Over the past few years, we’ve heard from practitioners about their difficulties in obtaining details for loans and facility agreements on bank confirmations. A common concern is that bank confirmation request forms are frequently filled out in a perfunctory manner and do not include all the required information, particularly with respect to deposits/overdrafts.
Recently, we heard that some auditors are requiring clients to request their banks to provide copies of the most recent credit facility agreements to the auditor on every single audit. It’s our understanding of the standards that auditors would not need to do this in every case, only when they had identified a specific risk. Auditors should be assessing whether this procedure truly is necessary or whether a copy received from the client is sufficient.
Practitioners are frustrated that banks have become restricted in providing information to auditors with the introduction of privacy legislations in the early 2000s. This is because providing certain personal information to the auditor about a client could be contrary to the law. Initials on a bank confirmation form might not be sufficient evidence of consent for this purpose.
Accordingly, if an auditor believes that a direct confirmation from the bank is required and the bank is unable to provide it for privacy reasons, one suggestion is that the auditor work with the bank and the client together to determine what consents are required in order for the bank to release the information.
It’s now recognized that bank confirmations are often not reliably completed by the bank and auditors are advised to consider alternative procedures where they have identified risks in this area.