Better Evidence Gathering

Adopting best practices can improve audit confirmation response rates.

Well-designed audit confirmation practices provide valuable third-party evidence that sheds light on financial statement assertions made by management. Confirmations can be an effective tool for auditors working with accounts including payables and receivables, inventory, investment securities, lines of credit and other actual or contingent liabilities.

The procedures also can supply audit evidence to help determine whether complex revenue recognition arrangements or related-party transactions are appropriate and corroborate account balances and other information from financial institutions.

Once an auditor has committed to using confirmations, it's important to design testing to trigger high response rates that meet the audit objectives. Many an audit budget has been exhausted by poorly designed confirmation procedures or excessive time spent resolving "discrepancies" that were really the result of attempting to confirm the wrong information.

This article highlights ways to more effectively use audit confirmations and improve confirmation response rates. It also explains some unique, important, or less widely understood aspects of Practice Alert 03-1, Audit Confirmations, issued by the AICPA's Professional Issues Task Force.

Accounts receivable confirmation recipients may be more likely to respond and to identify discrepancies if the confirmation request is sent with supporting information, such as a monthly statement. It can be helpful to include with the request a list of outstanding invoices and unapplied credits constituting the balance.

When verifying an account balance is difficult or complex, the auditor can attempt to get confirmation of the supporting information, which would allow the auditor to compute the necessary information. For example, some auditors request confirmation of 401(k) plan deferral percentages elected by employees, rather than requesting confirmation of the actual deferred amounts. Using the confirmed percentages, the auditor can then test the client's calculation of the deferred amount using audited client payroll information.

Sending confirmations to individuals who have been counterparties to key transactions is another way to improve response rates in certain cases. The approach is especially useful for confirming possible side agreements involving rights of return or other significant risks relating to the appropriateness of revenue recognition.

Setting confirmation response deadlines and asking clients to hand sign confirmation requests where feasible can also be helpful. To expedite confirmation responses, auditors can ask clients to make phone calls to intended recipients to alert them that confirmations will be coming. Some auditors will alert recipients of mailed confirmations by sending confirmation request copies via e-mail attachment. The recipient is then asked to return the mailed confirmation either through the mail or by fax.

Faxed responses can pose risks since determining the source of the response can be difficult. For that reason, faxed documents may be considered an option of last resort to be used when deadlines are looming. Auditors relying on a fax should consider making a telephone call to verify the sender's legitimacy and requesting that the original confirmation be mailed. But even mailed confirmations come with some level of risk.

To lessen the risk of fraud, undelivered confirmation requests in most cases would be reported to client officials not directly involved in the area subject to confirmation.

When positive confirmation requests - those in which the recipient is asked to respond directly to the auditor about whether he or she agrees with information presented in the request - are returned with exceptions, both the qualitative and quantitative nature of the exceptions should be evaluated. The auditor should maintain control over the confirmation process; however, client personnel, under close auditor supervision, can assist in processing confirmation requests and investigating exceptions or nonresponses.

While most accounts receivable confirmation exceptions are related to timing differences, the auditor should, at least on a test basis, inspect evidence supporting the client's reconciliation of differences. If an exception can't be resolved or indicates evidence of a potential misstatement, the auditor can reduce audit risk to an acceptably low level by assessing the nature and cause of the misstatement circumstances.

For example, the auditor can evaluate whether the misstatement appears to be isolated or systemic, and whether it appears to be due to clerical error or possible fraud. If a misstatement appears to be systemic, the auditor would ordinarily need to oversee an extensive investigation.

Additionally, the auditor should project the misstatement from the sample to the population to determine either that the test results support the tested balance or that additional investigation is necessary. Auditors generally send positive requests to confirm large receivable balances because no sampling risk would be acceptable for individual accounts receivable balances exceeding tolerable misstatement for the engagement. The amount of any known misstatement identified would be equivalent to likely misstatement because such positive requests constitute a subpopulation that has been audited in its entirety, rather than sampled. Any resulting misstatement in the positive requests would then be combined with any projection of likely misstatement identified from other confirmations that had been selected on a sampling basis.

AU 312.46 states that where the auditor evaluates the amount of likely misstatement from a sample in a class of transactions, account balance or disclosure as material - either individually or in the aggregate with other misstatements - the auditor should request that management examine the class of transactions, account balance or disclosure in order to identify and correct misstatements therein.

Ordinarily, the auditor would report unreconciled misstatements to a client official not directly associated with the account. The auditor needs to consider whether responses indicate matters to be reported to those charged with governance.


Auditors generally would confirm cash balances unless the risk of material misstatement is low for the cash existence assertion. In some cases, auditors can make an online inquiry about a client's bank balance information, although such a step constitutes an alternative procedure, according to AU 330.04, not a confirmation procedure.

Interpretation no. 1 of AU 330 states that properly controlled electronic confirmations can provide reliable audit evidence. Auditors are increasingly using electronic means to confirm cash and loan balances under the sometimes tight timelines of the audit process. One Big Four firm is conducting a limited electronic confirmation pilot project in the southeastern United States on a concentration of financial institutions that subscribe to a major service provider's electronic confirmation services.

To rely on an electronic confirmation process, auditors need to be satisfied with the integrity of the process. Assurance trust services reports or another auditor's type II SAS 70 report, while not required, can address the operating effectiveness of the service provider's controls over the process.

At least one technology company is providing electronic confirmation services for cash and loan balances by providing an intermediary online link between banks and accounting firms. Bank and client account information is entered via password in a secure, closed system with data encryption.

Management may occasionally request the auditor not confirm certain balances or other information for seemingly legitimate purposes. For example, customers of a savings and loan may request not to receive monthly statements or related notifications. Another common reason is a disputed balance between a client and the intended recipient.

Such requests from management, however, may be a ruse to divert the auditor's attention from inappropriate transactions. An alleged dispute on its own might not be an appropriate reason for forgoing confirmation. Management representations alone relating to the matter would not provide sufficient appropriate audit evidence.

The impact of such a request on audit risk is an important factor. Assuming the auditor has gathered corroborating evidence about the reasons not to confirm, the auditor should apply alternative procedures, such as examining subsequent cash collection, assuring that payments relate to the receivable balances in question.

Depending on the risk of material misstatement, nature of balances, and availability of audit evidence, the auditor also might examine shipping documents (assuming adequate segregation of duties), external customer purchase orders, third-party evidence of delivery, sales invoices, contracts or other relevant documentation.

If the auditor is satisfied about having applied alternative procedures, there is no scope limitation and the auditor's report does not need to reference the omission of confirmation procedures or the alternative procedures. Relevant alternative procedures may be omitted if both conditions cited in AU 330.31 exist: (1) the aggregate nonresponding confirmations, projected as being 100% misstated, would not affect the auditor's decision about whether the financial statements are materially misstated, and (2) the auditor has not identified any unusual bias or commonality to exist among the nonrespondents.

The identification of a common thread - for example, that nonresponding customers are in a specific sales territory, are new customers, or are predominantly consignees - might indicate such a bias. Such unusual factors or systemic characteristics may not always be evident.

If management's request that an auditor not confirm certain balances or other information is unreasonable and imposes significant limitations on audit scope, the auditor ordinarily would disclaim an opinion or withdraw from the engagement. The auditor may also seek the advice of legal counsel.

AU 316.41 states that the auditor should ordinarily presume a high risk of material misstatement due to fraud relating to revenue recognition. Revenue recognition risks can reside in bill-and-hold arrangements and improper sales cutoff schemes. Additionally, management may override controls over software sales contracts, as seen in the case of Computer Associates International, when material contracts were backdated to manipulate sales.

"Round-trip" or "linked" transactions can be of concern in industries for which analysts focus more on revenue than on income measures. Round-trip transactions occur when a business or organization records seemingly valid sales transactions with a customer, but returns the sales proceeds to the customer in subsequent purchase transactions, often in a different accounting period.

In addition to confirming balances, the auditor should consider requesting confirmation of the terms of unusual or complex agreements and the absence of side agreements, where there are significant revenue recognition risks. Enron used special-purpose entities (SPEs) to avoid consolidation of debt, impaired assets and losses. Side agreements compensating outside financiers for losses sustained by the SPEs allegedly were not revealed to the auditors. These side agreements often involved the issuance of additional Enron stock, violating the 3% outside equity requirement, in place at the time, for non-consolidation.

Knowledge of these facts likely would have prompted the auditors to conclude that consolidation was a more appropriate accounting treatment. The auditors might have detected these side agreements by requesting confirmation of their absence. Such confirmations should be addressed to personnel familiar with the terms of transactions, such as the countersignatory, rather than lower-level employees.

"Open" confirmations - those requesting that respondents indicate their understanding of relevant information - may be especially useful for confirming transaction terms. Exhibit 1 lists some circumstances that increase the need for confirming terms of transactions and the absence of side agreements.

Many auditors opt to perform a search for unrecorded liabilities, often through the end of fieldwork, as an alternative to confirmation of accounts payable. However, accounts payable confirmations can be effective in detecting round-trip transactions, especially where the "purchase side" of these transactions is not consummated until after the end of the purchasing entity's fieldwork.

Where accounts payable confirmations are used for such purposes, auditors would generally use blank form requests, which ask respondents to provide balances. Also, it may be effective to ask respondents to provide detailed listings of payables balances, as well as information about quid pro quo transactions involving equal exchanges.

Fraud risks also may lurk in related-party transactions and transactions involving variable-interest entities. The auditor should gain an understanding of the business rationale for such transactions and consider confirming the terms with other parties to the transactions. Also, because management may be on both sides of these transactions, auditors may want to seek audit evidence from intermediaries such as banks, guarantors, agents or attorneys.

JofA articles
The Fraud Examiners,” Oct. 03, page 76
Audit Redux,” Jan. 03, page 39
Staff Training - Level II, a CPE self-study course (#738420HS)
AICPA Audit and Accounting Manual (#005137)
PPC's Guide to Audits of Financial Institutions (#TPFININSP0100D)
For more information or to make a purchase, go to, or call the Institute at 888-777-7077.

n Confirmations can be an effective tool when working with accounts payable, accounts receivable, account balances, inventory, investment securities, market values, lines of credit and other actual or contingent liabilities.

n Auditors are increasingly using electronic means to confirm cash and loan balances. To rely on an electronic confirmation process, auditors need to be satisfied with the integrity of the process and the effectiveness of the service provider's controls over the process.

n Sending confirmations to individuals who have been counterparties to key transactions can improve response rates in certain cases. The approach is especially useful for confirming possible side agreements involving rights of return or other significant risks relating to the appropriateness of revenue recognition.

n If management requests that an auditor not confirm certain information and the request is unreasonable and puts significant limitations on audit scope, the auditor ordinarily would disclaim an opinion or withdraw from the engagement. The auditor may also seek the advice of legal counsel.

Donald K. McConnell Jr., CPA, Ph.D., CFE, is an accounting professor at the University of Texas Arlington. His e-mail address is Charles H. Schweiger, CPA, is an assurance partner with Grant Thornton LLP in Dallas. His e-mail address is

Where to find February’s flipbook issue

The Journal of Accountancy is now completely digital. 





Get Clients Ready for Tax Season

This comprehensive report looks at the changes to the child tax credit, earned income tax credit, and child and dependent care credit caused by the expiration of provisions in the American Rescue Plan Act; the ability e-file more returns in the Form 1040 series; automobile mileage deductions; the alternative minimum tax; gift tax exemptions; strategies for accelerating or postponing income and deductions; and retirement and estate planning.