This ISA 505 facilitates the auditor in designing and implementing external confirmation procedures to obtain reliable and relevant audit evidence.
These external confirmation procedures are used to confirm or request information related to account balances, terms of agreements, contracts, or transactions.
There are the following types of confirmations:
- Positive confirmations: Data is sent and a response is requested, whether it is in agreement or not. This type is preferably used for assets.
- Indirect, blind or blank confirmations: Data is not sent, but information regarding balances, movements, or any other necessary audit data is requested. This type is generally used for liabilities.
- Negative confirmations: Data is sent and a response is requested only if they are not satisfied with it. This type is generally used for assets.
-ISA 505 in section A.11 discusses the reliability of responses to confirmation requests, explaining that all responses carry some risk of interception, alteration, or fraud, regardless of whether the circularization is done on paper, electronic support, or any other way.
–Section A.12 explains that these risks can be mitigated by the auditor and the respondent using a process that creates a secure environment for electronically received responses.
–Section A.24 “evaluation of obtained evidence” orients us on how to classify such results as follows:
- An appropriate confirming party response that indicates their agreement with the information contained in the confirmation request.
- A response considered unreliable.
- Lack of response.
- A response in disagreement
We emphasize that in the event of a possible refusal of the direction that the auditor send an information request, we must follow the following procedures:
a) Inquire about the reasons for management’s refusal and search audit about the validity and reasonability fo these reasons.
b) Evaluate the implications of management’s refusal on the auditor’s assessment of the corresponding risks of material misstatement, including the risk of fraud, and on the nature, timing, and extent of other audit procedures.
c) Apply alternative audit procedures designed to obtain relevant and reliable audit evidence.
If we conclude that management’s refusal is unreasonable, or if relevant and reliable audit evidence cannot be obtained through alternative audit procedures, we will contact the entity’s governance personnel (ISA 260) and determine the implications of these circumstances on the audit and opinion (ISA 705).
Gorka Quesada Zudaire – Technical Department ASD
Progress and go over to digital management of your Third-Party Confirmations.
ASD CONFIRMATION: The web tool that automates, controls and manages for you the sending of confirmations and their responses with third parties electronically and securely.