Recently several major financial institutions have announced that going forward they will only respond to electronic confirmations from auditors.December 4, 2008
Recently several major financial institutions have announced that going forward they will only respond to electronic confirmations from auditors. The AICPA’s Auditing Standards Board has attempted to address this decision by issuing Interpretation 1 of AU 330, Use of Electronic Confirmations. The Interpretation states that electronic confirmations can be considered reliable audit evidence if they are properly controlled.
What are the risks?
The risks for electronic confirmations include interception, alteration and fraud. SAS 106, Audit Evidence, states that the auditor should consider reliability of the audit evidence obtained. Reliability risks for electronic confirmations include:
So what should the process be?
The auditor needs a process in place to minimize the risks associated with confirmations with a third party. If the auditor plans to rely on electronic confirmations, he or she needs to address the three risks related to electronic confirmations. The auditor may choose to use an assurance trust services report or another auditor’s report to assess the design and operation of the controls over electronic confirmations or the auditor may perform other procedures to obtain adequate audit evidence about the reliability of the confirmations.
Ways to provide security over electronic confirmations
Three ways to provide security over electronic confirmations include:
Where do we go from here?
In today’s electronic age and with financial institutions looking for more efficient ways to handle auditor’s requests for confirmation of accounts, requirements for the use of electronic confirmations only is a foregone conclusion. All we as auditors need to do is to put the proper controls in place and join the digital revolution.
From the CPE & Training Solutions Monthly e-newsletter from the Tax & Accounting business of Thomson Reuters, October 2008. To subscribe to this free, informative newsletter, visit trainingcpe.thomson.com or click here.