[section separator="true"]
[section-item 9]
[row]
[column 12]
[toc-this]
Principles
The higher the auditor’s assessment of the risk of [link title="material" link="%2Faware%2FGAP%2FPages%2FCA-FA%2FPlanning%2FMateriality.aspx" /]
misstatement, the more reliable and relevant is the [link title="audit%20evidence" link="%2Faware%2FGAP%2FPages%2FAudit-evidence.aspx" /]
which (s)he seeks from substantive procedures, which may include external confirmation. External confirmation is the process of obtaining and evaluating audit evidence through a representation directly from a third party, in response to a request from the auditor for information about a particular item. Such audit evidence may, together with audit evidence from other audit procedures, assist in reducing the [link title="assessed%20risk" link="%2Faware%2FGAP%2FPages%2FCA-FA%2FPlanning%2FAudit-risk-and-risk-assessment-procedures.aspx" /]
to an acceptably low level.
External confirmations are frequently used to confirm the following:
- bank balances, loans, guarantees and other information from bankers;
- bank accounts opened in connection with imprests (e.g. delegations);
- amounts held at year-end at financial intermediaries;
- accounts receivable or accounts payable balances.
Such confirmations may provide audit evidence regarding some assertions, but not others. The auditor should consider the objective of the confirmation, i.e. the particular assertion(s) to be tested.
Having decided whether to use positive or negative external confirmation requests, the auditor should apply appropriate audit procedures when
- performing the external confirmation procedures;
- considering the results; and
- evaluating the evidence.
Positive or negative external confirmation requests
The auditor may use positive or negative confirmation requests or a combination thereof.
- A positive external confirmation request asks the respondent to reply to the auditor in all cases; a response to a positive confirmation request generally provides reliable audit evidence.
- A negative external confirmation request asks the respondent to reply only in the event of disagreement with the information provided; it provides less reliable audit evidence than a positive confirmation request, but may be used when the assessed risk and expected error are low, there is a large number of small balances, and the auditor believes that respondents will reply.
Instructions
External confirmation procedures
The auditor controls the external confirmation requests and responses.
The auditor should:
- determine the information to be confirmed and tailor external confirmation requests to the specific assertions being addressed;
- select the third party - the auditor ensures, where practicable, that the confirmation request is directed to an individual with the knowledge and authority to provide the information, and assesses whether certain parties may not provide an objective response to a confirmation request;
- design the confirmation requests. When designing the request, the auditor considers the factors that are likely to affect the reliability of the confirmations, e.g. the form of the request, the nature of the information being confirmed, and the type of information respondents will be able to confirm readily (e.g. single transactions rather than entire account balances);
- communicate with the third party, i.e. send out the confirmation requests and ensure that the requests are properly addressed and include a statement that all replies are to be sent directly to the auditor, in order to minimise the possibility of interception and alteration of confirmation requests or responses and thus increase the reliability of the audit evidence obtained;
- evaluate the evidence obtained, considering responses, non-responses and exceptions.
The auditor's response if management refuses to allow the auditor to send a confirmation request
Confirmation requests typically include management’s authorisation to the respondent to disclose the information to the auditor. When the auditor seeks to confirm certain balances or information, and management requests him/her not to, the auditor should evaluate the reasonableness of such a refusal; evaluate the implications for the auditor's assessment of risk and the nature, timing and extent of audit procedures; and apply alternative audit procedures to obtain sufficient relevant and reliable audit evidence.
If the auditor concludes that management's refusal is unreasonable, or is unable to obtain audit evidence from alternative audit procedures, the auditor should communicate with those charged with governance and consider the possible impact on his/her conclusions and opinion.
Considering the results
- Reliability of responses received
The auditor should consider the response’s authenticity and perform audit procedures to dispel any concern that external confirmations received may not be reliable. If (s)he determines the response is not reliable, the auditor should evaluate the implications for risk assessment and for the nature, timing and extent of audit procedures.
- No response to a positive confirmation request
If no response is received to a positive external confirmation request, the auditor should perform alternative audit procedures to provide audit evidence for the assertions concerned. If the auditor considers that a positive confirmation is required to provide sufficient, relevant and reliable audit evidence, and does not receive it, (s)he should determine the implications for the audit.
The auditor should investigate exceptions to determine if they represent misstatements. If an exception indicates a misstatement or irregularity in the entity’s records, the auditor determines the reasons, assesses whether it has a material effect, and reconsiders the nature, timing and extent of the audit procedures needed.
Evaluating the evidence
The auditor should evaluate whether the results of the external confirmation process, together with the results from any other audit procedures performed, provide sufficient, relevant and reliable audit evidence regarding the assertion being audited, or whether performing further audit procedures is necessary.
[/toc-this]
[/column]
[/row]
[/section-item]
[section-item 3]
[row]
[column 12]
[panel panel-style="boxed" title="Related%20documents" icon="book" class="ref-panel"]
[standards]
[link new-window title="ISA%20505" link="https%3a%2f%2fwww.ifac.org%2fsystem%2ffiles%2fpublications%2ffiles%2fIAASB-2020-Handbook-Volume-1.pdf%23INTERNATIONAL%2520STANDARD%2520ON%2520AUDITING%2520505" /]
[/standards]
[/panel]
[/column]
[/row]
[row]
[column 12][/column]
[/row]
[row]
[column 12]
[toc fixed="true" selectors="h2%2Ch3" class="basic-toc" /]
[/column]
[/row]
[/section-item]
[/section]
