Compliance
Our unwavering commitment to compliance
As part of a global company serving the needs of professionals across tax, accounting, legal, government, and media, we take compliance seriously. Maintaining the highest standards of integrity, accountability, and compliance with ever-changing regulations and standards is non-negotiable and woven into everything we do.
How Confirmation complies with regulatory guidance
Validation guaranteed
How it works:
- Validates the business details of both auditors and bankers before platform use
- Ensures that the right information is going to the right person, reducing fraud risk
- Prevents a user from electronically signing someone else’s name on a confirmation
- Logs all user activity in the platform, creating a reliable audit confirmation trail
- Eliminates the burden of auditors having to verify the identity of the respondent
Compliance with audit standards and guidance
With Confirmation, you can rest assured that you’re in compliance with the latest auditing standards and requirements from the AICPA, the PCAOB, and the ISA. Explore the different regulatory guidance and how we comply below.
AICPA – AU-C Section 500: Audit Evidence
External Confirmations
Guidance
.A18 An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party) in paper form or by electronic or other medium.
How Confirmation Complies
Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
Reliability
Guidance
.A32 While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:
- Audit evidence obtained directly by the auditor is more reliable than audit evidence obtained indirectly or by inference.
- Audit evidence in documentary form, whether paper, electronic, or other medium, is more reliable than evidence obtained orally.
How Confirmation Complies
Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.
AICPA – AU-C Section 505: External Confirmations
Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.
Selecting the Appropriate Confirming Party
Guidance
.A3 Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed.
How Confirmation Complies
Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
Reliability of Responses to Confirmation Requests
Guidance
.A15 An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. Creating a secure confirmation environment depends on the process or mechanism used by the auditor and the respondent to minimize the possibility that the results will be compromised because of interception or alteration of the confirmation.
How Confirmation Complies
Uses the highest level of security to ensure privacy and data integrity. Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.
AICPA – Practice Alert 03-1: Audit Confirmations
Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.
Guidance
.19 If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses.
How Confirmation Complies
Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service. Uses the highest level of security to ensure privacy and data integrity. Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
PCAOB – AU Section 326: Audit evidence
Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.
Respondent
Guidance
.27 The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence.
How Confirmation Complies
Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
Performing Confirmation Procedures
Guidance
.29 During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses. Maintaining control means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because the interception and alteration of the confirmation requests or responses.
How Confirmation Complies
Uses the highest level of security to ensure privacy and data integrity. Allows an auditor to send audit confirmation requests directly to the intended responder. Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.
PCAOB – AU Section 326: Audit Evidence
Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.
Sufficient Appropriate Audit Evidence
Guidance
.08 Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.
How Confirmation Complies
Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.
ISA – ISA 505: External Confirmations
Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the ISA.
Para 6(a) Definition: External Confirmation
Guidance
Audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium.
How Confirmation Complies
Confirmation enables auditors to receive audit confirmations electronically. Responses are prepared by authorized bank officials based on the auditor’s request. Use of Confirmation meets the requirements of an ‘External Confirmation’.
Para 7 Maintaining control
Guidance
When using external confirmation procedures, the auditor shall maintain control over external confirmation requests.
How Confirmation Complies
Auditors keep complete control over the process, including client and accounts setup, requesting client authorization and the sending and receipt of confirmations.
A2 Selecting the appropriate confirming party
Guidance
Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party the auditor believes is knowledgeable about the information to be confirmed. For example, a financial institution official who is knowledgeable about the transactions or arrangements for which confirmation is requested may be the most appropriate person at the financial institution from whom to request confirmation.
How Confirmation Complies
Participating banks have strict user access controls and monitoring procedures in place to ensure that only authorized bank officials respond to audit requests through Confirmation.
A6 Validating addresses
Guidance
Determining that requests are properly addressed includes testing the validity of some or all of the addresses on confirmation requests before they are sent out.
How Confirmation Complies
We validate all entities participating in the Confirmation network. The controls surrounding this process are included in our SOC 1 report that is issued annually as part of our controls audit. By relying on our validation procedures, you avoid the need to perform your own validation procedures.
A12 Electronic responses
Guidance
Responses received electronically, for example by facsimile or electronic mail, involve risks as to reliability because proof of origin and authority of the respondent may be difficult to establish, and alterations may be difficult to detect. A process used by the auditor and the respondent that creates a secure environment for responses received electronically may mitigate these risks. If the auditor is satisfied that such a process is secure and properly controlled, the reliability of the related responses is enhanced. An electronic confirmation process might incorporate various techniques for validating the identity of a sender of information in electronic form, for example, through the use of encryption, electronic digital signatures, and procedures to verify web site authenticity.
How Confirmation Complies
Confirmation operates on industry-leading information security and data privacy practices. We have procedures and controls in place to ensure the integrity, confidentiality and accessibility of data. We undergo third-party audits to demonstrate the effectiveness of our controls:
- SOC 1 and SOC 2 examinations annually.
- Received an ISO27001 certification of the Confirmation service.
A13 Involvement of third parties
Guidance
If a confirming party uses a third party to coordinate and provide responses to confirmation requests, the auditor may perform procedures to address the risks that: (a) The response may not be from the proper source; (b) A respondent may not be authorized to respond; and (c) The integrity of the transmission may have been compromised.
How Confirmation Complies
The Confirmation control environment ensures that user access if controlled and monitored at the banks, and that transmission of data is secure and maintains integrity. Our controls reports outlined above demonstrate the effectiveness of these procedures.
Para 12 Non-responses
Guidance
In the case of each non-response, the auditor shall perform alternative audit procedures to obtain relevant and reliable audit evidence.
How Confirmation Complies
Confirmation guarantees responses for In-Network confirmations, avoiding the need for alternative procedures.