CA. Sudhir Sharma 1
Learning Objectives 1 2 3 4 External confirmations procedures as per SA330 and SA 500 requirements Management s refusal to allow auditor to send confirmation requests Results of the external confirmation procedures Evaluation of audit evidence 2
Explained 3
Audit Evidence - Traits & Importance Audit evidence is more reliable when: obtained from independent sources outside the entity obtained directly by the auditor and not indirectly or by inference. it exists in documentary form, whether paper, electronic or other medium Other SAs recognising importance of Audit Evidence SA 330 Higher assessed risks and auditor to obtain more persuasive audit evidence like increased quantity of evidence & more reliable evidence SA 240 Auditor addresses assessed risks of material misstatement (even due to fraud at assertion level) by designing confirmation requests to obtain additional corroborative information SA 500 Auditor gets increased assurance on evidence existing in accounting records or management representations, if corroborating information obtained from an independent source e.g. external confirmations 4
Auditor s Control Over External Confirmation Requests Determining the information to be confirmed or requested i.e. Information regarding account balances, transactions and their elements Bank balances & other banks related information Accounts receivable & payable balances and terms Inventories with third parties at bonded warehouses for processing / consignment Property title deeds with lawyers / financiers for safe custody / as security Investments held for safekeeping by third parties, or purchased from stockbrokers but not delivered at the balance sheet date Amounts due to lenders including repayment terms & restrictive covenants Terms of agreements, contracts, transactions between entity & other parties Certain conditions not forming part of agreement e.g." side agreement 5
Auditor s Control Over External Confirmation Requests To obtain more relevant & reliable audit evidence, information requests are sent to appropriate confirming party having: knowledge about the information ability or willingness to respond Responses to confirmation requests may be less reliable if confirming party is a related party of the entity Confirmation requests designed with proper postal address & return information help sending responses directly to auditor Confirmation request design directly affect response rate, reliability and nature of the audit evidence obtained from responses 6
Auditor s Control Over External Confirmation Requests Factors to consider while designing confirmation requests: The assertions being addressed Specific identified risks of material misstatement, including fraud risks Layout and presentation of confirmation request Prior experience on audit or similar engagements Method of communication in paper form, electronic or other medium Management s authorisation or support to confirming parties to respond to the auditor. Intended confirming party ability to provide the requested information 7
Auditor s Control Over External Confirmation Requests In positive external confirmation request, confirming party replies to the auditor in all cases either by agreeing or providing information Response to positive confirmation request normally results in reliable audit evidence though with a risk of confirming party replying without verifying the accuracy of information Auditor reduces this risk by asking the confirming party to fill the amount / furnish information in blank requests. However, due extra effort involved such blank requests generate lower response from confirming party Ensuring proper address on confirmation requests by re-testing validity of some/ all addresses before despatch Sending additional / follow-up requests when confirming party provide no response to earlier request within a reasonable time 8
Auditor s Actions - Management s Refusal to send Confirmation Requests Inquire into management s reasons for the refusal, and seeking audit evidence of validity and reasonableness of the reasons on auditor s assessment of material misstatement risks including fraud risk Evaluate implications of management s refusal: on nature, timing and extent of other audit procedures Perform alternative audit procedures designed to obtain relevant and reliable audit evidence. Management refusal being unreasonable or auditor not able to obtain reliable audit evidence through alternative audit procedures, then auditor: communicates with those charged with determines the implications for audit and the governance in accordance with SA 260 auditor s opinion in accordance with SA 705 9
Results of External Confirmation Procedures... Auditor, on identifying factors that raise doubts on reliability of response to a confirmation request, shall obtain further audit evidence to resolve those doubts Audit evidence ((paper form / electronic/ other medium) obtained from external sources may not be reliable due to all responses carrying inherent risk of interceptions, alteration or fraud. Reliability of a response is affected: when response received by auditor indirectly or if apparently response not received from the intended confirming party Electronic responses i.e. by facsimile or electronic mail, may not be reliable due to difficulty in: establishing proof of origin and authority of respondent & in detecting alterations 10
Results of External Confirmation Procedures... A secure & properly controlled environment (a process jointly developed by auditor & respondent) for receiving electronic responses may mitigate these risks and enhance the reliability of responses. An electronic confirmation process consists various techniques for validating the identity of sender of information in electronic form e.g. through the use of encryption, electronic digital signatures, and procedures to verify website authenticity Confirming party use of third party to coordinate and provide responses to confirmation requests may pose following risks: The response may not be from the proper source; A respondent may not be authorised to respond: and The integrity of the transmission may have been compromised. 11
Results of External Confirmation Procedures... Auditor to decide on modifying or adding procedures to resolve doubts over the reliability of information to be used as audit evidence. Such audit procedures are: Verify the source and contents of a response to a confirmation request by contacting the confirming party Auditor may telephone the confirming party to confirm if the party has responded by electronic mail Response returned to the auditor indirectly as confirming party addressed it to entity & not auditor. In such case, confirming party may be requested to respond directly to the auditor. Oral response not direct & written response therefore not considered response to external confirmation Auditor requests the confirming party to respond in writing directly to the auditor in case of an oral response. In case of no response, auditor seeks other audit evidence to support information in oral response. 12
Results of External Confirmation Procedures Restrictive language used in response not invalidate the reliability of response Auditor evaluates the implications of an unreliable response to confirmation request on: auditor s assessment of material misstatement risks including fraud risk nature, timing and extent of other audit procedures As a result, auditor may need to revise the assessment of the risks of material misstatement at the assertion level and modify planned audit procedures accordingly. When no response received on requests, the auditor shall perform alternative audit procedures to obtain relevant and reliable audit evidence. 13
Response to Positive Confirmation Request For Appropriate Audit Evidence... Assessed risk of material misstatement at the assertion level is addressed by a response to positive confirmation request. Such circumstances are: Information required to corroborate management s assertion(s) available only outside the entity Specific fraud risk factors, like risk of management override of controls / risk of collusion involving employees /management, prevent the auditor to rely on evidence within the entity Auditor determines the implications of not getting such response on his audit & on opinion The auditor shall investigate exceptions to determine whether or not they are indicative of misstatements 14
Response to Positive Confirmation Request For Appropriate Audit Evidence Auditor evaluates misstatements or potential misstatements in the financial statements resulting from exceptions in responses to confirmation requests to see if they indicate fraud Exceptions act as guide to quality of responses from / for similar confirming parties / accounts and may also indicate deficiency in entity s internal control over financial reporting In the absence of sufficient information about suspected non-compliance auditor evaluates the effect of appropriate audit evidence s unavailability on his opinion. Some exceptions do not represent misstatements for example, differences in responses to confirmation requests may be due to errors in timing, measurement or clerical errors in the external confirmation procedures 15
Negative Confirmations... Audit evidence in negative confirmations less persuasive than in positive confirmations therefore auditor should not restrict to using negative confirmation requests as the sole substantive audit procedure to address an assessed risk of material misstatement at the assertion level unless all of the following are present: auditor assessment of material misstatement risk is low & audit evidence on operating effectiveness of controls relevant to assertion appropriate The population of items subject to negative confirmation procedures comprises a large number of small, homogeneous, account balances, transactions or conditions; A very low exception rate is expected; and auditor not aware of the circumstances or conditions preventing recipients of negative confirmation requests to respond 16
Negative Confirmations Failure to receive response to a negative confirmation request does not explicitly indicate: receipt by the intended confirming party of the confirmation request or verification of the accuracy of the information contained in the request. Confirming party s failure to respond is a less persuasive audit evidence in a negative confirmation request than such response to a positive confirmation request Confirming parties mostly indicate their disagreement with a confirmation request if information asked for is not in their favour 17
Evaluation of Audit Evidence Auditor evaluation of results of external confirmation procedures meant to see if the results provide reliable audit evidence or further audit procedures need to be performed Auditor s categorisation of results of individual external confirmation requests post their evaluation: A response by confirming party either agreeing with the information in confirmation request or providing requested information without exception; A response deemed unreliable A non-response A response indicating an exception 18
Lesson Summary 1 2 3 4 5 6 Traits of audit evidence and its importance recognised in SA 240, 330 and 500 Auditor exercising control over the process of external confirmation requests Actions taken by auditors when management refuses to allow the auditors to send confirmation requests Results of external confirmation procedures Why & when response to positive confirmation request is considered necessary to act as appropriate audit evidence Negative confirmations and evaluation of audit evidence 19
20