ISA 505 External Confirmations guides auditor on how to go about confirmation requests served to third parties outside the entity. As auditor may consider such confirmations as audit evidence therefore ISA 505 highlights the key areas that are important in this regard so that effectiveness of audit engagement is not compromised.
Auditor may obtain external confirmations from third parties to corroborate the audit evidence already available with the auditor. Auditor shall determine whether positive or negative request is appropriate given the condition. Responses or events of non-responses are required to be evaluated. Responses may be unreliable if they are served indirectly to the auditor, not served by the intended person or transmission is compromised and auditor may have to perform additional procedures to resolve doubts and suspicion. In events of non-responses or management refuse to permit auditor to seek confirmations, auditor shall assess if modification in the auditor’s report is necessary.