IDW PS 880 - Guidance for IT and AI Professionals

Florian Zyprian

Dive into this comprehensive guide to software testing in accordance with IDW Auditing Standard PS-880 to understand its critical role in corporate governance and risk management.

Software testing according to IDW testing standard PS-880

The standard for software testing in accordance with IDW testing standard PS-880 is a standardized test procedure for assessing the quality, security and documentation of software products, particularly with regard to their use in the context of proper bookkeeping and accounting.

  1. The process begins with a procedure check, in which both the processing functions, software security and documentation are checked.
  2. Testing the processing functions involves identifying and testing the functions required for proper bookkeeping and accounting. These include, for example, the document function, the journal function and the account function.
  3. As part of the software security audit, various aspects are checked, such as access rights, data integrity and protection against data loss.
  4. Documentation testing includes checking the correctness, completeness and comprehensibility of the software documentation.
  5. At the end of the testing process, there is the reporting and the test certificate. Here, the results of the procedure test are summarized and, on this basis, a decision is made as to whether the software receives the test certificate.

It should be noted that this audit procedure is applicable not only to accounting software, but to any software relevant to the regularity of accounting. Moreover, the audit should be performed by an independent, qualified entity to ensure the objectivity of the results.

What exactly means that this testing procedure is not only applicable to accounting software?

This sentence means that the auditing standard IDW PS 880 is not only applied to software developed specifically for accounting. Rather, it can also be applied to any other software that is relevant to the proper maintenance of a company's accounting and preparation of its financial reports.

In other words, any software that in any way affects a company's financial reporting and accounting should be reviewed in accordance with the requirements of IDW PS 880 to ensure that it is functioning properly and producing reliable results.

Can a software already be IDW PS 880 certified before implementation?

As a rule, certification in accordance with IDW PS 880 is not specific to an individual software product, as this Standard relates to the entire accounting process chain, including the software, the data and the business processes. Therefore, it is important to emphasize that even if a software already has IDW PS 880 certification, this does not mean that it will automatically work properly in every specific business environment.

Certification should be considered in the context of the specific business process in which the software is embedded. Therefore, it is recommended to perform an IDW PS 880 audit after the implementation of a new software or after changes to existing systems or processes.

It is important to note that the context also matters. Sometimes software vendors can obtain a kind of "preliminary" certification that confirms that the software meets the requirements of IDW PS 880 under certain conditions. However, this certification is still no substitute for an individual audit in the specific corporate environment.

More Information from KPMG is here to find.

How is IDW PS 880 applied to AI software?

The application of IDW PS 880 to artificial intelligence (AI) presents a particular challenge, as these dynamic systems are continuously learning and adapting. AI systems are often non-deterministic, meaning that they can produce different results for the same input data depending on how they have evolved through their internal learning processes.

It is important to understand that AI systems adapt and learn by being deployed in the real world. Therefore, a preliminary review of the AI software can only provide limited information about its future performance and compliance with generally accepted accounting principles. A comprehensive review of compliance with IDW PS 880 can thus only take place once the AI software is already in use and has adapted to the company's specific processes.

It is especially important to carefully consider the data that AI uses to learn and make decisions. This data must be high quality, representative, and free of bias to ensure that the AI makes accurate and fair decisions.

It is also critical that users of the AI software understand how the system works. They must be properly trained to correctly interpret and use the data and results generated by the AI.

In conclusion, the field of AI auditing and certification is still relatively young and continuously evolving. Therefore, further research and more specific standards and guidelines for AI product auditing are needed. As of my knowledge in September 2021, there are no specific guidelines or standards for auditing AI products according to IDW PS 880, but it is expected that such will be developed in the future.

Why is IDW PS 880 relevant for IT professionals?

IDW PS 880 is not a certification standard for individuals, but a standard for auditing IT-based business processes. This standard, developed by the Institut der Wirtschaftsprüfer in Deutschland e.V. (IDW), provides a framework for assessing the reliability of information generated by IT systems.

While people are not certified to this standard, it is important for auditors, IT specialists and those involved in the creation, implementation and maintenance of IT-based business processes to understand and apply the principles of IDW PS 880. They must ensure that the IT systems for which they are responsible process information reliably, securely and correctly. With this in mind, they might need sufficient training, expertise and possibly certification in areas such as IT auditing, IT security, data management and the specific technologies used by their organization.

It is worth noting that in certain cases auditors or IT professionals may obtain certifications related to auditing IT systems and controls (such as CISA - Certified Information Systems Auditor), but this is different from being "certified in IDW PS 880". Rather, such certifications indicate that the individual has a recognized level of expertise in the area, which may be helpful in implementing or auditing systems based on the IDW PS 880 standard.

Why is the correct application of the software important despite certification according to IDW PS 880?

It is important to emphasize that IDW PS 880 certification examines the requirements for software products and their relevance for proper accounting in its audit process. As the literature underlines, almost all business information systems are subject to the regularity requirements of commercial and tax law and are therefore relevant for accounting.

As stated by the Federal Ministry of Finance in the Principles of Proper Computerized Accounting Systems, information systems also record, generate, process or transmit accounting-relevant data outside the actual accounting area. Therefore, these processes should also be taken into account in a DP-supported accounting system.

Consequently, it can be stated that there will hardly be any software in the business application environment that does not fall under the scope of application of the GoBS and thus the GoB. This means that the auditing standard IDW PS 880 can and should be applied to almost any business software.

But here, too, the significance of a software certification according to IDW PS 880 is strongly dependent on the wording of the audit result: "The accounting-relevant software (release/version no. ...) audited by me/us, on the audit of which I/we have submitted a report dated ..., enables accounting in accordance with generally accepted accounting principles when used properly."

This means that while the certification confirms, That the software, when used correctly, complies with generally accepted accounting principles, but does not guarantee that the software will actually be used correctly. In this context, the opinion often expressed in practice that certified software no longer needs to be tested in operational application practice is incorrect.

The requirements for the proper use of the software are described in as well as their implementation in the information system life cycle. This includes, for example, the proper implementation and use of the software in the business process, which goes beyond the mere certification of the software. Proper use of the software must therefore also be ensured after certification in order to ensure proper accounting.

Summary:

This text examines the auditing standard IDW PS 880 and its application to software products in the context of proper accounting requirements. Almost all business information systems are subject to the regularity requirements of commercial and tax law, as highlighted in the literature [Phil98, Phil96] and the GoBS95 principles of the German Federal Ministry of Finance. Therefore, the auditing standard IDW PS 880 can and should be applied to almost any business software.

It is important to note that certification according to IDW PS 880 confirms the compliance of the software with the principles of proper accounting, but does not guarantee the correct application of the software. Therefore, correct application of the software must be ensured even after certification in order to ensure proper accounting.

For comments or adjustments, please contact me. I look forward to your feedback and suggestions.

Legal Disclaimer: Please note that the information presented here represents a personal opinion on the subject and should not be considered legal advice. For specific legal questions, you should consult a qualified legal advisor.

About me

More Articles

Email Automation: Organize Mailboxes efficiently with AI

Every day, companies receive a flood of emails that they have to classify, sort, evaluate and respond to. If done manually, this is only...

Read article

Prompts for AI - Definition and Examples for ChatGPT & Midjourney

AI models such as ChatGPT and Midjourney have significantly changed the way ideas and content are generated. While AI models existed before,...

Read article
mlflow title

MLflow: Key role in machine learning development

MLflow plays an important role as an integrated toolset that masters the challenges of model experimentation, tracking and deployment for efficient modeling.

Read article
Arrow-up