Regulatory Guidance

Confirmation.com helps auditors comply with auditing standards and requirements

Learn how Confirmation.com complies with each of the governing bodies.

AU-C Section 500: Audit Evidence

External Confirmations

Guidance
.A18 An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party) in paper form or by electronic or other medium.

How Confirmation.com complies
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Reliability

Guidance
.A32 While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:      
           
  • The reliability of audit evidence is increased when it is obtained from independent sources outside the entity.
  • Audit evidence obtained directly by the auditor is more reliable than audit evidence obtained indirectly or by inference.
  • Audit evidence in documentary form, whether paper, electronic, or other medium, is more reliable than evidence obtained orally.

How Confirmation.com complies
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

 

 

AU-C Section 505: External Confirmations

Selecting the Appropriate Confirming Party

Guidance
.A3 Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed.

How Confirmation.com complies
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Reliability of Responses to Confirmation Requests

Guidance
.A15 An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. Creating a secure confirmation environment depends on the process or mechanism used by the auditor and the respondent to minimize the possibility that the results will be compromised because of interception or alteration of the confirmation.

How Confirmation.com complies
Uses the highest level of security to ensure privacy and data integrity. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

 

 

Practice Alert 03-1: Audit Confirmations

Guidance
.19  If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses.

How Confirmation.com complies
Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. Uses the highest level of security to ensure privacy and data integrity. Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

 

AU Section 330: The Confirmation Process

Respondent

Guidance
.27 The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence.

How Confirmation.com complies
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Performing Confirmation Procedures

Guidance
.29 During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses.  Maintaining control means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because the interception and alteration of the confirmation requests or responses.

How Confirmation.com complies
Uses the highest level of security to ensure privacy and data integrity.  Allows an auditor to send audit confirmation requests directly to the intended responder. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

AU Section 326: Audit Evidence

Sufficient Appropriate Audit Evidence

Guidance
.08 Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.

How Confirmation.com complies
Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

 

ISA - ISA 505: External Confirmations

Para 6(a) Definition: External Confirmation

Guidance
Audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium.

How Confirmation.com complies
Confirmation.com enables auditors to receive audit confirmations electronically. Responses are prepared by authorized bank officials based on the auditor's request. Use of Confirmation.com meets the requirements of an ‘External Confirmation.’

Para 7 Maintaining control

Guidance
When using external confirmation procedures, the auditor shall maintain control over external confirmation requests.

How Confirmation.com complies
Auditors keep complete control over the process, including client and accounts setup, requesting client authorization and the sending and receipt of confirmations.

A2 Selecting the appropriate confirming party

Guidance
Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party the auditor believes is knowledgeable about the information to be confirmed. For example, a financial institution official who is knowledgeable about the transactions or arrangements for which confirmation is requested may be the most appropriate person at the financial institution from whom to request confirmation.

How Confirmation.com complies
Participating banks have strict user access controls and monitoring procedures in place to ensure that only authorized bank officials respond to audit requests through Confirmation.com.

A6 Validating addresses

Guidance
Determining that requests are properly addressed includes testing the validity of some or all of the addresses on confirmation requests before they are sent out.

How Confirmation.com complies
We validate all entities participating in the Confirmation.com network. The controls surrounding this process are included in our SOC 1 report that is issued every six months as part of our controls audit. By relying on our validation procedures, you avoid the need to perform your own validation procedures.

A12 Electronic responses

Guidance
Responses received electronically, for example by facsimile or electronic mail, involve risks as to reliability because proof of origin and authority of the respondent may be difficult to establish, and alterations may be difficult to detect. A process used by the auditor and the respondent that creates a secure environment for responses received electronically may mitigate these risks. If the auditor is satisfied that such a process is secure and properly controlled, the reliability of the related responses is enhanced. An electronic confirmation process might incorporate various techniques for validating the identity of a sender of information in electronic form, for example, through the use of encryption, electronic digital signatures, and procedures to verify web site authenticity.

How Confirmation.com complies
Confirmation.com's operates industry-leading information security and data privacy practices. We have procedures and controls in place to ensure the integrity, confidentiality and accessibility of data. We undergo third-party audits to demonstrate the effectiveness of our controls:

  • SOC 1, SOC 2 and SOC 3 examinations every six months.
  • Received an ISO27001 certification of the Confirmation.com service.
  • TRUSTe data privacy and EU Safe Harbor certification.

A13 Involvement of third parties

Guidance
If a confirming party uses a third party to coordinate and provide responses to confirmation requests, the auditor may perform procedures to address the risks that: (a) The response may not be from the proper source; (b) A respondent may not be authorized to respond; and (c) The integrity of the transmission may have been compromised.

How Confirmation.com complies
Confirmation.com's control environment ensures that user access if controlled and monitored at the banks, and that transmission of data is secure and maintains integrity. Our controls reports outlined above demonstrate the effectiveness of these procedures.

Para 12 Non-responses

Guidance
In the case of each non-response, the auditor shall perform alternative audit procedures to obtain relevant and reliable audit evidence.

How Confirmation.com complies
Confirmation.com guarantees responses for In-Network confirmations, avoiding the need for alternative procedures.

One platform for all your audit confirmations

Auditors send millions of requests worldwide to their clients' banks, law firms and suppliers. Online confirmations make this process simple.

  • Access our server from anywhere
  • Protect your clients against fraud
  • Receive fast turnarounds on confirmations
  • Easy-to-use interface
  • Access our server from anywhere
  • Protect your clients agains fraud
  • Receive fast turnarounds on confirmations
  • Confirmation types
    Start seeing the benefits of fast turnarounds, smart online security, and continued success.
    An investment that's worth it
    $0.00 per month
    By registering as an auditor, you'll receive the highest access to our services
    Get Started Today