Compliance

Our unwavering commitment to compliance

As part of a global company serving the needs of professionals across tax, accounting, legal, government, and media, we take compliance seriously. Maintaining the highest standards of integrity, accountability, and compliance with ever-changing regulations and standards is non-negotiable and woven into everything we do.

How Confirmation complies with regulatory guidance

Validation guaranteed

How it works:

  • Validates the business details of both auditors and bankers before platform use 
  • Ensures that the right information is going to the right person, reducing fraud risk
  • Prevents a user from electronically signing someone else’s name on a confirmation
  • Logs all user activity in the platform, creating a reliable audit confirmation trail 
  • Eliminates the burden of auditors having to verify the identity of the respondent

Compliance with audit standards and guidance

With Confirmation, you can rest assured that you're in compliance with the latest auditing standards and requirements from the AICPA, the PCAOB, and the ISA. Explore the different regulatory guidance and how we comply below.


AICPA – AU-C Section 500: Audit Evidence

External Confirmations

Guidance

.A18  An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party) in paper form or by electronic or other medium.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Reliability

Guidance

.A32  While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:

  • Audit evidence obtained directly by the auditor is more reliable than audit evidence obtained indirectly or by inference.
  • Audit evidence in documentary form, whether paper, electronic, or other medium, is more reliable than evidence obtained orally.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.

Back to top


AICPA – AU-C Section 505: External Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

Selecting the Appropriate Confirming Party 

Guidance

.A3  Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Reliability of Responses to Confirmation Requests 

Guidance

.A15  An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. Creating a secure confirmation environment depends on the process or mechanism used by the auditor and the respondent to minimize the possibility that the results will be compromised because of interception or alteration of the confirmation.    

How Confirmation Complies

Uses the highest level of security to ensure privacy and data integrity.  Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.   

Back to top


AICPA – Practice Alert 03-1: Audit Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

Guidance

.19  If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses.

How Confirmation Complies

Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service. Uses the highest level of security to ensure privacy and data integrity. Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Back to top

PCAOB – AU Section 326: Audit evidence

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.

Respondent

Guidance

.27  The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence. 

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Performing Confirmation Procedures 

Guidance

.29  During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses.  Maintaining control means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because the interception and alteration of the confirmation requests or responses.

How Confirmation Complies

Uses the highest level of security to ensure privacy and data integrity.  Allows an auditor to send audit confirmation requests directly to the intended responder. Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.

Back to top


PCAOB – AU Section 326: Audit Evidence

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.

Sufficient Appropriate Audit Evidence

Guidance

.08  Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.

How Confirmation Complies

Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.

Back to top

ISA – ISA 505: External Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the ISA.

Para 6(a) Definition: External Confirmation 

Guidance

Audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium. 

How Confirmation Complies

Confirmation enables auditors to receive audit confirmations electronically. Responses are prepared by authorized bank officials based on the auditor's request. Use of Confirmation meets the requirements of an 'External Confirmation'.

Para 7 Maintaining control 

Guidance

When using external confirmation procedures, the auditor shall maintain control over external confirmation requests. 

How Confirmation Complies

Auditors keep complete control over the process, including client and accounts setup, requesting client authorization and the sending and receipt of confirmations.

A2 Selecting the appropriate confirming party 

Guidance

Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party the auditor believes is knowledgeable about the information to be confirmed. For example, a financial institution official who is knowledgeable about the transactions or arrangements for which confirmation is requested may be the most appropriate person at the financial institution from whom to request confirmation. 

How Confirmation Complies

Participating banks have strict user access controls and monitoring procedures in place to ensure that only authorized bank officials respond to audit requests through Confirmation.

A6 Validating addresses 

Guidance

Determining that requests are properly addressed includes testing the validity of some or all of the addresses on confirmation requests before they are sent out.

How Confirmation Complies

We validate all entities participating in the Confirmation network. The controls surrounding this process are included in our SOC 1 report that is issued annually as part of our controls audit. By relying on our validation procedures, you avoid the need to perform your own validation procedures.

A12 Electronic responses 

Guidance

Responses received electronically, for example by facsimile or electronic mail, involve risks as to reliability because proof of origin and authority of the respondent may be difficult to establish, and alterations may be difficult to detect. A process used by the auditor and the respondent that creates a secure environment for responses received electronically may mitigate these risks. If the auditor is satisfied that such a process is secure and properly controlled, the reliability of the related responses is enhanced. An electronic confirmation process might incorporate various techniques for validating the identity of a sender of information in electronic form, for example, through the use of encryption, electronic digital signatures, and procedures to verify web site authenticity.

How Confirmation Complies

Confirmation operates industry-leading information security and data privacy practices. We have procedures and controls in place to ensure the integrity, confidentiality and accessibility of data. We undergo third-party audits to demonstrate the effectiveness of our controls: 

  • SOC 1 and SOC 2 examinations annually.
  • Received an ISO27001 certification of the Confirmation service.

A13 Involvement of third parties 

Guidance

If a confirming party uses a third party to coordinate and provide responses to confirmation requests, the auditor may perform procedures to address the risks that: (a) The response may not be from the proper source; (b) A respondent may not be authorized to respond; and (c) The integrity of the transmission may have been compromised.

How Confirmation Complies

The Confirmation control environment ensures that user access if controlled and monitored at the banks, and that transmission of data is secure and maintains integrity. Our controls reports outlined above demonstrate the effectiveness of these procedures.

Para 12 Non-responses 

Guidance

In the case of each non-response, the auditor shall perform alternative audit procedures to obtain relevant and reliable audit evidence.

How Confirmation Complies

Confirmation guarantees responses for In-Network confirmations, avoiding the need for alternative procedures.

Want to learn more?

Get started Contact us