Requirements

External Confirmation Procedures

7

When using external confirmation procedures, the auditor shall maintain control over external confirmation requests, including: 

  1. Determining the information to be confirmed or requested; (Ref: Para. A1)
  2. Selecting the appropriate confirming party; (Ref: Para. A2)
  3. Designing the confirmation requests, including determining that requests are properly addressed and contain return information for responses to be sent directly to the auditor; and (Ref: Para. A3-A6)
  4. Sending the requests, including follow-up requests when applicable, to the confirming party. (Ref: Para. A7)

Management’s Refusal to Allow the Auditor to Send a Confirmation Request

8

If management refuses to allow the auditor to send a confirmation request, the auditor shall: 

  1. Enquire as to management’s reasons for the refusal, and seek audit evidence as to their validity and reasonableness; (Ref: Para. A8)
  2. Evaluate the implications of management’s refusal on the auditor’s assessment of the relevant risks of material misstatement, including the risk of fraud, and on the nature, timing and extent of other audit procedures; and (Ref: Para. A9)
  3. Perform alternative audit procedures designed to obtain relevant and reliable audit evidence. (Ref: Para. A10)

9

If the auditor concludes that management’s refusal to allow the auditor to send a confirmation request is unreasonable, or the auditor is unable to obtain relevant and reliable audit evidence from alternative audit procedures, the auditor shall communicate with those charged with governance in accordance with ASA 260. [12] The auditor also shall determine the implications for the audit and the auditor’s opinion in accordance with ASA 705. [13]

Results of the External Confirmation Procedures

Reliability of Responses to Confirmation Requests

10

If the auditor identifies factors that give rise to doubts about the reliability of the response to a confirmation request, the auditor shall obtain further audit evidence to resolve those doubts. (Ref: Para. A11-A16)

11

If the auditor determines that a response to a confirmation request is not reliable, the auditor shall evaluate the implications on the assessment of the relevant risks of material misstatement, including the risk of fraud, and on the related nature, timing and extent of other audit procedures.  (Ref: Para. A17)

Non-Responses

12

In the case of each non-response, the auditor shall perform alternative audit procedures to obtain relevant and reliable audit evidence. (Ref: Para A18-A19)

When a Response to a Positive Confirmation Request Is Necessary to Obtain Sufficient Appropriate Audit Evidence

13

If the auditor has determined that a response to a positive confirmation request is necessary to obtain sufficient appropriate audit evidence, alternative audit procedures will not provide the audit evidence the auditor requires. If the auditor does not obtain such confirmation, the auditor shall determine the implications for the audit and the auditor’s opinion in accordance with ASA 705. (Ref: Para A20)

Exceptions

14

The auditor shall investigate exceptions to determine whether or not they are indicative of misstatements. (Ref: Para. A21-A22)

Negative Confirmations

15

Negative confirmations provide less persuasive audit evidence than positive confirmations. Accordingly, the auditor shall not use negative confirmation requests as the sole substantive audit procedure to address an assessed risk of material misstatement at the assertion level unless all of the following are present: (Ref: Para. A23)

  1. The auditor has assessed the risk of material misstatement as low and has obtained sufficient appropriate audit evidence regarding the operating effectiveness of controls relevant to the assertion; 
  2. The population of items subject to negative confirmation procedures comprises a large number of small, homogeneous, account balances, transactions or conditions; 
  3. A very low exception rate is expected; and 
  4. The auditor is not aware of circumstances or conditions that would cause recipients of negative confirmation requests to disregard such requests.

Evaluating the Evidence Obtained

16

The auditor shall evaluate whether the results of the external confirmation procedures provide relevant and reliable audit evidence, or whether further audit evidence is necessary.  (Ref: Para A24-A25)

12

See ASA 260 Communication with Those Charged with Governance, paragraph 16.

13

See ASA 705 Modifications to the Opinion in the Independent Auditor’s Report.