Written by Daniel Roberts Posted on October 2, 2008
Daniel Roberts is the former Chairman, XBRL-US Steering Committee, and member of the AICPA and XBRL International working groups on assurance over XBRL. He is the former National Director of Assurance Innovation for a Global 6 accounting firm. Mr. Roberts can be reached by email.
This is the second installment of a two-part article; the first part was published last week.
Role of the Audit
What is the role and purpose of the audit? Simply put, to provide an independent opinion on the financial statements as provided by a company. Note that this includes both publicly-held and privately-held companies, as audits are performed on the financial statements of privately-held companies to be provided to their financial institutions.
The audit provides comfort to the regulator and investor that the financial statements, when taken as a whole (an important concept that we'll come back to), provide a fair and accurate representation on the state of the business. Various regulators require audits of companies’ financial statements, and banking institutions require audited financial statements from their nonpublic clients.
To the reporting company, the audit itself is overhead of the purest type. It is a cost of doing business that cannot be avoided, and with Sarbanes-Oxley, it can no longer be offset by financial benefits identified by the auditor while performing related or even unrelated engagements. This naturally creates conflict between the company purchasing audit services (and what they are willing to pay) and the extent of work that the auditor feels compelled to perform in order to provide the audit opinion.
The client wants to keep audit fees to an absolute minimum; however, they also want to ensure that adequate work was performed to enable them to sign their SOX declarations with confidence. Let’s go to the courtroom. The discomfited CFO is in the witness box: "Can you please explain to the court why you thought it would be acceptable to only have assurance on the printable version of the accounts, but not on the version that is actually used by investors? What were you trying to hide?"
With this picture firmly in mind, while they will not want to see any increases in their audit fee, it is pretty clear that CFOs will either agree to inclusion of the XBRL in the audit scope or they will ask for the XBRL submissions to be included in the scope of the audit. Clients and auditors will decide that there is too much risk in providing unaudited XBRL to the SEC, regardless of the SEC's currently not requiring such an audit.
The SEC's Game
The SEC does not want to state categorically that XBRL data is subject to a requirement for assurance. They have gone so far to as to recommend that the XBRL that is required to be provided by companies will actually be treated as "furnished," as is currently the case with the Voluntary Filing Program (VFP).
The SEC's Proposed Rule on interactive data (XBRL), page 63, states:
We expect that each filer would be in the best position to determine the appropriate manner in which to assure the accuracy of the interactive data it would be required to submit and the viewable interactive data that would result. We also expect that software providers and other private sector third parties would help develop procedures and tools to help in that regard. As an adjunct to those private sector efforts, we plan to make available to filers, on an optional basis, the opportunity to help assure accuracy by making a test submission with the Commission or using software we provide to create viewable interactive data.
Basically, the SEC is saying that it is up to the filer to determine the level of assurance that they require, thus being able to say to the markets that XBRL does not require assurance; therefore, the unknown expenses associated with an audit are not the responsibility of the SEC to estimate.
What Assurance Might Look Like
I don’t represent any accounting or auditing firm, but I did spend four years as an active member of the AICPA and XBRL International working groups on assurance and XBRL. Contributing to these discussions and the outputs of these two groups leads me to the following thoughts.
Auditors will include the XBRL instance documents that will be provided to the SEC as part of their audit scope. They will, for the first year or two, struggle with the concept of materiality. What is material in the XBRL world? The mistagging of a piece of information might be material if it influences the analysis of reported information.
Companies should expect the auditor to begin by including the processes that exist to create the XBRL version of the financial statements (and footnotes) as part of the SOX 404 internal controls review. This should be an insignificant addition to the overall audit.
With regard to the stability of the XBRL mapping, there is an assumption today that -- once a company has created a template for tagging their financial statements (having mapped all financial statement line items to their respective XBRL elements) -- there should be few changes to the tagging in future periods. However, a company may choose to change their tagging; as such, a change of tagging between periods, while it may be perfectly accurate XBRL, may raise auditor flags, and therefore become "material."
So, should the auditor look at every financial statement element and confirm the choice of XBRL taxonomy element? Well, if every line item on a financial statement was checked to source, this would impose a significant burden on the auditor and company. Would any change to the default XBRL element labels to reflect the actual labels or line item titles used by the filer constitute a material change worthy of review? Will all changes to the presentation order or calculations be considered “material”?
There will be many different answers, and we should expect to see auditors determining how they will perform their sampling of which elements they will review in detail. As a rule of thumb, companies should expect that all company-specific extension elements will be treated as material, and the requirement for the extension will need to be documented by the company. Discussions within the various XBRL assurance working groups seemed to arrive at a consensus that where a company creates an extension element instead of using an existing taxonomy element that represents the same accounting principle, such extension elements would "cause a problem for the auditor" and may impact the auditor’s willingness to provide a clean opinion.
Auditing of XBRL will happen, and companies should take the opportunity presented by the lead-in time before XBRL is mandatory to ensure that their assurance provider is as ready as they will need to be.
So what should companies do? First, they should ask their auditors early in the process to explain exactly how they will be including XBRL in their audit, and the expected impact that this will have on overall audit cost and activity. Then, they should ensure that the auditor is able to clearly provide them with a list of all information that will be required to make the audit of the XBRL as smooth as possible. The only caveat is that the auditor cannot participate in any of the XBRL creation or tagging choices made by the company.
Auditing of XBRL will happen, and companies should take the opportunity presented by the lead-in time before XBRL is mandatory to ensure that their assurance provider is as ready as they will need to be.
Leave a comment