Professional Documents
Culture Documents
Observations Reminders Confirmation Process Spotlight
Observations Reminders Confirmation Process Spotlight
March 2022
CONTENTS
Overview 3
Considerations 5
March 2022 | 2
Spotlight: Observations and Reminders on the Use of a Service
Provider in the Confirmation Process
OVERVIEW
What Is the
The Public Company Accounting Oversight
Board (PCAOB) is committed to driving Confirmation Process?
improvement in audit quality and promoting
Under PCAOB standards, the auditor is
compliance with our professional standards
required to obtain sufficient appropriate
and rules. To accomplish these objectives, we
audit evidence to provide a reasonable
not only focus on detecting audit deficiencies,
basis for his or her opinion. In many
but also on communicating observations
audits, obtaining evidence involves,
and other information that could impact the
among other things, requesting that
quality of audits of public companies and
a confirming party (e.g., a financial
brokers and dealers.
institution) confirm amounts recorded in
Many audit firms use a service provider to send the public company’s or broker-dealer’s
and receive electronic audit confirmations financial records.
to and from third parties, such as financial
Confirmation, as defined under PCAOB
institutions, investment and brokerage
standards, is the process of obtaining and
firms, and law firms (“confirming party”) to
evaluating a direct communication from
independently verify or validate balances,
a third party in response to a request
terms of arrangements, or other information
for information about a particular item
under audit. These audit firms rely on the
affecting financial statement assertions.
service provider, including its related processes
The process includes:
and technologies, to initiate the third-party
request, establish a direct communication with yy Selecting items for which
the confirming party, and ultimately obtain confirmations are to be requested;
the information from the confirming party.
The PCAOB understands that the use of such yy Designing the confirmation request;
service providers is becoming more common,
yy Communicating the confirmation
partially due to certain confirming parties
request to the appropriate third party;
only replying to auditor confirmation requests
through a specific service provider. yy Obtaining the response from the third
party; and
The use of audit confirmations is a procedure
to obtain reliable external evidence of an yy Evaluating the information, or lack
audit client’s internally generated information. thereof, provided by the third party
The requirement to maintain control over about the audit objectives, including
the confirmation process is important to the reliability of that information.
ensure confirmation responses are reliable.
Audit firms that use a service provider to
send and receive confirmations rely on the party. Therefore, it is necessary for auditors to
service provider’s assistance in maintaining determine that they can rely on the service
control over the confirmation requests and provider’s processes and controls when
responses. These service providers use their establishing direct communication between
own processes and controls in communicating the auditor and the confirming party.
the auditor’s confirmation request to, and
obtaining responses from, the confirming Recently, we observed diverse practices related
to the procedures auditors perform to support
March 2022 | 3
Spotlight: Observations and Reminders on the Use of a Service
Provider in the Confirmation Process
March 2022 | 4
Spotlight: Observations and Reminders on the Use of a Service
Provider in the Confirmation Process
they maintained control over the confirmation yy Evaluate the results of the procedures
requests and responses in audits where a performed by the service auditor;
service provider assisted in the confirmation
process. Simply, the use of a service provider yy Consider the design and operating
does not relieve the auditor of the responsibility effectiveness of controls not addressed by
under PCAOB standards to maintain control the SOC reports; or
over the confirmation requests and responses. yy Assess whether additional testing
procedures, such as compensating controls,
PCAOB STAFF were necessary.
March 2022 | 5
Spotlight: Observations and Reminders on the Use of a Service
Provider in the Confirmation Process
March 2022 | 6
Spotlight: Observations and Reminders on the Use of a Service
Provider in the Confirmation Process
March 2022 | 7