Compliance

Our unwavering commitment to compliance

As part of a global company serving the needs of professionals across tax, accounting, legal, government, and media, we take compliance seriously. Maintaining the highest standards of integrity, accountability, and compliance with ever-changing regulations and standards is non-negotiable and woven into everything we do.

How Confirmation complies with regulatory guidance

Validation guaranteed

How it works:

  • Validates the business details of both auditors and bankers before platform use 
  • Ensures that the right information is going to the right person, reducing fraud risk
  • Prevents a user from electronically signing someone else’s name on a confirmation
  • Logs all user activity in the platform, creating a reliable audit confirmation trail 
  • Eliminates the burden of auditors having to verify the identity of the respondent

Compliance with audit standards and guidance

With Confirmation, you can rest assured that you're in compliance with the latest auditing standards and requirements from the AICPA, the PCAOB, and the ISA. Explore the different regulatory guidance and how we comply below.


AICPA – AU-C Section 500: Audit Evidence

外部询证函

指南

.A18  An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party) in paper form or by electronic or other medium.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. 您可通过向经过核实的复函方发送申请,免除对复函方的身份进行核实并确定其是否拥有复函授权的烦扰。

可靠性

指南

.A32  While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:

  • 由审计员直接取得的审计证据比间接或根据推论取得的审计证据更可靠。
  • 文件记录形式(无论是纸质、电子版还是其他介质)的审计证据比口头获得的审计证据更可靠。

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user.您可通过向经过核实的复函方发送申请,免除对复函方的身份进行核实并确定其是否拥有复函授权的烦扰。 Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.

Back to top


AICPA – AU-C Section 505: External Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

选择正确的复函方 

指南

.A3  Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. 您可通过向经过核实的复函方发送申请,免除对复函方的身份进行核实并确定其是否拥有复函授权的烦扰。

询证函申请的回应可靠性 

指南

.A15  An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. 能否创建安全的询证环境取决于审计员和复函方为尽可能降低因询证函遭到拦截或篡改而导致审计结果受影响的概率而采用的流程或机制。   

How Confirmation Complies

使用最高安全等级以确保隐私和数据完整性。  Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.   

Back to top


AICPA – Practice Alert 03-1: Audit Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

指南

.19  If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses.

How Confirmation Complies

Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service. 使用最高安全等级以确保隐私和数据完整性。 Confirmation uses a unique authentication and authorization process to verify the authenticity of each user.您可通过向经过核实的复函方发送申请,免除对复函方的身份进行核实并确定其是否拥有复函授权的烦扰。

Back to top

PCAOB – AU Section 326: Audit evidence

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.

复函方

指南

.27  The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence. 

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. 您可通过向经过核实的复函方发送申请,免除对复函方的身份进行核实并确定其是否拥有复函授权的烦扰。

执行询证程序 

指南

.29  During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses.  保持控制权意味着与既定的收件人进行直接通信交流,而且审计员必须尽可能降低因询证函申请或回应遭到拦截和篡改而导致审计结果出现偏差的概率。

How Confirmation Complies

使用最高安全等级以确保隐私和数据完整性。允许审计员向既定的复函方直接发送审计询证函申请。 Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.

Back to top


PCAOB – AU Section 326: Audit Evidence

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.

充分适当的审计证据

指南

.08  Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.

How Confirmation Complies

Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.

Back to top

ISA - ISA 505:外部询证函

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the ISA.

Para 6(a)定义:外部询证函 

指南

作为第三方(提供询证函的一方)通过纸质、电子版或其他介质直接发送给审计员的书面回应所获得的审计证据。 

How Confirmation Complies

Confirmation enables auditors to receive audit confirmations electronically.由获得授权的银行高管基于审计员申请撰写的复函。 Use of Confirmation meets the requirements of an 'External Confirmation'.

Para 7保持控制权 

指南

在使用外部询证函流程时,审计员应始终保持对外部询证函申请的控制权。 

How Confirmation Complies

由审计员保持对整个流程的完全控制权,包括客户与账户设置、申请客户授权以及发送和接收询证函。

A2 选择正确的复函方 

指南

当审计员向其认为对所需询证信息有充分了解的复函方发送询证函申请时,所获得的回应可提供更相关、更可靠的审计证据。例如,如需向某个金融机构发送询证函申请,那么该金融机构内对于询证函所针对的交易或安排具有充分了解的高管可能是最适合的人选。 

How Confirmation Complies

Participating banks have strict user access controls and monitoring procedures in place to ensure that only authorized bank officials respond to audit requests through Confirmation.

A6 地址验证 

指南

确定询证函申请的送交地址是否正确包括在发送询证函申请之前,对部分或全部地址进行核实。

How Confirmation Complies

We validate all entities participating in the Confirmation network. The controls surrounding this process are included in our SOC 1 report that is issued annually as part of our controls audit.您可通过依赖我们的验证程序,免除自行执行验证程序的需求。

A12 电子复函 

指南

由于可能难以确定复函方的来源证明和授权,同时可能难以检测篡改痕迹,因此通过传真或电子邮件等方式收到的电子复函具有可靠性风险。如果审计员和复函方所采用的流程能够为接收电子复函创建安全的环境,则有助于减少此类风险。如果审计员认为此等流程是安全并受到适当监控的,则相关回应更加可靠。电子询证函流程可能包含多项用于对电子版信息发送者的身份进行验证的技术,例如通过使用加密技术、电子数字签名以及网站真实性验证程序等。

How Confirmation Complies

Confirmation operates on industry-leading information security and data privacy practices.我们采用多种程序和控制措施,从而确保数据的完整性、保密性和可访问性。我们通过执行第三方审计来确证我们采取的控制措施的有效性:

  • SOC 1 and SOC 2 examinations annually.
  • Received an ISO27001 certification of the Confirmation service.

A13 第三方涉入 

指南

如果复函方聘用了第三方对询证函申请进行协调和提供回应,审计员可执行旨在应对以下风险的程序:(a) 回应可能并非由正确的来源提供;(b) 复函方可能并未获得做出回应的授权;(c) 传输完整性可能已遭到损害。

How Confirmation Complies

The Confirmation control environment ensures that user access if controlled and monitored at the banks, and that transmission of data is secure and maintains integrity.上文概述的控制报告展示了这些程序的有效性。

Para 12 无回应 

指南

如果未收到回应,审计员须执行其他审计程序来取得相关、可靠的审计证据。

How Confirmation Complies

Confirmation guarantees responses for In-Network confirmations, avoiding the need for alternative procedures.

想了解更多信息?

Get started Contact us