The Confirmation Process in AUASB Standards

Deciding Whether to Request a Bank Confirmation

6

ASA 330 requires the auditor to design and implement overall responses to address the risks of material misstatement identified and assessed by the auditor in accordance with ASA 315 Identifying and Assessing the Risks of Material Misstatement in an audit of a financial report. In particular, ASA 330 requires the auditor to consider whether external confirmation procedures are to be performed.[1]

7

The auditor may determine that bank confirmation procedures are to be performed when the entity’s banking activities, including treasury operations, are:

  1. significant;
  2. complex;
  3. unusual;
  4. have a heightened risk of fraud; or
  5. there are deficiencies in the entity’s control environment that may impact the assertions and disclosures regarding the entity’s banking activities.

8

In other instances, when:

  1. an entity’s banking activities are simple and straightforward;
  2. the auditor has considered the entity’s control environment and assessed the risk of material misstatement of bank-related account balances and disclosures as low; and
  3. there are other means to obtain sufficient appropriate audit evidence in respect of banking activities;

 

the auditor may decide not to request a bank confirmation.

9

The information to be confirmed may relate to:

  1. normal banking activities, such as:
    1. account balances at the period end for current accounts, interest bearing deposit accounts, foreign currency accounts, money market deposits, overdraft accounts, bank loans and term loans;
    2. interest rates and terms of other liabilities to the bank, such as bills of exchange, forward exchange contracts, letters of credit, guarantees and indemnities undertaken by the bank;
    3. items held as security for the entity’s liabilities to the bank;
    4. accounts opened or closed by the entity during the period; and
    5. unused limits and facilities; and/or
  2. treasury operations, such as:
    1. forward rate agreements;
    2. foreign currency contracts;
    3. interest rate swaps;
    4. options;
    5. treasury futures contracts; and
    6. other contractual arrangements.

10

Although external confirmations may provide relevant audit evidence relating to certain assertions, there are assertions for which external confirmations provide less relevant audit evidence. For example, external confirmation procedures may provide audit evidence for the existence assertion but not the accuracy, valuation and allocation or completeness assertions. In such circumstances, it may be necessary to consider performing alternative or additional audit procedures to address these assertions.

The Nature and Reliability of Evidence Obtained from a Bank Confirmation

11

ASA 500 Audit Evidence requires the auditor to design and perform audit procedures that are appropriate in the circumstances for the purpose of obtaining sufficient appropriate audit evidence, and consider the relevance and reliability of information to be used as audit evidence in an audit of a financial report.[2],[3]

12

The reliability of audit evidence is influenced by its source and by its nature and is dependent on the individual circumstances under which it is obtained.[4] The reliability of the evidence obtained from information contained in a response to a bank confirmation request, is influenced by the circumstances in which the request is made and the response received.

13

Whilst exceptions may exist, the reliability of audit evidence is generally increased when it is obtained from independent sources outside the entity, and obtained directly by the auditor.[5] However, even when audit evidence, such as a bank confirmation, is obtained from sources external to the entity, circumstances may exist that could affect the reliability of the information obtained. For example, all confirmation responses carry some risk of interception, alteration or fraud. Such risk exists regardless of whether a response is obtained in paper form, or through electronic or other medium.

14

ASA 200 requires the auditor to plan and perform an audit with professional scepticism recognising that circumstances may exist that cause the financial report to be materially misstated.[6] Unless the auditor has reason to believe the contrary, the auditor may accept records and documents as genuine.[7] If there is any indication that a confirmation response may not be reliable, ASA 505 emphasises the need for the auditor to consider the response’s reliability and to perform audit procedures to dispel any concern (for example, the auditor may choose to verify the source and contents of the response in a telephone call to the purported sender).[8]

Remaining Alert to the Possibility of Fraud

15

While the primary responsibility for the prevention and detection of fraud rests with both those charged with governance of the entity and management,[9] the auditor, in exercising professional scepticism, remains alert to the possibility of fraud in the bank confirmation process.

16

When determining whether to use bank confirmation requests, the auditor may consider the entity’s circumstances and its environment, the circumstances surrounding the confirmation process, and the information obtained from the confirmation process that may indicate a risk of material misstatement.

17

Being alert to the possibility of fraud may be particularly important when an external confirmation is the primary audit evidence for a material financial report item, particularly if the item itself is susceptible to fraud. This risk may arise, for example, when requesting confirmation of the existence of liquid funds and investments held by the entity in an offshore bank. In such circumstances, it may be necessary to consider performing alternative or additional audit procedures.

18

Professional scepticism is necessary to the critical assessment of audit evidence. For example, when dealing with unusual or unexpected responses to confirmation requests, such as a significant change in the number or timeliness of responses to bank confirmation requests relative to prior audits, or a non-response when a response would be expected.

1

See ASA 330, paragraphs 19 and A50-A53.

2

See ASA 500, paragraph 6.

3

See ASA 500, paragraphs 7 and A30-A44.

4

See ASA 500, paragraph A9.

5

See ASA 500, paragraph A35 and ASA 505, paragraph 2.

6

See ASA 200 paragraph 15.

7

See ASA 200, paragraph A24.

8

See ASA 505, paragraph 10.

9

See ASA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report, paragraph 4.