Publication of ISA (UK) 505 External Confirmations
The Financial Reporting Council (FRC) has published a revised version of ISA (UK) 505 which covers the use of external confirmations to obtain audit evidence following a consultation on proposed changes to the standard that took place earlier this year.
Obtaining external confirmations is common practice on many audit engagements, as audit evidence is more reliable when it is obtained from an independent source when compared with evidence provided to the auditor directly by the client.
Up until now the version of ISA 505 used in the UK has been virtually the same as the international version published by the IAASB upon which it is based, it was not previously considered necessary to amend the requirements of the standard to make it fit for use in the UK.
This UK initiative to update and enhance the standard was considered necessary now though by the FRC to reflect recent enforcement findings as well as to ensure that it reflected modern approaches to obtaining confirmations.
The biggest change being introduced is that the use of negative confirmations will now be prohibited and cannot be relied upon. A negative confirmation is one where the confirming party is only asked to respond to the auditor if they disagree with the information provided in the request. This change is one that group auditors will need to be particularly wary of, as component auditors overseas may still be permitted to rely on negative confirmations based on local auditing standards and group instructions will need to make clear that they are not to be used.
The definition of an external confirmation has been amended to make clear that the use of electronic or other media to obtain audit evidence, such as through the use of web portals, software interfaces or other digital means, only qualifies as an external confirmation if that third party information was directly accessed by the auditor themselves and not via the client.
Guidance has also been added to remind auditors that they need to obtain evidence that addresses all relevant assertions, and that whilst the use of electronic confirmations might provide evidence over accuracy or valuation they may not always provide evidence in respect of completion and additional procedures may be necessary to ensure that sufficient evidence is obtained to support all relevant assertions.
The revised standard also makes clear that when designing confirmation requests auditors need to ensure that they are appropriately designed to provide evidence relevant to the assertions on which evidence is being sought.
Where the confirming party indicates a difference with the information obtained from the client that they are being asked to confirm, the revised standard now requires auditors to consider whether such exceptions are indicative of fraud or suspected fraud, or whether it is indicative of a deficiency in the entity’s system of internal control.
In such situations the auditor will also need to consider how any additional procedures will allow them to obtain sufficient appropriate audit evidence.
The revised standard is effective for audits of financial statements for periods commencing on or after 15 December 2024.