International audit experts are reminding auditors to be careful when relying on third-party confirmations to reach audit conclusions, especially given advances in technology that can make them subject to abuse.

The International Auditing and Assurance Standards Board has published a practice alert that covers some of the emerging practices around audit confirmations. The alert points out areas in international auditing standards that are especially relevant as auditors decide when and how to rely on third-party confirmations.

Confirmations are requests by auditors to third parties to verify information contained in a company’s financial statements. Auditors routinely ask banks to verify account balances, for example, or vendors and customers to verify important transactions.

The Public Company Accounting Oversight Board is studying the confirmation process as well and looking for ideas on how it should write a new standard for when and how auditors should rely on them. The PCAOB has published a concept release outlining its concerns and asking for input on how a new standard might address the use of confirmations as part of the audit process.

The IAASB in its practice alert and the PCAOB in its concept release both point out that confirmations can be tricky for auditors when a third party doesn’t respond to a request for information or when the communication is trafficked over a medium that can be manipulated, such as e-mail or facsimile. The boards also note concerns over how auditors should handle restrictions or disclaimers that often are tacked on when third parties respond to confirmation requests.

The IAASB alert reminds auditors to refer to audit standards and exercise plenty of professional skepticism when deciding how much faith to place in a given confirmation. The PCAOB is finished accepting comments on the concept release and is continuing to consider whether to change current standards to change the definition of a confirmation, the requirements around using confirmations, the design of confirmation requests, controls over confirmation and a variety of other issues.