## External Confirmations — SA 505

### What Is an External Confirmation?

External confirmation is audit evidence obtained as a direct written response to the auditor from a third party (the confirming party), in paper or electronic form.

It is a key procedure for confirming trade receivables, trade payables, bank balances, loans, and other balances.

---

### Types of Confirmation Requests

#### 1. Positive Confirmation Request

> A request that the confirming party respond directly to the auditor whether or not they agree with the information in the request, or providing the requested information.

Silence = problem: Non-response must be followed up.
More persuasive audit evidence.
Used when individual balances are large, the risk of misstatement is higher, or there is reason to doubt internal evidence.

Two sub-types of positive confirmation:

Blank positive — the auditor asks the party to fill in the balance (more rigorous; no anchoring bias)
Non-blank positive — the auditor states the balance and asks the party to confirm or dispute

#### 2. Negative Confirmation Request

> A request that the confirming party respond only if they disagree with the information in the request.

Silence = presumed agreement (but this presumption is weak — party may not have received the request)
Less persuasive audit evidence than positive confirmations
Used when risk is low and balances are numerous and small

---

### Conditions to Use Negative Confirmation as the SOLE Substantive Procedure

All four conditions must be present simultaneously:

#	Condition
1	Assessed risk of material misstatement at assertion level is low, and sufficient appropriate evidence on operating effectiveness of controls has been obtained
2	Population consists of a large number of small, homogeneous balances/transactions
3	A very low exception rate is expected
4	Auditor is not aware of circumstances that would cause recipients to disregard such requests

> Memory aid for 4 conditions: L-H-E-D (Low risk, Homogeneous/large population, Expected low exceptions, Disregard risk absent)

---

### Exception in Confirmation Responses

Exception = A response that indicates a difference between:

The information in the entity's records / the amount requested to be confirmed, AND
The information provided by the confirming party

When an exception is received:

1. Investigate and understand the reason for the difference (timing, errors, disputes)

2. Ask management to reconcile the discrepancy

3. Assess whether the exception indicates a wider population-level misstatement

4. Determine whether further audit procedures are needed (per SA 330)

---

### When Management Refuses to Allow Confirmation Requests

If management refuses to permit the auditor to send external confirmation requests:

The auditor must inquire into management's reasons and seek evidence on their validity.
The auditor must evaluate the implications for risk assessment and other procedures.
The auditor must perform alternative procedures to obtain sufficient appropriate evidence.
If the auditor concludes the refusal is unreasonable or cannot obtain sufficient evidence, the auditor must communicate with those charged with governance and consider the impact on the audit report.

Worked example

### Example 1

Q (MD3 – 3 Marks): Auditor of FD Limited sent a confirmation letter to a trade receivable asking them to respond whether or not they agree with ₹4,25,000 outstanding. The trade receivable responded that per their books the amount payable is ₹4,20,000. Identify the type of confirmation and the auditor's course of action.

Type of Confirmation: This is a Positive Confirmation Request — because the auditor requested the party to respond whether or not they agree with the amount. The party was required to respond either way.

Situation: The response reveals an Exception — there is a difference between:

Entity's records: ₹4,25,000
Confirming party's records: ₹4,20,000

(Difference: ₹5,000)

Course of Action:

1. Assess the exception to understand the reason (timing difference? billing dispute? error in entity's books?).

2. Request management to investigate and reconcile the discrepancy.

3. Assess the impact on the overall population — does this ₹5,000 difference indicate a systemic issue with receivables?

4. Evaluate whether the exception, together with other audit procedures (per SA 330), means further audit procedures are needed to obtain sufficient appropriate evidence.

### Example 2

Q (MD4 – 5 Marks): CA X wants to use negative confirmation requests as the sole substantive procedure for accounts payable. What conditions must be met? CA X claims negative confirmations provide the same level of persuasive evidence as positive confirmations — do you agree?

Conditions to use negative confirmation as sole procedure (all four must be present):

(i) Assessed risk of material misstatement is low AND sufficient appropriate evidence on operating effectiveness of relevant controls has been obtained.

(ii) Population comprises a large number of small, homogeneous account balances or transactions.

(iii) A very low exception rate is expected.

(iv) Auditor is not aware of circumstances that would cause recipients to disregard such requests.

Is CA X correct that negative = positive in persuasiveness?

No, CA X is incorrect.

The failure to receive a response to a negative confirmation request does not explicitly indicate:

That the intended party actually received the request, OR
That the party verified the accuracy of the information.

A non-response to a negative confirmation provides significantly less persuasive audit evidence than a response to a positive confirmation request. SA 505 explicitly recognises this difference. Therefore, negative confirmations can only serve as a sole procedure under the four restrictive conditions listed above.

⚠️ Common exam mistakes

Confusing positive and negative confirmations — key difference: positive requires response regardless of agreement; negative only requires response on disagreement
Stating that silence on a negative confirmation is 'confirmation of agreement' — the standard says it provides significantly less persuasive evidence because silence may mean the party didn't receive or didn't read the request
Not knowing all four conditions that must ALL be present for negative confirmation as sole procedure — missing even one condition invalidates the approach
Handling exceptions only at the item level — the auditor must assess exceptions at the population level to determine if further procedures are needed
Not linking management refusal to send confirmations to increased risk assessment and the obligation to perform alternative procedures

Bare-Act text Negative Confirmation Requests · SA 505 — External Confirmations (ICAI) · click to expand

The auditor shall not use negative confirmation requests as the sole substantive audit procedure to address an assessed risk of material misstatement at the assertion level unless all of the following are present: (i) the auditor has assessed the risk of material misstatement as low and has obtained sufficient appropriate audit evidence regarding the operating effectiveness of controls relevant to the assertion; (ii) the population of items subject to negative confirmation procedures comprises a large number of small, homogeneous, account balances, transactions or conditions; (iii) a very low exception rate is expected; and (iv) the auditor is not aware of circumstances or conditions that would cause recipients of negative confirmation requests to disregard such requests.

Now that you've read this — what's next?

Move from understanding → mastery in 3 clicks. Each option below picks up from this lesson's topic.

🔥 Drill 5 Qs on this → ✍️ Adaptive practice →

External Confirmations — Positive vs Negative (SA 505)

Worked example

⚠️ Common exam mistakes