ISA 505 – External Confirmations

1 Understanding external confirmations

Auditor is required to obtain sufficient appropriate audit evidence to obtain reasonable assurance. In other words, audit evidence itself plays an important role in audit engagement. To obtain the evidence that qualifies for both sufficiency and appropriateness auditor is required to design and implement audit procedures in this regard.

ISA 500 states that audit evidence is more reliable if:

  • it is obtained from independent sources outside the entity
  • the controls over its preparation and maintenance are effective
  • it is obtained by auditor directly
  • it is in documented form instead of verbal or oral evidence
  • it is original rather than photocopies etc.

To obtain information directly and independent of entity’s influence auditor has the right to obtain confirmations from third parties outside the organization. Such confirmations are also referred as external confirmations.

These external confirmations are used to corroborate the information auditor already has acquired and increase the assurance of evidence already obtained.

ISA 505 provides guidance on how to use external confirmations to collect audit evidence.

2 External confirmation procedures

Formally external confirmation is defined as:

Audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium.

Two things to understand:

  • It is served to the auditor directly by the third party
  • It is a written response and may be in paper form (hard copy) or electronic form (soft copy) or any other medium

Few things auditor needs to decide regarding confirmation request include:

  1. Identify the information to be confirmed
  2. Identify the appropriate party for confirmation. Appropriate person is the one who has the knowledge of information auditor is seeking
  3. Determine the nature of confirmation request which is appropriate in a given situation
  4. Method of sending initial and follow-up requests

While designing the confirmation auditor considers:

  1. The relevant assertions
  2. Risk of material misstatement
  3. Format of presentation
  4. Method and mode of communication
  5. Degree of help third party can reasonably offer
  6. Whether management’s authorization is necessary
  7. Auditor’s experience with similar client or similar type of engagements

While designing the confirmation, it is left on auditor to decide whether a positive confirmation is appropriate or negative confirmation.