This article highlights the potential pitfalls in the confirmation process identified in the proposed SAS, and suggests an improvement in the proposed guidance that seems more compatible with its intended purpose.

Overall Theme of Professional

Skepticism

The proposed SAS notes that "the auditor should exercise an appropriate level of professional skepticism throughout the confirmation process" (paragraph 14). This skepticism is important for designing the confirmation request, performing confirmation procedures, and evaluating confirmation results.

Confirming Transaction Terms

Increased levels of risk require the exercise of greater professional skepticism. The proposed SAS suggests that, "if the entity has entered into an unusual or complex transaction, the auditor should consider confirming the terms of the transaction with the other parties in addition to examining documentation held by the entity" (paragraph 7).

The proposed SAS further suggests that the auditor should consider, "whether there may be oral modifications to agreements, such as unusual payment terms or liberal rights of return. When the auditor believes there is a moderate or high degree of risk that there may be oral modifications, he or she should inquire concerning the existence and details of any such modifications to written agreements. One method of doing so is to confirm both the terms of the agreements and whether any oral modifications exist" (paragraph 24).

In auditing practice, it has been customary to confirm material balances, but confirmation of the terms of material transactions has varied. Some large CPA firms long ago adopted the practice of routinely confirming the terms as well as the amounts of all material transactions, whether or not balances exist at the financial statement date. Others have followed this practice only when there was an identified risk of side agreements. When terms are confirmed, the auditor inquires about the specific documents involved in the transaction and whether there are any other documents or understandings.

Some auditors have argued that collusive practices can mitigate the effectiveness of confirmation when there are side agreements. For this reason, additional procedures may be necessary in a high risk situation. However, experience in recent litigation and enforcement actions has shown that other independent parties to a transaction are often willing to disclose matters, such as guarantees by management, made to make a transaction acceptable to them. These parties, however, will not usually volunteer this information. They have to be asked the right questions.

When to Confirm Terms

Should confirmation of the terms of all material transactions be a customary auditing procedure? The practice is presently customary for certain types of transactions.

Whenever the client's revenue recognition method differs from the general rule of recognition on date of delivery to customers, confirmation of the terms of material transactions should be considered. For example, when a client engages in "bill-an-hold" or "ship-in-place" transactions, confirmation of the terms or conditions of the transactions is essential. The auditor should confirm the understanding of the underlying facts with the customer, including particularly the customer's reasons for delaying shipment and whether there are modifications of other terms, such as payment terms.

The proposed SAS advises confirmation of terms whenever the auditor believes there is a moderate or high degree of risk that there may be oral modifications. When does a moderate to high degree of risk of oral modifications--or for that matter, undisclosed written modifications-- exist? For individually material transactions, this risk should probably be considered moderate to high whenever the classic red flags of management misrepresentation are present--under emphasis on meeting earnings per share projections, management compensation heavily dependent on earnings, etc. In the current audit environment, auditors should be increasingly alert to facts and circumstances indicating inappropriate revenue recognition policies. A useful audit tool in these circumstances is confirmation of both the terms of the agreements and whether any oral modifications exist.

Nontraditional Media

Confirmation Responses

In some cases, the respondent to a confirmation request may use a nontraditional medium to respond, such as telephone, telex, or facsimile. Use of these media can increase the possibility that confirmation results will be biased because of interception and alteration of the confirmation requests or responses.

Recent litigation and enforcement actions indicate that auditors have indeed been duped by telephone, telex, and facsimile responses. Examples are calls placed through a client's switchboard that were routed to accomplices of management rather than the party requested by the auditor, telexes from a foreign location that lacked the appropriate international symbol and apparently came from the client's management rather than the independent respondent identified.

The proposed SAS notes that "the auditor should consider any special risks that may be associated with such media as electronic inquiries, facsimile responses, or oral confirmations when they are used in the confirmation process" (paragraph 27). The auditor is advised to take precautions to ensure that the response is coming to the auditor directly from the purported sender.

Going Beyond Confirmation

The proposed SAS notes that "in some cases, the evidence provided by confirmations will not be sufficient and additional substantive procedure will be necessary" (paragraph 8). The example used to illustrate this concept is material amounts of inventories held at public warehouses. This example was no doubt chosen because authoritative literature (AU Sec. 331.14) already indicates that confirmation from the custodian alone is not sufficient when inventories represent a significant portion of current or total assets. However, there are other clear examples.

AU Sec. 332.04, on investments, indicates that the existence, ownership and carrying amount of investments in securities should be corroborated "in appropriate circumstances by written confirmation from an independent custodian of securities on deposit, pledged, or in safekeeping." Note that the confirmation is to be obtained from an independent custodian. For example, when the custodian is a related party, confirmation from the custodian is tantamount to a management representation. This would be another circumstance when the evidence provided by confirmation would not be sufficient by itself. In these circumstances, AU Sec. 335.15, on related parties, suggests procedures such as inspecting evidence in possession of the other party to the transaction and reference to financial publications, credit agencies, or other sources to help establish the substance of the other party.

Even when the custodian of securities is purportedly independent, confirmation alone may not be a sufficient procedure. If the investment is material and the custodian is not well known, customary practice is to obtain evidence of the reputation and financial stability of the custodian. Procedures may include obtaining recent audited financial statements, inquiries of credit agencies, checking financial or trade publications, or actually visiting the premises and applying audit procedures, depending on the circumstances.

The customary practice of obtaining evidence of the reputation and financial stability of less well-known custodians brings up my suggestion for improvement in the guidance provided by the proposed SAS.

Obtaining Information About the

Respondent

The proposed SAS acknowledges the importance of information about the confirmation request respondent in the following terms: "The respondent's competence, knowledge, motivation, ability, and willingness to respond, as well as the respondent's objectivity and freedom from bias with respect to the audited entity, all affect the effectiveness of the confirmation process" (paragraph 25).

In spite of the importance of the enumerated factors to the effectiveness of confirmation, the proposed SAS goes on to state: "Normally the auditor is not obligated to search for information relative to these factors." This position is difficult to reconcile with customary practice and the stated stimulus of the project--problems identified in peer review, enforcement actions, and research.

As noted earlier, unless the custodian of securities is widely known to have integrity and financial capability, confirmation alone is not an adequate procedure. Investigation of such a custodian is customary practice. The same is true of the custodian of material inventories in a public warehouse.

The Equity Funding fraud provides a convenient relevant example of the importance of obtaining information about the respondent to a confirmation request. When the auditors requested to confirm $24 million of securities represented as being held in safekeeping by a well-known bank, company personnel involved in the fraud addressed the request to a mail drop set up under a name similar to the bank's. These personnel received the request, signed the confirmation, and returned it to the auditors who accepted it as adequate evidence of the securities' existence.

The AICPA's "Report of the Special Committee on Equity Funding," had the following comment on that aspect of the fraud: "While this point up the need for auditors to ascertain that valid addresses are used, such a step is already a customary and integral part of confirmation procedures." Unfortunately, this customary and integral part of confirmation procedures is not mentioned by the proposed SAS on the confirmation process. It is apparently one of several factors that the proposed SAS takes the position is a matter of awareness rather than investigation. Certainly, this aspect of the guidance should be rectified before the final SAS is issued.

The auditor should consider whether there is sufficient basis for concluding that a confirmation request is being sent to a valid respondent from whom a response will be meaningful and provide competent evidential matter. If there is not a sufficient basis for that conclusion, the confirmation process is useless.