Blog  |  About CPA2Biz  |  AICPA.org  |  AICPA Store
NEW - Functionality - Look and Feel

Confirmation.com

Audit Confirmation Regulatory Guidance


AICPA   |   PCAOB   |   IAASB
AICPA

AU Section 330:  The Confirmation Process

Guidance

What Confirmation.com Provides
Respondent
.27 The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence. 
  • In-Network offering uses a unique authentication and authorization process to verify the authenticity of each user. This eliminates the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
Performing Confirmation Procedures
.28 During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses.  Maintaining control means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because the interception and alteration of the confirmation requests or responses.
  • Uses the highest level of security to ensure privacy and data integrity.
  • Allows an auditor to send audit confirmation requests directly to the intended responder.
  • Confirmation.com has a SOC 3 Systrust/Web Trust certification performed every six months.

AU Section 9330:  Auditing Interpretations of AU 330

Guidance

What Confirmation.com Provides

.03 The auditor's consideration of the reliability of the information obtained through the confirmation process to be used as audit evidence includes consideration of the risks that:

  • The information obtained may not be from an authentic source
  • A respondent may not be knowledgeable about the information to be confirmed
  • The integrity of the information may have been compromised
  • In-Network offering uses a unique authentication and authorization process to verify the authenticity of each user. This eliminates the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
.03 The key to creating a secure confirmation environment lies in the process or mechanism used by the auditor and the respondent to minimize the possibility that the results will be compromised because of interception or alteration of the confirmation.
  • Utilizes multiple layers of authentication and security to validate the authenticity of users, ensure privacy and data integrity.
.07 If a system or process that facilitates electronic confirmations between the auditor and the confirmation respondent is in place and the auditor plans to rely on such a system or process, an assurance trust services report such as SysTrust, or another auditor's report on that process, may assist the auditor in assessing the design and operating effectiveness of the electronic and manual controls with respect to that process.
  • SOC 3 audited and SysTrust certified every six months.
  • ISO 27001 annual review.

AU Section 326: Audit Evidence

Guidance

What Confirmation.com Provides
Sufficient Appropriate Audit Evidence
.08 Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.
  • Confirmation.com has a SOC 3 Systrust/Web Trust certification performed every six months.

Practice Alert 03-1: Audit Confirmations

Guidance

What Confirmation.com Provides
.19 If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses.
  • Confirmation.com has a SOC 3 Systrust/Web Trust certification performed every six months.
  • Uses the highest level of security to ensure privacy and data integrity.
  • In-Network offering uses a unique authentication and authorization process to verify the authenticity of each user. This eliminates the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
PCAOB

AU Section 330: The Confirmation Process

Guidance

What Confirmation.com Provides
Respondent
.27 The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence.
  • In-Network offering uses a unique authentication and authorization process to verify the authenticity of each user. This eliminates the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
Performing Confirmation Procedures
.29 During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses. Maintaining control means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because the interception and alteration of the confirmation requests or responses.
  • Uses the highest level of security to ensure privacy and data integrity.
  • Allows an auditor to send audit confirmation requests directly to the intended responder.
  • Confirmation.com has a SOC 3 Systrust/Web Trust certification performed every six months.

AU Section 326:; Audit Evidence

Guidance

What Confirmation.com Provides
Sufficient Appropriate Audit Evidence
.08 Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.
  • Confirmation.com has a SOC 3 Systrust/Web Trust certification performed every six months.
IAASB

International Standards On Auditing 505: External Confirmations

Guidance

What Confirmation.com Provides
Control Over the Confirmation Process
A8 Control over communications between the intended confirming parties and the auditor minimizes the possibility that the results of the external confirmation process will not be reliable because of the interception, or alteration, of confirmation requests or responses.
  • Confirmation.com has a SOC 3 Systrust/Web Trust certification performed every six months.
  • Uses the highest level of security to ensure privacy and data integrity.
  • ISO 27001 annual review.
Identifying the Appropriate Confirming Party
A11 Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed.
  • In-Network offering uses a unique authentication and authorization process to verify the authenticity of each user. This eliminates the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

 

Next: Contact Us