Compliance

Our unwavering commitment to compliance

As part of a global company serving the needs of professionals across tax, accounting, legal, government, and media, we take compliance seriously. Maintaining the highest standards of integrity, accountability, and compliance with ever-changing regulations and standards is non-negotiable and woven into everything we do.

How Confirmation complies with regulatory guidance

Validation guaranteed

How it works:

  • Validates the business details of both auditors and bankers before platform use 
  • Ensures that the right information is going to the right person, reducing fraud risk
  • Prevents a user from electronically signing someone else’s name on a confirmation
  • Logs all user activity in the platform, creating a reliable audit confirmation trail 
  • Eliminates the burden of auditors having to verify the identity of the respondent

Compliance with audit standards and guidance

With Confirmation, you can rest assured that you're in compliance with the latest auditing standards and requirements from the AICPA, the PCAOB, and the ISA. Explore the different regulatory guidance and how we comply below.


AICPA – AU-C Section 500: Audit Evidence

外部詢證函

指引

.A18  An external confirmation represents audit evidence obtained by the auditor as a direct written response to the auditor from a third party (the confirming party) in paper form or by electronic or other medium.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. 透過向已認證的回應方發送請求,您可以免卻必須驗證申請人身份以及他們是否獲授權回覆的麻煩。

可靠性

指引

.A32  While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:

  • 直接從核數師獲得的審計證據比間接或推斷獲得的審計證據更為可靠。
  • 文件格式的審計證據,不論是紙質、電子或其他媒介形式都比口頭獲得的更為可靠。

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user.透過向已認證的回應方發送請求,您可以免卻必須驗證申請人身份以及他們是否獲授權回覆的麻煩。 Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.

Back to top


AICPA – AU-C Section 505: External Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

選擇適合的確認方 

指引

.A3  Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed.

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. 透過向已認證的回應方發送請求,您可以免卻必須驗證申請人身份以及他們是否獲授權回覆的麻煩。

回應詢證函請求的可靠性 

指引

.A15  An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. 要創建一個安全的詢證環境,取決於核數師和回應方為減少由於攔截或變更詢證函而使結果受到損害的可能性所使用的過程或機制。   

How Confirmation Complies

使用最高安全性級別以確保私隱和數據完整性。  Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.   

Back to top


AICPA – Practice Alert 03-1: Audit Confirmations

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the AICPA.

指引

.19  If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses.

How Confirmation Complies

Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service. 使用最高安全性級別以確保私隱和數據完整性。 Confirmation uses a unique authentication and authorization process to verify the authenticity of each user.透過向已認證的回應方發送請求,您可以免卻必須驗證申請人身份以及他們是否獲授權回覆的麻煩。

Back to top

PCAOB – AU Section 326: Audit evidence

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.

回應方

指引

.27  The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence. 

How Confirmation Complies

Confirmation uses a unique authentication and authorization process to verify the authenticity of each user. 透過向已認證的回應方發送請求,您可以免卻必須驗證申請人身份以及他們是否獲授權回覆的麻煩。

履行詢證函程序 

指引

.29  During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses.  維持控制表示建立預期接受者和核數師之間的直接交流,以減小由於攔截或變更詢證函的請求或回應而導致結果產生偏頗的可能性。

How Confirmation Complies

使用最高安全性級別以確保私隱和數據完整性。允許核數師直接向預期回應方發送審計詢證函請求。 Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.

Back to top


PCAOB – AU Section 326: Audit Evidence

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the PCAOB.

充足適當的審計證據

指引

.08  Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity.

How Confirmation Complies

Undergoes SOC 1 and SOC 2 examinations annually, and has received an ISO 27001 certification of its Confirmation service.

Back to top

ISA - ISA 505:外部詢證函

Confirmation helps auditors comply with auditing standards and requirements. Please read below to learn how Confirmation complies with the ISA.

第6段定義:外部詢證函 

指引

核數師自第三方(確認方)獲得作為直接書面回覆的審計證據,可以為紙質、電子或其他媒介形式。 

How Confirmation Complies

Confirmation enables auditors to receive audit confirmations electronically.獲授權銀行官員會根據核數師的請求準備回應。 Use of Confirmation meets the requirements of an 'External Confirmation'.

第7段 維持控制 

指引

在使用外部詢證函程序時,核數師應對外部詢證函請求維持控制。 

How Confirmation Complies

核數師對整個過程維持完全控制,包括客戶與帳戶設置、請求客戶授權和發送與接收詢證函。

A2 選擇適當的確認方 

指引

如核數師把詢證函請求發送至確認方,並確信其對於需確認的資料具備充分知識,此詢證函回應將提供更相關和可靠的審計證據。例如,一個對於發送詢證函請求一方的交易和安排具備充分知識的金融機構人員,可能是發送詢證函請求最適合的對象。 

How Confirmation Complies

Participating banks have strict user access controls and monitoring procedures in place to ensure that only authorized bank officials respond to audit requests through Confirmation.

A6 確認地址 

指引

確保所有請求都發送妥當,包括在發送出去前,測試詢證函請求上某些或全部地址的有效性。

How Confirmation Complies

We validate all entities participating in the Confirmation network. The controls surrounding this process are included in our SOC 1 report that is issued annually as part of our controls audit.依靠我們的驗證程序,您就不用再執行您自己的驗證程序。

A12 電子回應 

指引

電子接收的回應,例如通過傳真或電郵,由於證據來源和回應方的身份可能難以確認,而且亦難以發現任何修改,因此涉及較高的可靠性風險。建立一個核數師和回應方以電子形式接收回應的安全環境過程,可能降低這些風險。如果核數師已確知此過程為安全而且合理控制,相關回應的可靠性亦會隨之提升。一個電子詢證函過程可能包含各種技術以驗證以電子形式發送資料人的身份,例如透過使用密碼、電子數字簽名以及核實網站真實性的程序。

How Confirmation Complies

Confirmation operates industry-leading information security and data privacy practices.我們透過適當的程序和監控,以確保數據完整、保密和可用。我們接受第三方審計,以證明我們控制的有效性:

  • SOC 1 and SOC 2 examinations annually.
  • Received an ISO27001 certification of the Confirmation service.

A13 第三方的參與 

指引

如果一個確認方使用第三方協調並提供詢證函請求回應,核數師可執行程序處理風險:(a) 回應的來源不恰當; (b) 回應者未獲得回應授權,及 (c) 傳輸的完整性受到質疑。

How Confirmation Complies

The Confirmation control environment ensures that user access if controlled and monitored at the banks, and that transmission of data is secure and maintains integrity.我們以上概述的控制報告證明了這些程序的有效性。

第12段 無回應 

指引

如沒有接獲回應,核數師應執行替代審計程序以獲得相關及可靠的審計證據。

How Confirmation Complies

Confirmation guarantees responses for In-Network confirmations, avoiding the need for alternative procedures.

想了解更多?

Get started Contact us