Learn how Confirmation.com complies with each of the governing bodies.
Orientações | How Confirmation.com complies |
Confirmações externas .A18Uma confirmação externa representa provas de auditorias obtidas pelo auditor como uma resposta direta por escrito ao auditor de um terceiro (a entidade confirmante) em cópia física, eletrônica ou outro meio. |
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. |
Reliability .A32 While recognizing that exceptions may exist, the following generalizations about the reliability of audit evidence may be useful:
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. |
Orientações | How Confirmation.com complies |
Como escolher uma entidade confirmante adequada .A3 Responses to confirmation requests provide more relevant and reliable audit evidence when confirmation requests are sent to a confirming party who the auditor believes is knowledgeable about the information to be confirmed. |
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. |
Reliability of Responses to Confirmation Requests .A15 An electronic confirmation system or process that creates a secure confirmation environment may mitigate the risks of interception or alteration. Creating a secure confirmation environment depends on the process or mechanism used by the auditor and the respondent to minimize the possibility that the results will be compromised because of interception or alteration of the confirmation. |
Uses the highest level of security to ensure privacy and data integrity. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. |
Orientações | How Confirmation.com complies |
.19 If the auditor is satisfied that the electronic confirmation process is secure and properly controlled, and the confirmation is directly from a third party who is a bona fide authorized respondent, electronic confirmations may be considered as sufficient, valid confirmation responses. | Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. Uses the highest level of security to ensure privacy and data integrity. Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. |
Orientações | How Confirmation.com complies |
Respondent .27 The auditor should consider whether there is sufficient basis for concluding that the confirmation request is being sent to a respondent from whom the auditor can expect the response will provide meaningful and appropriate audit evidence. |
Confirmation.com uses a unique authentication and authorization process to verify the authenticity of each user. By sending a request to a validated responder, you eliminate the burden of having to verify the identity of the respondent and whether or not they are authorized to respond. |
Performing Confirmation Procedures .29 During the performance of confirmation procedures, the auditor should maintain control over the confirmation requests and responses. Maintaining control means establishing direct communication between the intended recipient and the auditor to minimize the possibility that the results will be biased because the interception and alteration of the confirmation requests or responses. |
Uses the highest level of security to ensure privacy and data integrity. Allows an auditor to send audit confirmation requests directly to the intended responder. Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. |
Orientações | How Confirmation.com complies |
Evidências de auditorias .08 Audit evidence is more reliable when it is obtained from knowledgeable independent sources outside the entity. |
Undergoes SOC 1, SOC 2 and SOC 3 examinations every six months, and has received an ISO 27001 certification of its Confirmation.com service. |
Orientações | How Confirmation.com complies |
Par. 6(a) Definição: confirmação externa Provas de auditoria obtidas como uma resposta direta por escrito ao auditor de uma entidade externa (a entidade confirmante), em cópia física, eletrônica ou por outro meio. |
Confirmation.com enables auditors to receive audit confirmations electronically. Responses are prepared by authorized bank officials based on the auditor's request. Use of Confirmation.com meets the requirements of an ‘External Confirmation’. |
Par. 7 Manter o controle Ao usar procedimentos de confirmação externos, o auditor deve manter o controle sobre as solicitações de confirmações externas. |
Os auditores mantêm um controle total sobre o processo, incluindo a configuração do cliente e da conta, a solicitação de autorização do cliente e o envio e recebimento de confirmações. |
A2 Selecting the appropriate confirming party As respostas às solicitações de confirmação fornecem provas de auditoria mais relevantes e confiáveis quando as solicitações de confirmação são enviadas a uma entidade confirmante que o auditor acredita ter conhecimento sobre as informações a serem confirmadas. Por exemplo, um funcionário de uma instituição financeira com conhecimento sobre as transações ou acordos para os quais a confirmação é solicitada pode ser a pessoa mais apropriada na instituição financeira para atender à solicitação de confirmação. |
Participating banks have strict user access controls and monitoring procedures in place to ensure that only authorized bank officials respond to audit requests through Confirmation.com. |
A6 Validando endereços Para que as solicitações sejam endereçadas corretamente, é necessário testar a validade de alguns ou de todos os endereços presentes nas solicitações de confirmação antes de serem enviadas. |
We validate all entities participating in the Confirmation.com network. The controls surrounding this process are included in our SOC 1 report that is issued every six months as part of our controls audit. By relying on our validation procedures, you avoid the need to perform your own validation procedures. |
A12 Respostas eletrônicas Respostas recebidas eletronicamente, por exemplo, por fax ou correio eletrônico, envolvem riscos quanto à confiabilidade, pois pode ser difícil estabelecer uma prova de origem e de autoridade do correspondente, e pode ser difícil detectar alterações. Um processo usado pelo auditor e pelo correspondente que crie um ambiente seguro para as respostas recebidas eletronicamente pode reduzir esses riscos. Se o auditor souber que esse processo é seguro e devidamente controlado, a confiabilidade das respostas relacionadas aumentará. Um processo de confirmação eletrônica pode incorporar diversas técnicas para validar a identidade de um remetente de informações em formato eletrônico, por exemplo, por meio do uso da criptografia, assinaturas digitais eletrônicas e procedimentos para verificar a autenticidade do site. |
Confirmation.com's operates industry-leading information security and data privacy practices. We have procedures and controls in place to ensure the integrity, confidentiality and accessibility of data. We undergo third-party audits to demonstrate the effectiveness of our controls:
A13 Envolvimento de terceiros Se uma entidade confirmante usar uma entidade externa para coordenar e fornecer respostas a solicitações de confirmação, o auditor pode executar procedimentos para administrar os riscos de que: (a) a resposta pode não vir da fonte apropriada; (b) o correspondente talvez não tenha a autorização para responder; e (c) a integridade da transmissão pode ter sido comprometida. |
Confirmation.com's control environment ensures that user access if controlled and monitored at the banks, and that transmission of data is secure and maintains integrity. Our controls reports outlined above demonstrate the effectiveness of these procedures. |
Par. 12 Não respondidas No caso de cada não resposta, o auditor deve executar procedimentos de auditoria alternativos para obter provas de auditoria relevantes e confiáveis. |
Confirmation.com guarantees responses for In-Network confirmations, avoiding the need for alternative procedures. |
Auditors send millions of requests worldwide to their clients' banks, law firms and suppliers. Online confirmations make this process simple.