Directive réglementaire

Confirmation.com helps auditors comply with auditing standards and requirements

Learn how Confirmation.com complies with each of the governing bodies.

AICPA

AU-C Section 500: Audit Evidence

Conseils	How Confirmation.com complies
Demandes de circularisation externes .A18 Une demande de circularisation externe représente les informations probantes obtenues par l’auditeur sous forme de réponse écrite directe à l’auditeur de la part d’un tiers (la partie qui fournit la confirmation) sous forme papier, électronique ou autre.	Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
Reliability .A32 While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful: The reliability of audit evidence is increased when it is obtained from independent sources outside the entity. Les informations probantes obtenues directement par l’auditeur sont plus fiables que celles obtenues indirectement ou par inférence. Les informations probantes sous forme documentaire (papier, électronique ou autre) sont plus fiables que les éléments obtenus oralement.	Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

Conseils

How Confirmation.com complies

Demandes de circularisation externes
.A18 Une demande de circularisation externe représente les informations probantes obtenues par l’auditeur sous forme de réponse écrite directe à l’auditeur de la part d’un tiers (la partie qui fournit la confirmation) sous forme papier, électronique ou autre.

Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Reliability
.A32 While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:

The reliability of audit evidence is increased when it is obtained from independent sources outside the entity.
Les informations probantes obtenues directement par l’auditeur sont plus fiables que celles obtenues indirectement ou par inférence.
Les informations probantes sous forme documentaire (papier, électronique ou autre) sont plus fiables que les éléments obtenus oralement.

Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

AU-C Section 505: External Confirmations

Conseils	How Confirmation.com complies
*Sélection de la partie appropriée fournissant la confirmation* .A3 Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed.	Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
Reliability of Responses to Confirmation Requests .A15 An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. Creating a secure confirmation environment depends on the process or mechanism used by the auditor and the respondent to minimize the possibility that the results will be compromised because of interception or alteration of the confirmation.	Uses the highest level of security to ensure privacy and data integrity. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

Conseils

How Confirmation.com complies

Sélection de la partie appropriée fournissant la confirmation
.A3 Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed.

Reliability of Responses to Confirmation Requests
.A15 An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. Creating a secure confirmation environment depends on the process or mechanism used by the auditor and the respondent to minimize the possibility that the results will be compromised because of interception or alteration of the confirmation.

Uses the highest level of security to ensure privacy and data integrity. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

Practice Alert 03-1: Audit Confirmations

Conseils	How Confirmation.com complies
.19 If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses.	Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. Uses the highest level of security to ensure privacy and data integrity. Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

Conseils

How Confirmation.com complies

.19 If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses.

Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. Uses the highest level of security to ensure privacy and data integrity. Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.

PCAOB

AU Section 330: The Confirmation Process

Conseils	How Confirmation.com complies
Respondent .27 The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence.	Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond.
Performing Confirmation Procedures .29 During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses. Maintaining control means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because the interception and alteration of the confirmation requests or responses.	Uses the highest level of security to ensure privacy and data integrity. Allows an auditor to send audit confirmation requests directly to the intended responder. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

Conseils

How Confirmation.com complies

Respondent
.27 The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence.

Performing Confirmation Procedures
.29 During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses. Maintaining control means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because the interception and alteration of the confirmation requests or responses.

Uses the highest level of security to ensure privacy and data integrity. Allows an auditor to send audit confirmation requests directly to the intended responder. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

AU Section 326: Audit Evidence

Conseils	How Confirmation.com complies
*Informations audit suffisantes et appropriées* .08 Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.	Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service.

ISA

ISA - ISA 505: External Confirmations

Conseils	How Confirmation.com complies
*Paragraphe 6(a) Définition : demande de circularisation externe* Informations probantes obtenues sous forme de réponse écrite directe à l’auditeur de la part d’un tiers (la partie qui fournit la confirmation) sous forme papier, électronique ou autre.	Confirmation.com enables auditors to receive audit confirmations electronically. Responses are prepared by authorized bank officials based on the auditor's request. Use of Confirmation.com meets the requirements of an ‘External Confirmation’.
*Paragraphe 7 Maintien du contrôle* Lors de l’utilisation de procédures de circularisation externes, l’auditeur doit garder le contrôle sur les demandes de circularisation externes.	Les auditeurs conservent un contrôle total sur le processus, y compris la configuration du client et des comptes, la demande d'autorisation du client et l'envoi et la réception des demandes de circularisation.
*A2 Selecting the appropriate confirming party* Les réponses aux demandes de circularisation fournissent des informations probantes plus pertinentes et plus fiables lorsque les demandes sont envoyées à un tiers qui, selon l’auditeur, est au courant des informations à confirmer. Par exemple, un représentant d’une institution financière qui connaît bien les transactions ou les arrangements pour lesquels une demande de circularisation est formulée peut être la personne de l’institution financière à qui il est préférable d’envoyer la demande.	Participating banks have strict user access controls and monitoring procedures in place to ensure that only authorized bank officials respond to audit requests through Confirmation.com.
*A6 Validation des adresses* Pour déterminer si les demandes sont correctement envoyées, il convient de vérifier la validité d’une partie ou de la totalité des adresses des demandes de circularisation avant qu’elles ne soient envoyées.	We validate all entities participating in the Confirmation.com network. The controls surrounding this process are included in our SOC 1 report that is issued every six months as part of our controls audit. By relying on our validation procedures, you avoid the need to perform your own validation procedures.
A12 Réponses électroniques Les réponses reçues par voie électronique, par exemple par télécopie ou courrier électronique, comportent des risques de fiabilité, car la preuve d’origine et d’autorité de l’intervenant peut être difficile à établir, et les altérations peuvent être difficiles à détecter. Un processus utilisé par l’auditeur et l’intervenant qui crée un environnement sécurisé pour les réponses reçues par voie électronique peut atténuer ces risques. Si l’auditeur est satisfait qu’un tel processus est sécurisé et correctement contrôlé, la fiabilité des réponses associées est améliorée. Un processus de circularisation électronique peut intégrer diverses techniques de validation de l’identité d’un expéditeur d’informations sous forme électronique, par exemple via le chiffrement, les signatures numériques électroniques et les procédures de vérification de l’authenticité du site Web.	Confirmation.com's operates industry-leading information security and data privacy practices. We have procedures and controls in place to ensure the integrity, confidentiality and accessibility of data. We undergo third-party audits to demonstrate the effectiveness of our controls: SOC 1, SOC 2 and SOC 3 examinations every six months. Received an ISO27001 certification of the Confirmation.com service. TRUSTe data privacy and EU Safe Harbor certification.
*A13 Implication de tiers* Si la partie qui fournit la confirmation utilise un tiers pour coordonner et fournir des réponses aux demandes de circularisation, l’auditeur peut recourir à des procédures afin de remédier aux risques que : (a) la réponse ne provienne pas de la source appropriée ; (b) un intervenant ne soit pas autorisé à répondre ; et (c) l’intégrité de la transmission ait été compromise.	Confirmation.com's control environment ensures that user access if controlled and monitored at the banks, and that transmission of data is secure and maintains integrity. Our controls reports outlined above demonstrate the effectiveness of these procedures.
*Paragraphe 12 Non-réponses* Dans le cas de chaque non-réponse, l’auditeur appliquera d’autres procédures d’audit afin d’obtenir des informations probantes pertinentes et fiables.	Confirmation.com guarantees responses for In-Network confirmations, avoiding the need for alternative procedures.