Learning Objectives. External confirmations procedures as per SA330 and SA 500 requirements

Similar documents
INTERNATIONAL STANDARD ON AUDITING 505 EXTERNAL CONFIRMATIONS CONTENTS

EXTERNAL CONFIRMATIONS SRI LANKA AUDITING STANDARD 505 EXTERNAL CONFIRMATIONS

International Standard on Auditing (Ireland) 505 External Confirmations

International Standard on Auditing (UK) 505

Audit Considerations Relating to an Entity Using a Service Organization

Case Study: Simply Soups Inc. Version 1.8

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration

Audit confirmation is hereafter referred to as "confirmation."

CITADEL INFORMATION GROUP, INC.

Within our recommendations for editorial changes, additions are noted in bold underline and deletions in strike-through.

Schedule Identity Services

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

PRIVACY NOTICE. 1.2 We may obtain or collect your Personal Data from various sources including but not limited to:

ADVANCED AUDIT AND ASSURANCE

* - Note: complete submissions are to be submitted at least two weeks before any deadline to ensure timely closure.

Frequently Asked Questions Auditor

Seattle University Identity Theft Prevention Program. Purpose. Definitions

Red Flags/Identity Theft Prevention Policy: Purpose

RISK ASSESSMENTS AND INTERNAL CONTROL CIS CHARACTERISTICS AND CONSIDERATIONS CONTENTS

LIST OF SUBSTANTIVE CHANGES AND ADDITIONS. PPC's Guide to Audits of Local Governments. Thirty first Edition (February 2016)

Information for entity management. April 2018

SAS 70 SOC 1 SOC 2 SOC 3. Type 1 Type 2

Exposure Draft The Auditor s Responsibility to Consider Fraud in an Audit of Financial Statements

Probe MMX Compilation

It s still very important that you take some steps to help keep up security when you re online:

Policy and Procedure: SDM Guidance for HIPAA Business Associates

Making trust evident Reporting on controls at Service Organizations

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Lahore University of Management Sciences. ACCT 250 Auditing Spring Semester 2018

HPE DATA PRIVACY AND SECURITY

Contents. Process flow diagrams and other documentation

Period from October 1, 2013 to September 30, 2014

C22: SAS 70 Practices and Developments Todd Bishop, PricewaterhouseCoopers

Terms and Conditions For Online-Payments

Individual Agreement. commissioned processing

Office Properties Income Trust Privacy Notice Last Updated: February 1, 2019

Chapter 08. Consideration of Internal Control in an Information Technology Environment. McGraw-Hill/Irwin

HF Markets SA (Pty) Ltd Protection of Personal Information Policy

Important Information

NOTICES BOILERPLATE CLAUSE

Terms and Conditions for MPF e-statement/e-advice Service ( Terms and Conditions )

Hong Kong Institute of Certified Public Accountants Practising Certificate ("PC") Business Assurance

Error! No text of specified style in document.

Definition of Internal Control

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Governance of the use of as a valid UNC communication

[Utility Name] Identity Theft Prevention Program

5. The technology risk evaluation need only be updated when significant changes or upgrades to systems are implemented.

TERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE

Electric Sample Form No Agreement for Unmetered Low Wattage Equipment Connected to Customer-Owned Street Light Facilities

Submission to the International Integrated Reporting Council regarding the Consultation Draft of the International Integrated Reporting Framework

Data Processing Agreement for Oracle Cloud Services

AND ASSURANCE AN INTEGRATED APPROACH SIXTEENTH EDITION GLOBAL EDITION

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

TAN Jenny Partner PwC Singapore

Schedule EHR Access Services

SAFE-BioPharma RAS Privacy Policy

International Auditing and Assurance Standards Board (IAASB) International Federation of Accountants 545 Fifth Avenue, 14 th Floor New York, NY 10017

"Energy and Ecological Transition for the Climate" Label Control and Monitoring Plan Guidelines

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

An error will be returned by the services when invalid electronic requests are received.

TRUSTIS FPS. Enrolment Requirements: Acceptable Evidence in Support of an Application for a Digital Certificate

LCU Privacy Breach Response Plan

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

Orion Registrar, Inc. Certification Regulations Revision J Effective Date January 23, 2018

Rules for Commissioned Processing. (DDV Declaration of Conformity)

REPORT OF THE INDEPENDENT ACCOUNTANT

Mailbox Rental Terms and Conditions

Privacy Policy. Act shall mean the Information Technology Act, 2000 and Rules thereunder as amended from time to time.

PREPARING FOR SOC CHANGES. AN ARMANINO WHITE PAPER By Liam Collins, Partner-In-Charge, SOC Audit Practice

HIPAA Compliance Checklist

ENCePP Code of Conduct Implementation Guidance for Sharing of ENCePP Study Data

DATA PROCESSING TERMS

Information Security Policy

Unofficial Comment Form Project Operating Personnel Communications Protocols COM-002-4

Prevention of Identity Theft in Student Financial Transactions AP 5800

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

Identity Theft Prevention Program. Effective beginning August 1, 2009

HIPAA Security Checklist

Development Authority of the North Country Governance Policies

Privacy and Cookies Policy

HIPAA Security Checklist

0522: Governance of the use of as a valid UNC communication

Registration Data Incident Management Policy

REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS

TABLE OF CONTENTS. Page

Complaints Procedure for Clients

26 February Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, NW Washington, DC

Data Subject Access Request Form

NASD NOTICE TO MEMBERS 97-58

ACH Audit Guide Step-by-Step Guidance and Interactive Form For Internal ACH Audits Audit Year 2018

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)

PANORAMA Data Security & Access Protocol

Seite 1 von 20

Message exchange with. Finnish Customs

IDENTITY ASSURANCE PRINCIPLES

ROYAL MAIL GROUP ADDRESS MANAGEMENT UNIT PAF DATA END USER TERMS ( End User Terms )

ZENITO OY Client register

DQS Inc. Management Systems Solutions Certification Requirements

Transcription:

CA. Sudhir Sharma 1

Learning Objectives 1 2 3 4 External confirmations procedures as per SA330 and SA 500 requirements Management s refusal to allow auditor to send confirmation requests Results of the external confirmation procedures Evaluation of audit evidence 2

Explained 3

Audit Evidence - Traits & Importance Audit evidence is more reliable when: obtained from independent sources outside the entity obtained directly by the auditor and not indirectly or by inference. it exists in documentary form, whether paper, electronic or other medium Other SAs recognising importance of Audit Evidence SA 330 Higher assessed risks and auditor to obtain more persuasive audit evidence like increased quantity of evidence & more reliable evidence SA 240 Auditor addresses assessed risks of material misstatement (even due to fraud at assertion level) by designing confirmation requests to obtain additional corroborative information SA 500 Auditor gets increased assurance on evidence existing in accounting records or management representations, if corroborating information obtained from an independent source e.g. external confirmations 4

Auditor s Control Over External Confirmation Requests Determining the information to be confirmed or requested i.e. Information regarding account balances, transactions and their elements Bank balances & other banks related information Accounts receivable & payable balances and terms Inventories with third parties at bonded warehouses for processing / consignment Property title deeds with lawyers / financiers for safe custody / as security Investments held for safekeeping by third parties, or purchased from stockbrokers but not delivered at the balance sheet date Amounts due to lenders including repayment terms & restrictive covenants Terms of agreements, contracts, transactions between entity & other parties Certain conditions not forming part of agreement e.g." side agreement 5

Auditor s Control Over External Confirmation Requests To obtain more relevant & reliable audit evidence, information requests are sent to appropriate confirming party having: knowledge about the information ability or willingness to respond Responses to confirmation requests may be less reliable if confirming party is a related party of the entity Confirmation requests designed with proper postal address & return information help sending responses directly to auditor Confirmation request design directly affect response rate, reliability and nature of the audit evidence obtained from responses 6

Auditor s Control Over External Confirmation Requests Factors to consider while designing confirmation requests: The assertions being addressed Specific identified risks of material misstatement, including fraud risks Layout and presentation of confirmation request Prior experience on audit or similar engagements Method of communication in paper form, electronic or other medium Management s authorisation or support to confirming parties to respond to the auditor. Intended confirming party ability to provide the requested information 7

Auditor s Control Over External Confirmation Requests In positive external confirmation request, confirming party replies to the auditor in all cases either by agreeing or providing information Response to positive confirmation request normally results in reliable audit evidence though with a risk of confirming party replying without verifying the accuracy of information Auditor reduces this risk by asking the confirming party to fill the amount / furnish information in blank requests. However, due extra effort involved such blank requests generate lower response from confirming party Ensuring proper address on confirmation requests by re-testing validity of some/ all addresses before despatch Sending additional / follow-up requests when confirming party provide no response to earlier request within a reasonable time 8

Auditor s Actions - Management s Refusal to send Confirmation Requests Inquire into management s reasons for the refusal, and seeking audit evidence of validity and reasonableness of the reasons on auditor s assessment of material misstatement risks including fraud risk Evaluate implications of management s refusal: on nature, timing and extent of other audit procedures Perform alternative audit procedures designed to obtain relevant and reliable audit evidence. Management refusal being unreasonable or auditor not able to obtain reliable audit evidence through alternative audit procedures, then auditor: communicates with those charged with determines the implications for audit and the governance in accordance with SA 260 auditor s opinion in accordance with SA 705 9

Results of External Confirmation Procedures... Auditor, on identifying factors that raise doubts on reliability of response to a confirmation request, shall obtain further audit evidence to resolve those doubts Audit evidence ((paper form / electronic/ other medium) obtained from external sources may not be reliable due to all responses carrying inherent risk of interceptions, alteration or fraud. Reliability of a response is affected: when response received by auditor indirectly or if apparently response not received from the intended confirming party Electronic responses i.e. by facsimile or electronic mail, may not be reliable due to difficulty in: establishing proof of origin and authority of respondent & in detecting alterations 10

Results of External Confirmation Procedures... A secure & properly controlled environment (a process jointly developed by auditor & respondent) for receiving electronic responses may mitigate these risks and enhance the reliability of responses. An electronic confirmation process consists various techniques for validating the identity of sender of information in electronic form e.g. through the use of encryption, electronic digital signatures, and procedures to verify website authenticity Confirming party use of third party to coordinate and provide responses to confirmation requests may pose following risks: The response may not be from the proper source; A respondent may not be authorised to respond: and The integrity of the transmission may have been compromised. 11

Results of External Confirmation Procedures... Auditor to decide on modifying or adding procedures to resolve doubts over the reliability of information to be used as audit evidence. Such audit procedures are: Verify the source and contents of a response to a confirmation request by contacting the confirming party Auditor may telephone the confirming party to confirm if the party has responded by electronic mail Response returned to the auditor indirectly as confirming party addressed it to entity & not auditor. In such case, confirming party may be requested to respond directly to the auditor. Oral response not direct & written response therefore not considered response to external confirmation Auditor requests the confirming party to respond in writing directly to the auditor in case of an oral response. In case of no response, auditor seeks other audit evidence to support information in oral response. 12

Results of External Confirmation Procedures Restrictive language used in response not invalidate the reliability of response Auditor evaluates the implications of an unreliable response to confirmation request on: auditor s assessment of material misstatement risks including fraud risk nature, timing and extent of other audit procedures As a result, auditor may need to revise the assessment of the risks of material misstatement at the assertion level and modify planned audit procedures accordingly. When no response received on requests, the auditor shall perform alternative audit procedures to obtain relevant and reliable audit evidence. 13

Response to Positive Confirmation Request For Appropriate Audit Evidence... Assessed risk of material misstatement at the assertion level is addressed by a response to positive confirmation request. Such circumstances are: Information required to corroborate management s assertion(s) available only outside the entity Specific fraud risk factors, like risk of management override of controls / risk of collusion involving employees /management, prevent the auditor to rely on evidence within the entity Auditor determines the implications of not getting such response on his audit & on opinion The auditor shall investigate exceptions to determine whether or not they are indicative of misstatements 14

Response to Positive Confirmation Request For Appropriate Audit Evidence Auditor evaluates misstatements or potential misstatements in the financial statements resulting from exceptions in responses to confirmation requests to see if they indicate fraud Exceptions act as guide to quality of responses from / for similar confirming parties / accounts and may also indicate deficiency in entity s internal control over financial reporting In the absence of sufficient information about suspected non-compliance auditor evaluates the effect of appropriate audit evidence s unavailability on his opinion. Some exceptions do not represent misstatements for example, differences in responses to confirmation requests may be due to errors in timing, measurement or clerical errors in the external confirmation procedures 15

Negative Confirmations... Audit evidence in negative confirmations less persuasive than in positive confirmations therefore auditor should not restrict to using negative confirmation requests as the sole substantive audit procedure to address an assessed risk of material misstatement at the assertion level unless all of the following are present: auditor assessment of material misstatement risk is low & audit evidence on operating effectiveness of controls relevant to assertion appropriate The population of items subject to negative confirmation procedures comprises a large number of small, homogeneous, account balances, transactions or conditions; A very low exception rate is expected; and auditor not aware of the circumstances or conditions preventing recipients of negative confirmation requests to respond 16

Negative Confirmations Failure to receive response to a negative confirmation request does not explicitly indicate: receipt by the intended confirming party of the confirmation request or verification of the accuracy of the information contained in the request. Confirming party s failure to respond is a less persuasive audit evidence in a negative confirmation request than such response to a positive confirmation request Confirming parties mostly indicate their disagreement with a confirmation request if information asked for is not in their favour 17

Evaluation of Audit Evidence Auditor evaluation of results of external confirmation procedures meant to see if the results provide reliable audit evidence or further audit procedures need to be performed Auditor s categorisation of results of individual external confirmation requests post their evaluation: A response by confirming party either agreeing with the information in confirmation request or providing requested information without exception; A response deemed unreliable A non-response A response indicating an exception 18

Lesson Summary 1 2 3 4 5 6 Traits of audit evidence and its importance recognised in SA 240, 330 and 500 Auditor exercising control over the process of external confirmation requests Actions taken by auditors when management refuses to allow the auditors to send confirmation requests Results of external confirmation procedures Why & when response to positive confirmation request is considered necessary to act as appropriate audit evidence Negative confirmations and evaluation of audit evidence 19

20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback