Printer Friendly

Statement on auditing standards - external confirmations.

Statement on Auditing Standards (SAS) External Confirmations supersedes SAS No. 67, The Confirmation Process (AICPA, Professional Standards, vol. 1, AU sec. 330).
CONTENTS

Introduction
Scope of This Statement on Auditing Standards/1
External Confirmation Procedures to Obtain
 Audit Evidence/2-3
Effective Date/4
Objective/5
Definitions/6
Requirements
External Confirmation Procedures/7
Management's Refusal to Allow the Auditor to
 Perform External Confirmation
 Procedures/8-9
Results of the External Confirmation
 Procedures/10-14
Negative Confirmations/15
Evaluating the Evidence Obtained/16
Application and Other Explanatory Material
Definitions/A 1
External Confirmation Procedures/A2-A8
Management's Refusal to Allow the Auditor to
 Perform External Confirmation
 Procedures/A9-A 11
Results of the External Confirmation
 Procedures/A 12-A31
Negative Confirmations/A32
Evaluating the Evidence Obtained/A33-A34
Appendix: Conforming Amendments to Clarified
 Statement on Auditing Standards Performing
 Audit Procedures in Response to Assessed Risks
 and Evaluating the Audit Evidence Obtained
 (Redrafted) as a Result of Clarified Statement
 on Auditing Standards External
 Confirmations/A35
Exhibit: Comparison of Statement on Auditing
 Standards External Confirmations With
 International Standard on Auditing 505,
 External Confirmations/A36


INTRODUCTION

Scope of This Statement on Auditing Standards

1. This Statement on Auditing Standards (SAS) addresses the auditor's use of external confirmation procedures to obtain audit evidence, in accordance with the requirements of the clarified SASs Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted) and Audit Evidence (Redrafted). It does not address inquiries regarding litigation, claims, and assessments, which are addressed in the proposed SAS Audit Evidence--Specific Considerations for Selected Items.

External Confirmation Procedures to Obtain Audit Evidence

2. The clarified SAS Audit Evidence (Redrafted) indicates that the reliability of audit evidence is influenced by its source and nature and is dependent on the individual circumstances under which it is obtained. (1) That clarified SAS also includes the following generalizations applicable to audit evidence: (2)

* Audit evidence is more reliable when it is obtained from independent sources outside the entity

* Audit evidence obtained directly by the auditor is more reliable than audit evidence obtained indirectly or by inference.

* Audit evidence is more reliable when it exists in documentary form, whether paper, electronic, or other medium.

Accordingly, depending on the circumstances of the audit, audit evidence in the form of external confirmations received directly by the auditor from confirming parties may be more reliable than evidence generated internally by the entity. This SAS is intended to assist the auditor in designing and performing external confirmation procedures to obtain relevant and reliable audit evidence.

3. Other SASs recognize the importance of external confirmations as audit evidence; for example

* the clarified SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted) discusses the auditor's responsibility (a) to design and implement overall responses to address the assessed risks of material misstatement at the financial statement level and (b) to design and perform further audit procedures whose nature, timing, and extent are based on, and are responsive to, the assessed risks of material misstatement at the relevant assertion level. (3) In addition, the clarified SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted) requires that, irrespective of the assessed risks of material misstatement, the auditor design and perform substantive procedures for all relevant assertions related to each material class of transactions, account balance, and disclosure. (4) The auditor is required to consider whether external confirmation procedures are to be performed as substantive audit procedures and is required to use external confirmation procedures for accounts receivable unless

--the overall account balance is immaterial,

--external confirmation procedures would be ineffective, or

--the auditor's assessed level of risk of material misstatement at the relevant assertion level is low, and the other planned substantive procedures address the assessed risk. (5)

* the clarified SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted) requires that the auditor obtain more persuasive audit evidence the higher the auditor's assessment of risk. (6) To do this, the auditor may increase the quantity of the evidence or obtain evidence that is more relevant or reliable, or both. For example, the auditor may place more emphasis on obtaining evidence directly from third parties or obtaining corroborating evidence from a number of independent sources. The clarified SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted) also indicates that external confirmation procedures may assist the auditor in obtaining audit evidence with the high level of reliability that the auditor requires to respond to significant risks of material misstatement, whether due to fraud or error. (7)

* the proposed SAS Consideration of Fraud in a Financial Statement Audit (Redrafted) indicates that the auditor may design confirmation requests to obtain additional corroborative information as a response to address the assessed risks of material misstatement due to fraud at the assertion level. (8)

* the clarified SAS Audit Evidence (Redrafted) indicates that corroborating information obtained from a source independent of the entity (such as external confirmations) may increase the assurance the auditor obtains from evidence existing within the accounting records or representations made by management. (9)

Effective Date

4. This proposed SAS is effective for audits of financial statements for periods ending on or after December 15, 2012.

OBJECTIVE

5. The objective of the auditor, when using external confirmation procedures, is to design and perform such procedures to obtain relevant and reliable audit evidence.

DEFINITIONS

6. For purposes of generally accepted auditing standards, the following terms have the meanings attributed as follows:

External confirmation. Audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), either in paper form or by electronic or other medium (for example, through the auditor's direct access to information held by a third party). (Ref: par. A1)

Positive confirmation request. A request that the confirming party respond directly to the auditor by providing the requested information or indicating whether the confirming party agrees or disagrees with the information in the request.

Negative confirmation request. A request that the confirming party respond directly to the auditor only if the confirming party disagrees with the information provided in the request.

Nonresponse. A failure of the confirming party to respond, or fully respond, to a positive confirmation request or a confirmation request returned undelivered.

Exception. A response that indicates a difference between information requested to be confirmed, or contained in the entity's records, and information provided by the confirming party

REQUIREMENTS

External Confirmation Procedures

7. When using external confirmation procedures, the auditor should maintain control over external confirmation requests, including

a. determining the information to be confirmed or requested; (Ref: par. A2)

b. selecting the appropriate confirming party; (Ref: par. A3)

c. designing the confirmation requests, including determining that requests are properly directed to the appropriate confirming party and provide for being responded to directly to the auditor; and (Ref: par. A4-A7)

d. sending the requests, including follow-up requests, when applicable, to the confirming party (Ref: par. A8)

Management's Refusal to Allow the Auditor to Perform External Confirmation Procedures

8. if management refuses to allow the auditor to perform external confirmation procedures, the auditor should

a. inquire about management's reasons for the refusal and seek audit evidence about their validity and reasonableness; (Ref: par. A9)

b. evaluate the implications of management's refusal on the auditor's assessment of the relevant risks of material misstatement, including the risk of fraud, and on the nature, timing, and extent of other audit procedures; and (Ref: par. al0)

c. perform alternative audit procedures designed to obtain relevant and reliable audit evidence. (Ref: par. A11)

9. If the auditor concludes that management's refusal to allow the auditor to perform external confirmation procedures is unreasonable or the auditor is unable to obtain relevant and reliable audit evidence from alternative audit procedures, the auditor should communicate with those charged with governance, in accordance with the clarified SAS The Auditor's Communication With Those Charged With Governance (Redrafted). (10) The auditor also should determine the implications for the audit and the auditor's opinion, in accordance with the proposed SAS Forming an Opinion and Reporting on Financial Statements.

Results of the External Confirmation Procedures

Reliability of Responses to Confirmation Requests

10. If the auditor identifies factors that give rise to doubts about the reliability of the response to a confirmation request, the auditor should obtain further audit evidence to resolve those doubts. (Ref: par. M2-A22)

11. If the auditor determines that a response to a confirmation request is not reliable, the auditor should evaluate the implications on the assessment of the relevant risks of material misstatement, including the risk of fraud, and on the related nature, timing, and extent of other audit procedures. (Ref: par. A23)

Nonresponses and Oral Responses

12. In the case of each nonresponse, the auditor should perform alternative audit procedures to obtain relevant and reliable audit evidence. (Ref: par. A24-A27)

When a Written Response to a Positive Confirmation Request Is Necessary to Obtain Sufficient Appropriate Audit Evidence

13. If the auditor has determined that a written response to a positive confirmation request is necessary to obtain sufficient appropriate audit evidence, alternative audit procedures will not provide the audit evidence the auditor requires. If the auditor does not obtain such confirmation, the auditor should determine the implications for the audit and the auditor's opinion, in accordance with the proposed SAS Forming an Opinion and Reporting on Financial Statements. (Ref: par. A28-A29)

Exceptions

14. The auditor should investigate exceptions to determine whether they are indicative of misstatements. (Ref: par. A30-A31)

Negative Confirmations

15. Negative confirmations provide less persuasive audit evidence than positive confirmations. Accordingly, the auditor should not use negative confirmation requests as the sole substantive audit procedure to address an assessed risk of material misstatement at the assertion level, unless all of the following are present:

a. The auditor has assessed the risk of material misstatement as low and has obtained sufficient appropriate audit evidence regarding the operating effectiveness of controls relevant to the assertion.

b. The population of items subject to negative confirmation procedures comprises a large number of small, homogeneous account balances, transactions, or conditions.

c. A very low exception rate is expected.

d. The auditor is not aware of circumstances or conditions that would cause recipients of negative confirmation requests to disregard such requests. (Ref: par. A32)

Evaluating the Evidence Obtained

16. The auditor should evaluate whether the results of the external confirmation procedures provide relevant and reliable audit evidence or whether further audit evidence is necessary. (Ref: par. A33-A34)

APPLICATION AND OTHER EXPLANATORY MATERIAL

Definitions (Ref: par. 6)

A1. The auditor's direct access to information held by a third party (the confirming party) may meet the definition of an external confirmation when, for example, the auditor is provided by the confirming party with the electronic access codes or information necessary to access a secure website where data that addresses the subject matter of the confirmation is held. The auditor's access to information held by the confirming party may also be facilitated by a third-party service provider. When access codes or information necessary to access the confirming party's data is provided to the auditor by management, evidence obtained by the auditor from access to such information does not meet the definition of an external confirmation.

External Confirmation Procedures Determining the Information to Be Confirmed or Requested (Ref: par. 7(a))

A2. External confirmation procedures frequently are performed to confirm or request information regarding account balances, elements thereof, and disclosures. They also may be used to confirm the terms of agreements, contracts, or transactions between an entity and other parties or to confirm the absence of certain conditions, such as a "side agreement."

Selecting the Appropriate Confirming Party (Ref: par. 7(b))

A3. Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed. For example, a financial institution official who is knowledgeable about the transactions or arrangements for which confirmation is requested may be the most appropriate person at the financial institution from whom to request confirmation.

Designing Confirmation Requests (Ref: par. 7(c))

A4. The design of a confirmation request may directly affect the confirmation response rate and the reliability and nature of the audit evidence obtained from responses.

A5. Factors to consider when designing confirmation requests include the following:

* The assertions being addressed.

* Specific identified risks of material misstatement, including fraud risks.

* The layout and presentation of the confirmation request.

* Prior experience on the audit or similar engagements.

* The method of communication (for example, in paper form or by electronic or other medium).

* Management's authorization or encouragement to the confirming parties to respond to the auditor. Confirming parties may only be willing to respond to a confirmation request containing management's authorization.

* The ability of the intended confirming party to confirm or provide the requested information (for example, individual invoice amount versus total balance).

A6. A positive external confirmation request asks the confirming party to reply to the auditor in all cases, either by indicating the confirming party's agreement with the given information or asking the confirming party to provide information. A response to a properly designed positive confirmation request ordinarily is expected to provide reliable audit evidence. A risk exists, however, that a confirming party may reply to the confirmation request without verifying that the information is correct. The auditor may reduce this risk by using positive confirmation requests that do not state the amount (or other information) on the confirmation request and that ask the confirming party to fill in the amount or furnish other information. On the other hand, use of this type of "blank" confirmation request may result in lower response rates because additional effort is required from the confirming parties to provide the requested information.

A7. Determining that requests are properly addressed includes verifying the accuracy of the addresses, including testing the validity of some or all of the addresses on the confirmation requests before they are sent out, regardless of the confirmation method used. When a confirmation request is sent by e-mail, the auditor's determination that the request is being properly directed to the appropriate confirming party may include performing procedures to test the validity of some or all of the e-mail addresses supplied by management. The nature and extent of the necessary procedures is dependent on the risks associated with the particular type of confirmation or address. For example, a confirmation addressing a higher risk assertion or a confirmation address that appears to be potentially less reliable (for example, an electronic confirmation addressed in a manner that appears easier to falsify) may necessitate different or more extensive procedures to determine that the request is directed to the intended recipient. See further guidance in paragraphs A 14-A 15.

Follow-Up on Confirmation Requests (Ref: par. 7(d))

A8. The auditor may send an additional confirmation request when a reply to a previous request has not been received within a reasonable time. For example, the auditor may, having reverified the accuracy of the original address, send an additional or follow-up request.

Management's Refusal to Allow the Auditor to Perform External Confirmation Procedures Reasonableness of Management's Refusal (Ref: par. 8(a))

A9. A refusal by management to allow the auditor to perform external confirmation procedures is a limitation on the audit evidence the auditor seeks to obtain; therefore, the auditor is required to inquire about the reasons for the limitation. A common reason offered by management is the existence of a legal dispute or ongoing negotiation with the intended confirming party, the resolution of which may be affected by an untimely confirmation request. The auditor is required to seek audit evidence about the validity and reasonableness of the reasons for management's refusal because of the risk that management may be attempting to deny the auditor access to audit evidence that may reveal fraud or error.

Implications for the Assessment of Risks of Material Misstatement (Ref: par. 8(b))

A10. The auditor may conclude from the evaluation in paragraph 8(b) that it would be appropriate to revise the assessment of the risks of material misstatement at the assertion level and modify planned audit procedures, in accordance with the clarified SAS Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Redrafted). (11) For example, if management's request to not confirm is unreasonable, this may indicate a fraud risk factor that requires evaluation, in accordance with the proposed SAS Consideration of Fraud in a Financial Statement Audit (Redrafted). (12)

Alternative Audit Procedures (Ref: par. 8(c))

A11. The alternative audit procedures performed may be similar to those appropriate for a nonresponse, as set out in paragraphs A24-A27 of this SAS. Such procedures also would take into account the results of the auditor's evaluation in paragraph 8(b) of this SAS.

Results of the External Confirmation Procedures

Reliability of Responses to Confirmation Requests (Ref: par. 10)

A12. The clarified SAS Audit Evidence (Redrafted) indicates that even when audit evidence is obtained from sources external to the entity, circumstances may exist that affect its reliability. (13) All responses carry some risk of interception, alteration, or fraud. Such risk exists regardless of whether a response is obtained in paper form or by electronic or other medium. Factors that may indicate doubts about the reliability of a response include whether it

* was received by the auditor indirectly or

* appeared not to come from the originally intended confirming party

A13. The auditor's consideration of the reliability of the information obtained through the confirmation process to be used as audit evidence includes consideration of the risks that

a. the information obtained may not be from an authentic source,

b. a respondent may not be knowledgeable about the information to be confirmed, and

c. the integrity of the information may have been compromised.

When an electronic confirmation process or system is used, the auditor's consideration of the risks described in (a)-(c) includes the consideration of risks that the electronic confirmation process is not secure or is improperly controlled.

A14. Responses received electronically (for example, by fax or e-mail) involve risks relating to reliability because proof of origin or identity of the confirming party may be difficult to establish, and alterations may be difficult to detect. The auditor may determine that it is appropriate to address such risks by utilizing a system or process that validates the respondent or by directly contacting the purported sender (for example, by telephone) to validate the identity of the sender of the response and to validate that the information received by the auditor corresponds to what was transmitted by the sender.

A15. An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. Creating a secure confirmation environment depends on the process or mechanism used by the auditor and the respondent to minimize the possibility that the results will be compromised because of interception or alteration of the confirmation. If the auditor is satisfied that such a system or process is secure and properly controlled, evidence provided by responses received using the system or process may be considered reliable. Various means might be used to validate the source of the electronic information. For example, the use of encryption, electronic digital signatures, and procedures to verify website authenticity may improve the security of the electronic confirmation system or process. If a system or process that facilitates electronic confirmation between the auditor and the respondent is in place and the auditor plans to rely on the controls over such a system or process, an assurance trust services report (for example, Systrust) or another assurance report on that system or process may assist the auditor in assessing the design and operating effectiveness of the electronic and manual controls with respect to that system or process. Such an assurance report may address the risks described in paragraph A13. If these risks are not adequately addressed in such a report, the auditor may perform additional procedures to address those risks.

A16. The auditor is required by the clarified SAS Audit Evidence (Redrafted) to determine whether to modify or add procedures to resolve doubts over the reliability of information to be used as audit evidence. (14) The auditor may choose to verify the source and contents of a response to a confirmation request by contacting the confirming party (for example, as described in paragraph A14). When a response has been returned to the auditor indirectly (for example, because the confirming party incorrectly addressed it to the entity rather than the auditor), the auditor may request the confirming party to respond in writing directly to the auditor.

Disclaimers and Other Restrictions in Confirmation Responses

A17. A response to a confirmation request may contain restrictive language regarding its use. Such restrictions do not necessarily invalidate the reliability of the response as audit evidence. Whether the auditor may rely on the information confirmed and the degree of such reliance will depend on the nature and substance of the restrictive language.

A18. Restrictions that appear to be boilerplate disclaimers of liability may not affect the reliability of the information being confirmed. Examples of such disclaimers may include the following:

* Information is furnished as a matter of courtesy without a duty to do so and without responsibility, liability, or warranty, express or implied.

* The reply is given solely for the purpose of the audit without any responsibility on the part of the respondent, its employees, or its agents, and it does not relieve the auditor from any other inquiry or the performance of any other duty.

A19. Other restrictive language also may not affect the reliability of a response if it does not relate to the assertion being tested. For example, in a confirmation of investments, a disclaimer regarding the valuation of the investments may not affect the reliability of the response if the auditor's objective in using the confirmation request is to obtain audit evidence regarding whether the investments exist.

A20. Certain restrictive language may, however, cast doubt about the completeness or accuracy of the information contained in the response or on the auditor's ability to rely on such information. Examples of such restrictions may include the following:

* Information is obtained from electronic data sources, which may not contain all information in the respondent's possession.

* Information is not guaranteed to be accurate nor current and may be a matter of opinion.

* The recipient may not rely upon the information in the confirmation.

A21. When the auditor has doubts about the reliability of the response as a result of restrictive language, then, in accordance with paragraph 10, the auditor is required to obtain further audit evidence to resolve those doubts. When the practical effect of the restrictive language is difficult to ascertain in the particular circumstances, the auditor may consider it appropriate to seek clarification from the respondent or seek legal advice.

A22. If the auditor is unable to resolve the doubts about the reliability of a response as a result of restrictive language, then, in accordance with paragraph 11, the auditor is required to evaluate the implications on the assessment of the relevant risks of misstatement, including the risk of fraud, and on the related nature, timing, and extent of other audit procedures. The nature, timing, and extent of such procedures will depend on factors such as the nature of the financial statement item, the assertion being tested, the nature and substance of the restrictive language, and relevant information obtained through other audit procedures.

Unreliable Responses (Ref: par. 11)

A23. When the auditor concludes that a response is unreliable, the auditor may need to revise the assessment of the risks of material misstatement at the assertion level and modify planned audit procedures accordingly, in accordance with the clarified SAS Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Redrafted). (15) For example, an unreliable response may indicate a fraud risk factor that requires evaluation, in accordance with the proposed SAS Consideration of Fraud in a Financial Statement Audit (Redrafted). (16)

Nonresponses and Oral Responses (Ref: par. 12)

A24. The nature and extent of alternative procedures are affected by the account and assertion in question. Examples of alternative audit procedures the auditor may perform include the following:

* For accounts receivable balances, examining specific subsequent cash receipts (including matching such receipts with the actual items being paid), shipping documentation, or other client documentation providing evidence for the existence assertion

* For accounts payable balances, examining subsequent cash disbursements or correspondence from third parties and other records, such as receiving reports and statements that the client receives from vendors providing evidence for the completeness assertion

A25. A nonresponse to a confirmation request may indicate a previously unidentified risk of material misstatement. In such situations, the auditor may need to revise the assessed risk of material misstatement at the assertion level and modify planned audit procedures, in accordance with the clarified SAS Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Redrafted). (17) For example, a fewer or greater number of responses to confirmation requests than anticipated may indicate a previously unidentified fraud risk factor that requires evaluation, in accordance with the proposed SAS Consideration of Fraud in a Financial Statement Audit (Redrafted). (18)

A26. The auditor may determine that it is not necessary to perform additional alternative audit procedures beyond the evaluation of the confirmation results if such evaluation indicates that relevant and reliable audit evidence has already been obtained. This may be the case when testing for overstatement of amounts and (a) the nonresponses in the aggregate, projected as 100 percent misstatements to the population and added to the sum of all other unadjusted differences, would not affect the auditor's decision about whether the financial statements are materially misstated and (b) the auditor has not identified unusual qualitative factors or systematic characteristics related to the nonresponses, such as that all nonresponses pertain to year-end transactions.

A27. An oral response to a confirmation request does not meet the definition of an external confirmation because it is not a direct written response to the auditor. Provided that the auditor has not concluded that a direct written response to a positive confirmation is necessary to obtain sufficient appropriate audit evidence, the auditor may take the receipt of an oral response to a confirmation request into consideration when determining the nature and extent of alternative audit procedures required to be performed for nonresponses, in accordance with paragraph 12. The auditor may perform additional procedures to address the reliability of the evidence provided by the oral response, such as initiating a call to the respondent using a telephone number that the auditor has independently verified as being associated with the entity For example, the auditor might call the main telephone number obtained from a reliable source and ask to be directed to the named respondent instead of calling a direct extension provided by the client or included in the statement or other correspondence received by the entity. The auditor may determine that the additional evidence provided by contacting the respondent directly, together with the evidence upon which the original confirmation request is based (for example, a statement or other correspondence received by the entity), is sufficient appropriate audit evidence. In appropriately documenting the oral response, the auditor may include specific details, such as the identity of the person from whom the response was received, his or her position, and the date and time of the conversation.

When a Written Response to a Positive Confirmation Request Is Necessary to Obtain Sufficient Appropriate Audit Evidence (Ref. par. 13)

A28. In certain circumstances, the auditor may identify an assessed risk of material misstatement at the assertion level for which a response to a positive confirmation request is necessary to obtain sufficient appropriate audit evidence. Such circumstances may include the following:

* The information available to corroborate management's assertion(s) is only available outside the entity.

* Specific fraud risk factors, such as the risk of management override of controls or the risk of collusion, which can involve employee(s) or management, or both, prevent the auditor from relying on evidence from the entity.

A29. When the auditor has determined that a written response is necessary to obtain sufficient appropriate audit evidence and the auditor has obtained only an oral response to a confirmation request, the auditor may request the confirming party to respond in writing directly to the auditor. If no such response is received, in accordance with paragraph 13, alternative audit procedures will not provide the audit evidence the auditor requires, and the auditor is required to determine the implications for the audit and the auditor's opinion, in accordance with the proposed SAS Forming an Opinion and Reporting on Financial Statements.

Exceptions (Ref: par. 14)

A30. Exceptions noted in responses to confirmation requests may indicate misstatements or potential misstatements in the financial statements. When a misstatement is identified, the auditor is required by the proposed SAS Consideration of Fraud in a Financial Statement Audit (Redrafted) to evaluate whether such misstatement is indicative of fraud. (19) Exceptions may provide a guide to the quality of responses from similar confirming parties or for similar accounts. Exceptions also may indicate a deficiency, or deficiencies, in the entity's internal control over financial reporting.

A31. Some exceptions do not represent misstatements. For example, the auditor may conclude that differences in responses to confirmation requests are due to timing, measurement, or clerical errors in the external confirmation procedures.

Negative Confirmations (Ref: par. 15)

A32. The failure to receive a response to a negative confirmation request does not indicate receipt by the intended confirming party of the confirmation request or verification of the accuracy of the information contained in the request. Accordingly, a failure of a confirming party to respond to a negative confirmation request provides significantly less persuasive audit evidence than does a response to a positive confirmation request. Confirming parties also may be more likely to respond indicating their disagreement with a confirmation request when the information in the request is not in their favor but less likely to respond otherwise. For example, holders of bank deposit accounts may be more likely to respond if they believe that the balance in their account is understated in the confirmation request but less likely to respond when they believe the balance is overstated. Therefore, sending negative confirmation requests to holders of bank deposit accounts may be a useful procedure in considering whether such balances may be understated but is unlikely to be effective if the auditor is seeking evidence regarding overstatement.

Evaluating the Evidence Obtained (Ref: par. 16)

A33. When evaluating the results of individual external confirmation requests, the auditor may categorize such results as follows:

a. A response by the appropriate confirming party indicating agreement with the information provided in the confirmation request or providing requested information without exception

b. A response deemed unreliable

c. A nonresponse

d. A response indicating an exception

A34. The auditor's evaluation, when taken into account with other audit procedures the auditor may have performed, may assist the auditor in concluding whether sufficient appropriate audit evidence has been obtained or whether further audit evidence is necessary, as required by the clarified SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted). (20)

A35.

APPENDIX: CONFORMING AMENDMENTS TO CLARIFIED STATEMENT ON AUDITING STAN DARDS PERFORMING AUDIT PROCEDURES IN RESPONSE TO ASSESSED RISKS AND EVALUATING THE AUDIT EVIDENCE OBTAINED (REDRAFTED) AS A RESULT OF CLARIFIED STATEMENT ON AUDITING STAN DARDS EXTERNAL CONFIRMATIONS

18(a) The auditor should consider whether external confirmation procedures are to be performed as substantive audit procedures. (Ref: par. aS0(a)-k50(f))

18fb) The auditor should use external confirmation procedures for accounts receivable, except when one or more of the following is applicable: (Ref: par. AS0(e))

a. The overall account balance is immaterial.

b. External confirmation procedures for accounts receivable would be ineffective. (Ref: par. A50(d) and A50(t))

c. The auditor's assessed level of risk of material misstatement at the relevant assertion level is low, and the other planned substantive procedures address the assessed risk. In many situations, the use of external confirmation procedures for accounts receivable and the performance of other substantive procedures are necessary to reduce the assessed risk of material misstatement to an acceptably low level.

The auditor should document the basis for any determination not to use external confirmation procedures for accounts receivable when the account balance is material.

Considering Whether External Confirmation Procedures Are to Be Performed (Ref: par. 18(a)-18(b))

A50(a). External confirmation procedures frequently may be relevant when addressing assertions associated with account balances and their elements but need not be restricted to these items. For example the auditor may request external confirmation of the terms of agreements, contracts or transactions between an entity and other parties. External confirmation procedures also may be performed to obtain audit evidence about the absence of certain conditions. For example, a request may specifically seek confirmation that no "side agreement" exists that may be relevant to an entity's revenue cut-off assertion. Other situations in which external confirmation procedures may provide relevant audit evidence in responding to assessed risks of material misstatement include the following:

* Bank balances and other information relevant to banking relationships

* Inventories held by third parties at bonded warehouses for processing or on consignment

* Property title deeds held by lawyers or financiers for safe custody or as security

* Investments held for safekeeping by third parties or purchased from stockbrokers but not delivered at the balance sheet date

* Amounts due to lenders, including relevant terms of repayment and restrictive covenants

* Accounts payable balances and terms

A50(b). Although external confirmations may provide relevant audit evidence relating to certain assertions some assertions exist for which external confirmations provide less relevant audit evidence. For example external confirmations provide less relevant audit evidence relating to the recoverability of accounts receivable balances than they do of their existence.

A50(c). The auditor may determine that external confirmation procedures performed for one purpose provide an opportunity to obtain audit evidence about other matters. For example confirmation requests for bank balances often include requests for information relevant to other financial statement assertions. Such considerations may influence the auditor's decision about whether to perform external confirmation procedures.

A50(d). Factors that may assist the auditor in determining whether external confirmation procedures are to be performed as substantive audit procedures include the following:

* The confirming party's knowledge of the subject matter. Responses may be more reliable if provided by a person at the confirming party who has the requisite knowledge about the information being confirmed.

* The ability or willingness of the intended confirming party to respond. For example, the confirming party

--may not accept responsibility for responding to a confirmation request,

--may consider responding too costly or time consuming,

--may have concerns about the potential legal liability resulting from responding.

--may account for transactions in different currencies, or

--may operate in an environment in which responding to confirmation requests is not a significant aspect of day-to-day operations.

In such situations, confirming parties may not respond, may respond in a casual manner, or may attempt to restrict the reliance placed on the response.

* The objectivity of the intended confirming party If the confirming party is a related party of the entity, responses to confirmation requests may be less reliable.

A50(e). For the purpose of this SAS, accounts receivable means

a. the entity's claims against customers that have arisen from the sale of goods or services in the normal course of business and

b. a financial institution's loans.

A50(f). External confirmation procedures may be ineffective when. based on prior years' audit experience or experience with similar entities

* response rates to properly designed confirmation requests will be inadequate or

* responses are known or expected to be unreliable.

If the auditor has experienced poor response rates to properly designed confirmation requests in prior audits, the auditor may instead consider changing the manner in which the confirmation process is performed, with the objective of increasing the response rates, or may consider obtaining audit evidence from other sources.

A36.

EXHIBIT: COMPARISON OF STATEMENT ON AUDITING STAR DARDS EXTERNAL CONFIRMATIONS WITH INTERNATIONAL STANDARD ON AUDITING 505, EXTERNAL CONFIRMATIONS

This analysis was prepared by the Audit and Attest Standards staff to highlight substantive differences between the clarified Statement on Auditing Standards (SAS) External Confirmations and International Standard on Auditing (ISA) 505, External Confirmations, and the rationale therefore. This analysis is not authoritative and is prepared for informational purposes only. It has not been acted on, or reviewed by, the Auditing Standards Board (ASB).

Definition of External Confirmation

The ASB has expanded the definition of an external confirmation to include direct access by the auditor to information held by a third party as an example of other medium. Third-party involvement is increasingly common, and the ASB believes that the inclusion of this concept clarifies the definition. The ASB believes this clarification is an improvement to the definition in ISA 505 because it specifically addresses a situation that is becoming increasingly common, and this change to the definition in ISA 505 is consistent with the intent of the International Auditing and Assurance Standards Board's definition.

(1.) Paragraph A5 of the clarified Statement on Auditing Standards (SAS) Audit Evidence (Redrafted).

(2.) Paragraph A32 of the clarified SAS Audit Evidence (Redrafted).

(3.) Paragraphs 5,-6 of the clarified SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted).

(4.) Paragraph 18 of the clarified SAS Performing Audit procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted)

(5.) Paragraphs 18(a)-18(b) of the appendix "Conforming Amendments to Clarified Statement on Auditing Standards Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted) as a Result of Clarified Statement on Auditing Standards External Confirmations" of the clarified SAS External Confirmations.

(6.) Paragraph 7(b) of the clarified SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted).

(7.) Paragraph A52 of the clarified SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted).

(8.) Paragraph A40 of the proposed SAS Consideration of Fraud in a Financial Statement Audit (Redrafted).

(9.) Paragraph AB of the clarified SAS Audit Evidence (Redrafted).

(10.) Paragraph 12 of the clarified SAS The Auditor's Communication With Those Charged With Governance (Redrafted).

(11.) Paragraph 32 of the clarified SAS Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (Redrafted).

(12.) Paragraph 24 of the proposed SAS Consideration of Fraud in a Financial Statement Audit (Redrafted).

(13.) See footnote 2.

(14.) Paragraph 9 of the clarified SAS Audit Evidence (Redrafted).

(15.) See footnote 11

(16.) Paragraph 24 of the proposed SAS Consideration of Fraud in a Financial Statement Audit (Redrafted).

(17.) See footnote 11

(18.) See footnote 16.

(19.) Paragraph 35 of the proposed SAS Consideration of Fraud in a Financial Statement Audit (Redrafted)

(20.) Paragraphs 26-27 of the clarified SAS Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (Redrafted).
COPYRIGHT 2010 American Institute of CPA's
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2010 Gale, Cengage Learning. All rights reserved.

 
Article Details
Printer friendly Cite/link Email Feedback
Publication:Journal of Accountancy
Date:Nov 1, 2010
Words:6528
Previous Article:Statement on auditing standards - related parties (redrafted).
Next Article:Statement on auditing standards - subsequent events and subsequently discovered facts.
Topics:

Terms of use | Privacy policy | Copyright © 2018 Farlex, Inc. | Feedback | For webmasters