4 pitfalls you must avoid when ordering audit confirmations

Before Brevio, this was a time-consuming process, which involved many pitfalls. Below we consider the 4 most common pitfalls when ordering audit confirmations outside Brevio.

1. The customer collects a bank statement from the internet bank

A shortcut for some has been to ask the customer to send over an audit report or account statement that is in the internet bank.

This procedure does not comply with the requirements of the auditing standards, including ISA 505, which state that the evidence must be obtained as a written response directly from a third party.

Furthermore, there is also the risk that the printout does not contain the information you need, including rights, powers of attorney, etc.

2. The customer orders the audit report in the internet bank

Streamlining the process around audit confirmations has long been a goal for the banks as well. Therefore, there are also solutions, where the audit client himself orders the task in the online bank, and where the bank sends the task back to the auditor.

This procedure also does not comply with the requirements of the auditing standard (ISA 505), as there is a stated requirement in the standard that the confirmation process must be initiated by the auditor, and that the auditor must be in control of the process vis-à-vis third parties. This is to ensure that neither the request nor the audit evidence is changed.

3. The auditor retrieves the audit confirmation from the customer's own internet bank or ordering portal

Some banks arrange for the auditor to retrieve the confirmation himself from the customer's internet bank or from an ordering portal. This will have several implications for the auditor:

— Increased risk Increased risk: It is the auditor's responsibility to assess whether the confirmation process and content comply with the auditing standard (ISA 505).

— Increased administrative burden: In Norway, there are over 150 banks that annually deliver audit confirmations. Such a solution for each bank could therefore entail significant time spent on user administration etc.

— Increased training cost: Many systems mean a lot of training. This training cost will be further enhanced by the fact that the process on the auditor's side is often carried out by the same person for only a few years, before new auditors take over.

4. The auditor request the confirmations via post/e-mail

Many banks still accept requests sent by post and email. This is a procedure that has remained unchanged in recent decades.

In addition to being clearly the most time-consuming way to do it, there are also several risks with this method of ordering:

— Reputational risk: In a digital age, where the focus on customer experience and product is central, customers will find it not forward-looking that audit confirmations are obtained manually.

— Process risk: The risk of human error during the process is high, in addition to the fact that the documentation requirements for the process must be compliant. Here, too, it is up to the auditor at all times to ensure compliance with auditing standards.

Although the pitfalls are many, the reward is a strong and important audit evidence.

If you also manage to obtain the confirmation in an efficient way, and at the same time provide a great user experience, then you've made it.