Blog  |  About  |  |  AICPA Store  |       
Featured Resources


Transforming Client Accounting Blog

What the PCAOB’s Proposed Standard Means for Audit Confirmations

In July, the PCAOB (the Board) issued a proposed revision to AU 330, The Confirmation Process, that if approved will modernize and expand the requirements of audit confirmations. Today, auditors use audit confirmations to obtain reliable audit evidence from third parties, which is an important part of the audit process. Since the current standard AU 330 was written more than 15 years ago, the Board agreed that the standard needed to reflect advances in technology—acknowledging that while technology can improve efficiency, it can also be used to perpetrate fraud, such as intercept confirmation requests and change confirmation responses before they reach the auditor.   

The proposed standard also addresses the continued deficiencies seen within the confirmation process itself by defining what a confirmation response is and isn’t, and expanding the types of accounts that are confirmed during an audit. Here are some key changes that will take place if the proposed standard is adopted by the Board:

1.      Expands Receivables Requirement expands the requirement of confirmation procedures to receivables that arise from credit sales, loans, or other transactions.

2.      Requires Confirmation for Cash requires auditors to perform confirmation procedures for cash and other relationships with financial institutions, such as:

a.      Lines of credit;

b.      Other indebtedness;

c.       Compensating balance; and

d.      Contingent liabilities including guarantees.

3.      Definition of Confirmation Responses—a confirmation response is audit evidence obtained as a direct communication to the auditor from a third party, either in paper form or by electronic or other medium.

4.      Confirm Validity of Addresses—requires an auditor to determine the validity of addresses in confirmation requests.

5.      Oral Confirmation Responses—An oral response to a confirmation request is audit evidence, but it does NOT meet the definition of a confirmation response.

6.      Internal Auditors Cannot Send Confirmations—To evaluate audit evidence obtained, auditors cannot use internal auditors to send confirmation requests, receive confirmation responses, or evaluate the audit evidence obtained from performing confirmation procedures.

7.      Negative Confirmations may be used to reduce audit risk to an acceptable level when:

a.      The combined assessed level of inherent and control risk is low;

b.      A large number of small balances is involved;

c.       The auditor reasonably expects a low exception rate;

d.      Auditor has no reason to believe that the recipients of the requests are unlikely to give them consideration.


An auditor should  perform other substantive procedures to supplement the use of negative confirmations.

8.      Alternative Procedures for Non-Responses requires the auditor to perform appropriate alternative procedures for all non-responses to positive confirmation requests.

9.      Investigate All Exceptions requires the auditor to investigate all exceptions in confirmation responses to determine why each exception occurred and whether any exceptions, individually or in the aggregate, are indicative of a misstatement or of a previously unidentified risk of material misstatement.

10.  Reliability of Electronic Confirmations—In assessing the reliability of electronic confirmation responses, the auditor should take into account the following risks:

  • Process might not be secure or properly controlled;
  • Not from a proper source; and
  • Integrity of the data may have been compromised.

11.  Direct Access—If account access codes are given to the auditor by management of the company and not the confirming party, evidence obtained by the auditor does NOT meet the definition of a confirmation response. It’s only considered audit evidence. If access codes are given to the auditor by the confirming party, the confirming party must also represent its acknowledgement of the use of the direct access by the auditor and that the files to be accessed are responsive to the auditor’s request.

12.  Disclaimer or Restrictive Language—If a disclaimer or restrictive language causes doubts about the reliability of a confirmation response, the auditor should obtain additional appropriate audit evidence.

To learn more about the PCAOB, AICPA and IAASB  proposed/new standards for audit confirmations, listen to our September 27 recorded webinar “Understanding the New Standards for Audit Confirmations” with speaker Brian Fox, CPA.


For more about standardizing your firm’s audit confirmation process, reducing your exposure to fraud, and increasing efficiency visit today.

Posted by CPA2Biz on 10/ 5/2010 in Client Accounting, Confirmations  |  Permalink  |  Comments (4)


Any discrepancy on audit reports must be dealt with properly. This will also prevent curbing tax cheats and more. It is also a good move to consult a lawyer regarding audits and taxes.

Composed ask for by the outside evaluator sent to a gathering having a money related connection with the customer and requiring an answer just on account of.

I agree with the last comment. This new proposition of the PCAOP will lead to the modernization and expansion of the requirements of audit confirmations.

If it is a new proposed standard, then they are aiming for universal compliance. It helps in curbing tax cheats on audit reports.

Verify Your Comment

Previewing Your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post A Comment