The following auditing standard is not the current version and does not reflect any amendments effective on or after December 31, 2016. The current version of the auditing standards can be found here. Show
The Confirmation Process
(Supersedes section 331.03-.08)Source: SAS No. 67.Effective for audits of fiscal periods ending after June 15, 1992, unless otherwise indicated.Introduction and Applicability.01This section provides guidance about the confirmation process in audits performed in accordance with generally accepted auditing standards. This section—
.02[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] This section does not address the extent or timing of confirmation procedures. Guidance on the extent of audit procedures (that is, considerations involved in determining the number of items to confirm) is found in section 350, Audit Sampling, and Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement. Guidance on the timing of audit procedures is included in Auditing Standard No. 13, The Auditor's Responses to the Risks of Material Misstatement. .03In addition, this section does not address matters described in section 336, Using the Work of a Specialist, or in section 337, Inquiry of a Client's Lawyer Concerning Litigation, Claims, and Assessments. Definition of the Confirmation Process.04Confirmation is the process of obtaining and evaluating a direct communication from a third party in response to a request for information about a particular item affecting financial statement assertions. The process includes—
Relationship of Confirmation Procedures to the Auditor's Assessment of Audit Risk.05[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Auditing Standard No. 8, Audit Risk, discusses the audit risk model. It describes the concept of assessing inherent and control risks, determining the acceptable level of detection risk, and designing an audit program to achieve an appropriately low level of audit risk. The auditor uses the audit risk assessment in determining the audit procedures to be applied, including whether they should include confirmation. .06[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] Confirmation is undertaken to obtain evidence from third parties about financial statement assertions made by management. See paragraph 8 of Auditing Standard No. 15, Audit Evidence, which discusses the reliability of audit evidence. .07The greater the combined assessed level of inherent and control risk, the greater the assurance that the auditor needs from substantive tests related to a financial statement assertion. Consequently, as the combined assessed level of inherent and control risk increases, the auditor designs substantive tests to obtain more or different evidence about a financial statement assertion. In these situations, the auditor might use confirmation procedures rather than or in conjunction with tests directed toward documents or parties within the entity. .08Unusual or complex transactions may be associated with high levels of inherent risk and control risk. If the entity has entered into an unusual or complex transaction and the combined assessed level of inherent and control risk is high, the auditor should consider confirming the terms of the transaction with the other parties in addition to examining documentation held by the entity. For example, if the combined assessed level of inherent and control risk over the occurrence of revenue related to an unusual, year-end sale is high, the auditor should consider confirming the terms of that sale. .09The auditor should assess whether the evidence provided by confirmations reduces audit risk for the related assertions to an acceptably low level. In making that assessment, the auditor should consider the materiality of the account balance and his or her inherent and control risk assessments. When the auditor concludes that evidence provided by confirmations alone is not sufficient, additional procedures should be performed. For example, to achieve an appropriately low level of audit risk related to the completeness and existence assertions for accounts receivable, an auditor may perform sales cutoff tests in addition to confirming accounts receivable. .10The lower the combined assessed level of inherent and control risk, the less assurance the auditor needs from substantive tests to form a conclusion about a financial statement assertion. Consequently, as the combined assessed level of inherent and control risk decreases for a particular assertion, the auditor may modify substantive tests by changing their nature from more effective (but costly) tests to less effective (and less costly) tests. For example, if the combined assessed level of inherent and control risk over the existence of cash is low, the auditor might limit substantive procedures to inspecting client-provided bank statements rather than confirming cash balances. Assertions Addressed by Confirmations.11[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] For the evidence obtained to be appropriate, it must be reliable and relevant. Factors affecting the reliability of confirmations are discussed in paragraphs .16 through .27. The relevance of evidence depends on its relationship to the financial statement assertion being addressed. Auditing Standard No. 15, Audit Evidence, classifies financial statement assertions into five categories:
.12Confirmation requests, if properly designed by the auditor, may address any one or more of those assertions. However, confirmations do not address all assertions equally well. Confirmation of goods held on consignment with the consignee would likely be more effective for the existence and the rights-and-obligations assertions than for the valuation assertion. Accounts receivable confirmations are likely to be more effective for the existence assertion than for the completeness and valuation assertions. Thus, when obtaining evidence for assertions not adequately addressed by confirmations, auditors should consider other audit procedures to complement confirmation procedures or to be used instead of confirmation procedures. .13Confirmation requests can be designed to elicit evidence that addresses the completeness assertion: that is, if properly designed, confirmations may provide evidence to aid in assessing whether all transactions and accounts that should be included in the financial statements are included. Their effectiveness in addressing the completeness assertion depends, in part, on whether the auditor selects from an appropriate population for testing. For example, when using confirmations to provide evidence about the completeness assertion for accounts payable, the appropriate population might be a list of vendors rather than the amounts recorded in the accounts payable subsidiary ledger. .14Some confirmation requests are not designed to elicit evidence regarding the completeness assertion. For example, the AICPA Standard Form to Confirm Account Balance Information With Financial Institutions is designed to substantiate information that is stated on the confirmation request; the form is not designed to provide assurance that information about accounts not listed on the form will be reported. The Confirmation Process.15The auditor should exercise an appropriate level of professional skepticism throughout the confirmation process (see section 230, Due Professional Care in the Performance of Work). Professional skepticism is important in designing the confirmation request, performing the confirmation procedures, and evaluating the results of the confirmation procedures. Designing the Confirmation Request.16Confirmation requests should be tailored to the specific audit objectives. Thus, when designing the confirmation requests, the auditor should consider the assertion(s) being addressed and the factors that are likely to affect the reliability of the confirmations. Factors such as the form of the confirmation request, prior experience on the audit or similar engagements, the nature of the information being confirmed, and the intended respondent should affect the design of the requests because these factors have a direct effect on the reliability of the evidence obtained through confirmation procedures. Form of Confirmation Request.17There are two types of confirmation requests: the positive form and the negative form. Some positive forms request the respondent to indicate whether he or she agrees with the information stated on the request. Other positive forms, referred to as blank forms, do not state the amount (or other information) on the confirmation request, but request the recipient to fill in the balance or furnish other information. .18Positive forms provide audit evidence only when responses are received from the recipients; nonresponses do not provide audit evidence about the financial statement assertions being addressed. .19Since there is a risk that recipients of a positive form of confirmation request with the information to be confirmed contained on it may sign and return the confirmation without verifying that the information is correct, blank forms may be used as one way to mitigate this risk. Thus, the use of blank confirmation requests may provide a greater degree of assurance about the information confirmed. However, blank forms might result in lower response rates because additional effort may be required of the recipients; consequently, the auditor may have to perform more alternative procedures. .20The negative form requests the recipient to respond only if he or she disagrees with the information stated on the request. Negative confirmation requests may be used to reduce audit risk to an acceptable level when (a) the combined assessed level of inherent and control risk is low, (b) a large number of small balances is involved, and (c) the auditor has no reason to believe that the recipients of the requests are unlikely to give them consideration. For example, in the examination of demand deposit accounts in a financial institution, it may be appropriate for an auditor to include negative confirmation requests with the customers' regular statements when the combined assessed level of inherent and control risk is low and the auditor has no reason to believe that the recipients will not consider the requests. The auditor should consider performing other substantive procedures to supplement the use of negative confirmations. .21Negative confirmation requests may generate responses indicating misstatements, and are more likely to do so if the auditor sends a large number of negative confirmation requests and such misstatements are widespread. The auditor should investigate relevant information provided on negative confirmations that have been returned to the auditor to determine the effect such information may have on the audit. If the auditor's investigation of responses to negative confirmation requests indicates a pattern of misstatements, the auditor should reconsider his or her combined assessed level of inherent and control risk and consider the effect on planned audit procedures. .22Although returned negative confirmations may provide evidence about the financial statement assertions, unreturned negative confirmation requests rarely provide significant evidence concerning financial statement assertions other than certain aspects of the existence assertion. For example, negative confirmations may provide some evidence of the existence of third parties if they are not returned with an indication that the addressees are unknown. However, unreturned negative confirmations do not provide explicit evidence that the intended third parties received the confirmation requests and verified that the information contained on them is correct. Prior Experience.23In determining the effectiveness and efficiency of employing confirmation procedures, the auditor may consider information from prior years' audits or audits of similar entities. This information includes response rates, knowledge of misstatements identified during prior years' audits, and any knowledge of inaccurate information on returned confirmations. For example, if the auditor has experienced poor response rates to properly designed confirmation requests in prior audits, the auditor may instead consider obtaining audit evidence from other sources. Nature of Information Being Confirmed.24[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] When designing confirmation requests, the auditor should consider the types of information respondents will be readily able to confirm, since the nature of the information being confirmed may directly affect the appropriateness of the evidence obtained as well as the response rate. For example, certain respondents' accounting systems may facilitate the confirmation of single transactions rather than of entire account balances. In addition, respondents may not be able to confirm the balances of their installment loans, but they may be able to confirm whether their payments are up-to-date, the amount of the payment, and the key terms of their loans. .25The auditor's understanding of the client's arrangements and transactions with third parties is key to determining the information to be confirmed. The auditor should obtain an understanding of the substance of such arrangements and transactions to determine the appropriate information to include on the confirmation request. The auditor should consider requesting confirmation of the terms of unusual agreements or transactions, such as bill and hold sales, fn 1 in addition to the amounts. The auditor also should consider whether there may be oral modifications to agreements, such as unusual payment terms or liberal rights of return. When the auditor believes there is a moderate or high degree of risk that there may be significant oral modifications, he or she should inquire about the existence and details of any such modifications to written agreements. One method of doing so is to confirm both the terms of the agreements and whether any oral modifications exist. Respondent.26The auditor should direct the confirmation request to a third party who the auditor believes is knowledgeable about the information to be confirmed. For example, to confirm a client's oral and written guarantees with a financial institution, the auditor should direct the request to a financial institution official who is responsible for the financial institution's relationship with the client or is knowledgeable about the transactions or arrangements. .27[The following paragraph is effective for audits of fiscal years beginning on or after December 15, 2010. See PCAOB Release No. 2010-004. For audits of fiscal years beginning before December 15, 2010, click here] If information about the respondent's competence, knowledge, motivation, ability, or willingness to respond, or about the respondent's objectivity and freedom from bias with respect to the audited entity fn 2 comes to the auditor's attention, the auditor should consider the effects of such information on designing the confirmation request and evaluating the results, including determining whether other procedures are necessary. In addition, there may be circumstances (such as for significant, unusual year-end transactions that have a material effect on the financial statements or where the respondent is the custodian of a material amount of the audited entity's assets) in which the auditor should exercise a heightened degree of professional skepticism relative to these factors about the respondent. In these circumstances, the auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate evidence. Performing Confirmation Procedures.28During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses. Maintaining control fn 3 means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because of interception and alteration of the confirmation requests or responses. .29There may be situations in which the respondent, because of timeliness or other considerations, responds to a confirmation request other than in a written communication mailed to the auditor. When such responses are received, additional evidence may be required to support their validity. For example, facsimile responses involve risks because of the difficulty of ascertaining the sources of the responses. To restrict the risks associated with facsimile responses and treat the confirmations as valid audit evidence, the auditor should consider taking certain precautions, such as verifying the source and contents of a facsimile response in a telephone call to the purported sender. In addition, the auditor should consider requesting the purported sender to mail the original confirmation directly to the auditor. Oral confirmations should be documented in the workpapers. If the information in the oral confirmations is significant, the auditor should request the parties involved to submit written confirmation of the specific information directly to the auditor. .30When using confirmation requests other than the negative form, the auditor should generally follow up with a second and sometimes a third request to those parties from whom replies have not been received. Alternative Procedures.31When the auditor has not received replies to positive confirmation requests, he or she should apply alternative procedures to the nonresponses to obtain the evidence necessary to reduce audit risk to an acceptably low level. However, the omission of alternative procedures may be acceptable (a) when the auditor has not identified unusual qualitative factors or systematic characteristics related to the nonresponses, such as that all nonresponses pertain to year-end transactions, and (b) when testing for overstatement of amounts, the nonresponses in the aggregate, when projected as 100 percent misstatements to the population and added to the sum of all other unadjusted differences, would not affect the auditor's decision about whether the financial statements are materially misstated. .32The nature of alternative procedures varies according to the account and assertion in question. In the examination of accounts receivable, for example, alternative procedures may include examination of subsequent cash receipts (including matching such receipts with the actual items being paid), shipping documents, or other client documentation to provide evidence for the existence assertion. In the examination of accounts payable, for example, alternative procedures may include examination of subsequent cash disbursements, correspondence from third parties, or other records to provide evidence for the completeness assertion. Evaluating the Results of Confirmation Procedures.33After performing any alternative procedures, the auditor should evaluate the combined evidence provided by the confirmations and the alternative procedures to determine whether sufficient evidence has been obtained about all the applicable financial statement assertions. In performing that evaluation, the auditor should consider (a) the reliability of the confirmations and alternative procedures; (b) the nature of any exceptions, including the implications, both quantitative and qualitative, of those exceptions; (c) the evidence provided by other procedures; and (d) whether additional evidence is needed. If the combined evidence provided by the confirmations, alternative procedures, and other procedures is not sufficient, the auditor should request additional confirmations or extend other tests, such as tests of details or analytical procedures. Confirmation of Accounts Receivable.34For the purpose of this section, accounts receivable means—
Confirmation of accounts receivable is a generally accepted auditing procedure. As discussed in paragraph .06, it is generally presumed that evidence obtained from third parties will provide the auditor with higher-quality audit evidence than is typically available from within the entity. Thus, there is a presumption that the auditor will request the confirmation of accounts receivable during an audit unless one of the following is true:
.35An auditor who has not requested confirmations in the examination of accounts receivable should document how he or she overcame this presumption. Effective Date.36This section is effective for audits of fiscal periods ending after June 15, 1992. Early application of this section is permissible. Which of the following might be detected by an auditor's review of the client's sales cutoff?It is a method used to find the revenue which will be recognized and to check whether the sales transaction is recorded or not. Hence the sales cut-off of a client, an auditor can detect the accounts receivables.
What is a cutoff test in auditing?Cutoff Testing
Audit procedures are used to determine whether transactions have been recorded within the correct reporting period. For example, the shipping log can be reviewed to see if shipments to customers on the last day of the month were recorded within the correct period.
What is sales cutoff testing?An example of a typical cutoff procedure is to test sales transactions by comparing sales data for a sufficient period before and after year-end to sales invoices, shipping documentation, or other appropriate evidence to determine that the revenue recognition criteria were met and the sales transactions were recorded ...
What is sales cutoff error?Cut-off errors mean that financial statements fail to embody essential characteristics or assertions which they should, including: Completeness – the 2018 financial statements are incomplete if 2018 transactions are erroneously reflected in the financial statements for 2019; and.
|
