Regulatory compliance

ISA 505 External confirmations (Excerpt - relevant requirements)

Parahraph 7 - Requirements for external confirmations

Ved bruk av eksterne bekreftelser skal revisor ha kontroll over anmodninger om ekstern bekreftelse, og skal blant annet:

  • Determining the information to be confirmed or requested; (Ref: Para. A1)
  • Selecting the appropriate confirming party; (Ref: Para. A2)
  • Designing the confirmation requests, including determining that requests are properly addressed and contain return information for responses to be sent directly to the auditor; and (Ref: Para. A3–A6)
  • Sending the requests, including follow-up requests when applicable, to the confirming party. (Ref: Para. A7)

How Brevio.com complies with this:

  • A1: The auditor determines all information that must be confirmed or stated.
  • A2: The auditor chooses which confirming party the request should be sent to - and the platform requires that all contact information provided by the customer is verified by the auditor.
  • A3: The auditor has full control over the design of the confirmation to be sent. The auditing companies themselves submit quality-assured templates used by all employees.
  • A6: Brevio.com requires the auditor to validate all information, including address, on the requests sent out.
  • A12: Brevio.com uses encryption, electronic digital signatures and has internal business practices to ensure the correct identity of the audit client and other external parties. The routines ensure confidentiality, integrity and accessibility of data. Heroku is used for web hosting. Amazon's data centers are used for physical infrastructure. The data centers are accredited after: ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI level 1, FISMA Moderat and Sarbanes-Oxley (SOX).
  • A13: Brevio.com ensures user access and monitors transfer security and integrity.

PCAOB - AS2310 (Excerpt - relevant requirements)

PCAOB - AS2310 External confirmations

  • .24 “When designing confirmations requests, the auditor should consider the types of information respondents will be readily able to confirm, since the nature of the information being confirmed may directly affect the appropriateness of the evidence obtained as well as the response rate.”
  • .26 “The auditor should direct the confirmations request to a third party who the auditor believes is knowledgeable about the information to be confirmed.”
  • .28 “During the performance of confirmations procedures, the auditor should maintain control over the confirmations requests and responses”

How Brevio.com complies with this:

  • .24 The auditor himself determines all information to be confirmed or disclosed. The auditor has full control over the design of the confirmation to be sent. The audit companies themselves submit quality-assured templates that are used by all employees.
  • .26 The auditor chooses which confirming party the request should be sent to - and the platform requires that all contact information provided by the client be verified by the auditor.
  • .28 Brevio.com assists the auditor in the process, providing control and oversight throughout the confirmation process. The solution also ensures integrity and confidentiality, and enables the auditor to send requests directly to the respondent.