
Craig is a resident of Chicago, Illinois, is a member of the Institute of Internal Auditors (IIA) and ISACA, and is credentialed with the following certifications: Certified Internal Auditor (CIA), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified in Risk and Information Systems Controls (CRISC).