By John Filar Atwood
The Public Company Accounting Oversight Board (PCAOB) has adopted a new standard to modernize the requirements for the auditor’s use of confirmation, which is the process by which an auditor verifies information about one or more financial statement assertions with a third party. The move brings up to date a standard that has had only minimal amendments since it was adopted by the PCAOB in 2003. The standard in question is AS 2310, The Confirmation Process, which is now replaced by new AS 2310, The Auditor’s Use of Confirmation.
The PCAOB emphasized that the adoption of the new standard was informed by input from a notice-and-comment process that included a concept release and two proposing releases. The new standard will apply to all audits conducted under PCAOB standards and, subject to approval by the SEC, will take effect for audits of financial statements for fiscal years ending on or after June 15, 2025.
According to the PCAOB, the confirmation process involves an auditor selecting one or more items to be confirmed, sending a request to a confirming party, evaluating the information received, and addressing non-responses and incomplete responses to obtain audit evidence about one or more financial statement assertions.
Inspection findings. The PCAOB said that it had noticed in inspections over the past several years that some auditors did not fulfill their responsibilities under the existing standard when performing confirmation procedures. Inspectors noticed that some auditors did not consider performing procedures to verify the source of confirmation responses received electronically, or perform sufficient alternative procedures. Others did not restrict the use of negative confirmation requests to situations where the risk of material misstatement was assessed as low, or maintain appropriate control over the confirmation process, the PCAOB found.
The PCAOB expects that the new standard’s principles-based requirements will help address some of these shortcomings. In addition, the new standard better integrates with the PCAOB’s risk assessment standards by incorporating certain risk-based considerations and emphasizing the auditor’s responsibilities for obtaining relevant and reliable audit evidence through the confirmation process, the PCAOB said.
New standard’s provisions. Among other things, the new standard includes a new requirement regarding confirming cash and cash equivalents held by third parties or otherwise obtaining relevant and reliable audit evidence by directly accessing information maintained by a knowledgeable external source. However, it carries forward the existing requirement regarding confirming accounts receivable.
If it would not be feasible for the auditor to obtain audit evidence directly from a knowledgeable external source for accounts receivable, the new standard provides that the auditor should perform other substantive audit procedures, including tests of details, that involve obtaining audit evidence from external sources indirectly.
Under the new standard, for significant risks associated with cash or accounts receivable, the auditor is required to communicate with the audit committee when the auditor did not perform confirmation procedures or otherwise obtain audit evidence by directly accessing information maintained by a knowledgeable external source.
Negative confirmation requests. The new standard states that the use of negative confirmation requests alone does not provide sufficient appropriate audit evidence. The use of negative confirmation requests may provide sufficient audit evidence only when combined with other substantive audit procedures, the standard states. The new standard includes examples of situations in which the use of negative confirmation requests in combination with other substantive audit procedures may provide sufficient appropriate audit evidence.
The new standard emphasizes the auditor’s responsibility to maintain control over the confirmation process and provides that the auditor is responsible for selecting the items to be confirmed, sending confirmation requests, and receiving confirmation responses.
Finally, the new standard identifies situations where other procedures should be performed by the auditor as an alternative to confirmation. It also includes examples of alternative procedures that individually or in combination may provide relevant and reliable audit evidence.