监管机构的指引
Confirmation.com helps auditors comply with auditing standards and requirements
Learn how Confirmation.com complies with each of the governing bodies.
AICPA
AU-C Section 500: Audit Evidence
| 指南 | How Confirmation.com complies |
|---|---|
| 外部询证 .A18 外部询证代表审计人员获得的审计证据,是第三方(询证方)以纸质、电子或其他媒介,给予审计人员的直接书面复函。 |
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. |
| Reliability .A32 While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:
|
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. |
AU-C Section 505: External Confirmations
| 指南 | How Confirmation.com complies |
|---|---|
| 选择合适的询证方 .A3 Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed. |
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. |
| Reliability of Responses to Confirmation Requests .A15 An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. Creating a secure confirmation environment depends on the process or mechanism used by the auditor and the respondent to minimize the possibility that the results will be compromised because of interception or alteration of the confirmation. |
Uses the highest level of security to ensure privacy and data integrity. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. |
Practice Alert 03-1: Audit Confirmations
| 指南 | How Confirmation.com complies |
|---|---|
| .19 If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses. | Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. Uses the highest level of security to ensure privacy and data integrity. Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. |
PCAOB
AU Section 330: The Confirmation Process
| 指南 | How Confirmation.com complies |
|---|---|
| Respondent .27 The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence. |
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. |
| Performing Confirmation Procedures .29 During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses. Maintaining control means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because the interception and alteration of the confirmation requests or responses. |
Uses the highest level of security to ensure privacy and data integrity. Allows an auditor to send audit confirmation requests directly to the intended responder. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. |
AU Section 326: Audit Evidence
| 指南 | How Confirmation.com complies |
|---|---|
| Sufficient Appropriate Audit Evidence .08 Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity. |
Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. |
ISA
ISA - ISA 505: External Confirmations
| 指南 | How Confirmation.com complies |
|---|---|
| Para 6(a) Definition: External Confirmation 审计人员获得的审计证据,是第三方(询证方)以纸质、电子或其他媒介,给予审计人员的直接书面复函。 |
Confirmation.com enables auditors to receive audit confirmations electronically. Responses are prepared by authorized bank officials based on the auditor's request. Use of Confirmation.com meets the requirements of an ‘External Confirmation’. |
| Para 7 Maintaining control 使用外部询证程序时,审计人员应保持对外部询证请求的控制。 |
Auditors keep complete control over the process, including client and accounts setup, requesting client authorization and the sending and receipt of confirmations. |
| A2 Selecting the appropriate confirming party 当询证请求发送给审计人员认为了解待询证信息的询证方时,对询证请求的复函可以提供更相关、更可靠的审计证据。例如,了解询证相关的交易或安排的金融机构职员,可能是该金融机构中最合适的询证请求对象。 |
Participating banks have strict user access controls and monitoring procedures in place to ensure that only authorized bank officials respond to audit requests through Confirmation.com. |
| A6 Validating addresses 为了确定请求所发往的地址是否正确,需要在发出询证请求之前,测试部分或全部地址的有效性。 |
We validate all entities participating in the Confirmation.com network. The controls surrounding this process are included in our SOC 1 report that is issued every six months as part of our controls audit. By relying on our validation procedures, you avoid the need to perform your own validation procedures. |
| A12 Electronic responses 以电子方式(例如通过传真或电子邮件)收到的复函涉及可靠性风险,因为可能难以确定复函方的来源和权限,并且可能难以发现篡改。如果审计人员和复函方使用的流程可以创建一个安全接收电子复函的环境,就可以减轻这些风险。如果审计人员对此类流程的安全性和适当控制感到满意,则相关复函的可靠性就会增强。电子询证过程可以采用各种技术来验证电子信息发送者的身份,例如,通过使用加密、电子数字签名,以及验证网站真实性的流程。 |
Confirmation.com's operates industry-leading information security and data privacy practices. We have procedures and controls in place to ensure the integrity, confidentiality and accessibility of data. We undergo third-party audits to demonstrate the effectiveness of our controls:
|
| A13 Involvement of third parties 如果询证方使用第三方来协调并提供对询证请求的复函,审计人员可以执行相关程序来应对以下风险: (a) 复函可能不是来自适当的来源; (b) 复函方可能无权作出回应; (c) 传输的完整性可能已受到损害。 |
Confirmation.com's control environment ensures that user access if controlled and monitored at the banks, and that transmission of data is secure and maintains integrity. Our controls reports outlined above demonstrate the effectiveness of these procedures. |
| Para 12 Non-responses 对于各种得不到回应的情况,审计师应执行替代审计程序,以获取相关和可靠的审计证据。 |
Confirmation.com guarantees responses for In-Network confirmations, avoiding the need for alternative procedures. |
One platform for all your audit confirmations
Auditors send millions of requests worldwide to their clients' banks, law firms and suppliers. Online confirmations make this process simple.
Easy-to-use interface
An investment that's worth it
$0.00 per month
By registering as an auditor, you'll receive the highest access to our services