## SA 505: External Confirmation

### Definition

External Confirmation is audit evidence obtained as a direct written response from a third party (the Confirming Party) — in paper form or by electronic medium.

> Key point: The third party responds directly to the auditor, not through the client.

Setup example:

X Ltd (client) → Raju (Debtor) → Balance as on 31.3.2025

Auditor sends request to Raju → Raju replies directly to Auditor.

---

### Types of External Confirmation

Type	Mechanism	Evidence Quality
Positive Confirmation Request	Confirming party responds directly — whether they agree or disagree with the information requested	More persuasive
Negative Confirmation Request	Confirming party responds only if they disagree	Less persuasive

---

### Common Examples of External Confirmations

Bank confirmation of closing balance
Debtor confirming outstanding balance or related information
Stock lying with a third party (e.g., warehouse)
Assets held as security / collateral with a third party

---

### Audit Procedures — Auditor Must Maintain Control Over the Process

(a) Determine the information to be confirmed — key items such as account balances, agreement terms, side agreements, or absence of certain conditions

(b) Select the appropriate confirming party

(c) Design the confirmation request — responses must come directly to the auditor

(d) Send follow-up requests when no response is received

(e) Evaluate audit evidence — assess reliability/relevance or decide on further procedures

---

### Factors to Consider When Designing Confirmation Requests

#	Factor
a	Assertions being addressed (e.g., Existence, Accuracy — higher risk = stronger need for confirmation)
b	Specific identified ROMM, including fraud risks
c	Layout and presentation of the confirmation request
d	Prior experience from this or similar engagements
e	Method of communication (paper or electronic/email)
f	Ability of the intended confirming party to confirm the information
g	Management authorisation or encouragement to the third party to respond

---

### Evaluating Audit Evidence — Category of Results

Result	Implication
Agreement / Information without exception	Reliable, relevant AE obtained ✓
Unreliable Response	Response appears fabricated or intercepted — treat as unreliable
Non-Response	No reply — perform further audit procedures
Response with exception	Discrepancy identified — investigate further

---

### Management Refusal to Allow Confirmation: Steps for the Auditor

(a) Inquire into management's reasons for refusal

Obtain AE about the validity and reasonableness of the refusal

(b) Evaluate implications of the refusal on:

Auditor's assessment of ROMM (including fraud risk)
Nature, timing, and extent of Further Audit Procedures (FAP)

(c) Perform Alternative Audit Procedures (AAP) to obtain reliable, relevant AE

Critical note: If the auditor concludes that:

Management refusal is unreasonable, OR
Reliable, relevant AE cannot be obtained from AAP

→ Communicate to TCWG (per SA 260)

→ Determine impact on auditor's opinion

Examples of AAP:

1. Accounts Receivable — examine subsequent cash receipts, shipping documentation, sales near period-end

2. Accounts Payable — examine subsequent cash payments, Goods Received Notes (GRN)

---

### Negative Confirmation Requests — When Permitted

Negative confirmations provide less persuasive evidence. They may be used only if ALL 4 conditions are satisfied:

1. Assessed ROMM is low AND controls are effective

2. Population consists of numerous, small, homogeneous items

3. A very low exception rate is expected

4. No condition is present that would cause recipients to ignore the request

> Lack of response to a negative confirmation does NOT confirm receipt or accuracy — this is precisely what makes it less reliable.

---

### Positive Confirmation Requests — Risk & Mitigation

Risk: Confirming party may respond without actually verifying the information.

Mitigation: Use a Blank Confirmation Request — the third party fills in the details themselves (rather than confirming pre-filled figures).

Reduces the risk of rubber-stamp confirmations
Trade-off: lower response rate and extra time involved

Worked example

### Example 1

Example 1 — Positive Confirmation:

ABC Ltd's auditor is verifying debtors. Raju owes ₹5 crore as on 31.03.2025. The auditor sends a positive confirmation request directly to Raju. Raju responds directly to the auditor confirming the ₹5 crore balance. This constitutes reliable, relevant audit evidence for the existence and accuracy assertions.

Now suppose Raju does not respond. The auditor must perform alternative procedures (e.g., examine subsequent cash receipts from Raju, check shipping documents for goods dispatched to Raju near year-end).

### Example 2

Example 2 — Management Refusal:

The management of XYZ Ltd refuses to allow the auditor to send confirmation requests to trade debtors, citing 'client confidentiality'. Required steps:

1. Inquire and document management's reasons; evaluate whether the refusal is reasonable.

2. Assess whether refusal increases ROMM (including fraud risk — why would management prevent this?).

3. Perform AAP: examine post-balance-sheet date cash receipts from the debtors, review sales invoices, delivery challans.

4. If AAP also fails to yield sufficient evidence → communicate to TCWG and consider impact on audit opinion (scope limitation → Qualified or Disclaimer).

### Example 3

Example 3 — Negative Confirmation Suitability Check:

An auditor is auditing a retail bank with 50,000 savings accounts, all with balances below ₹10,000, internal controls are strong (low ROMM), and historical exception rate is near zero.

Can negative confirmations be used? Check all 4 conditions:

1. ✓ Low ROMM, controls effective

2. ✓ Numerous, small, homogeneous items

3. ✓ Very low expected exception rate

4. ✓ No reason to believe customers would ignore the request

All 4 satisfied → Negative confirmation requests are permissible here.

### Example 4

Example 4 — Blank vs. Pre-filled Positive Confirmation:

Auditor sends a positive confirmation to Ramu (creditor) with the balance pre-filled as ₹3 lakh. Ramu signs and returns it without checking his own records. This is the risk of a standard positive confirmation.

To mitigate: Send a blank confirmation — ask Ramu to fill in the balance he believes is outstanding. Ramu checks his records and writes ₹3.2 lakh. The ₹20,000 difference is now a audit finding requiring follow-up.

⚠️ Common exam mistakes

Thinking negative confirmation is 'better' because there is no response burden — it is actually less persuasive than positive confirmation.
Forgetting that all 4 conditions must be satisfied simultaneously to use negative confirmation; satisfying just 2 or 3 is insufficient.
Confusing 'blank confirmation request' (third party fills details) with a standard positive confirmation (pre-filled, third party agrees/disagrees).
Assuming that when management refuses confirmation requests, the auditor simply moves on — the auditor must follow a specific 3-step process and may need to communicate to TCWG.
Overlooking that a non-response to a negative confirmation does NOT mean the information is correct — absence of response ≠ confirmation.
Forgetting that the auditor must maintain control over the entire confirmation process — requests should not be sent through the client.
Mixing up the two routes post-management refusal: unreasonable refusal / failure of AAP → TCWG communication + opinion impact (not just a modified procedure).

Bare-Act text Definition — External Confirmation · SA 505 · click to expand

External confirmation means audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), in paper form, or by electronic or other medium.

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →

SA 505 – External Confirmation

Worked example

⚠️ Common exam mistakes