Bank Audit Requests

The Financial Reporting Council (FRC) is committed to protecting and improving audit and reporting quality. As part of this, there are three auditing standards that support auditors in obtaining external confirmations:

The key guidance in ISA (UK) 330 and ISA (UK) 505 read:

  • When using external confirmation procedures, the auditor shall maintain control over external confirmation requests.
  • Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party the auditor believes is knowledgeable about the information to be confirmed.
  • Determining that requests are properly addressed includes testing the validity of some or all of the addresses on confirmation requests before they are sent out.
  • Responses received electronically, for example by facsimile or electronic mail, involve risks as to reliability because proof of origin and authority of the respondent may be difficult to establish, and alterations may be difficult to detect.
  • If a confirming party uses a third party to coordinate and provide responses to confirmation requests, the auditor may perform procedures to address the risks that:
    • (a) The response may not be from the proper source;
    • (b) A respondent may not be authorized to respond; and
    • (c) The integrity of the transmission may have been compromised.
  • Audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium.

In addition to the ISA (UK) 330 and ISA (UK) 505, in January 2020, the FRC updated its guidance on the auditor’s responsibilities relating to fraud in an audit of financial statements. The updated guidance reads:

  • An auditor conducting an audit in accordance with ISAs (UK) is responsible for obtaining reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether caused by fraud or error.
  • The auditor is responsible for maintaining professional scepticism throughout the audit, considering the potential for management override of controls and recognizing the fact that audit procedures that are effective for detecting error may not be effective in detecting fraud.
  • The auditor shall evaluate whether the information obtained from the other risk assessment procedures and related activities performed indicates that one or more fraud risk factors are present.

Please find out more about our chosen partner – Confirmation, part of Thomson Reuters here.

Third-Party Partnerships

Find out more about our chosen partner for easy, fast and secure electronic confirmation – Confirmation, part of Thomson Reuters

Read More Click through arrow