Amy R. Pawlicki is Director – Business Reporting, Assurance & Advisory Services and XBRL for the American Institute of Certified Public Accountants (AICPA). She is responsible for building awareness and understanding among the AICPA membership of XBRL. This is the first part of a two-part interview.
1. Could you provide readers with a general overview of the areas and activities in which the AICPA is currently involved in with respect to XBRL?
We are a member of the XBRL US jurisdiction, and our President and CEO Barry Melancon is Vice Chair of the Board of Directors of XBRL US. I am a member of the XBRL Communications Steering Committee, and our SVP of Member Competency and Development, Arleen Thomas, is a member of the XBRL International, Inc. (XII) Steering Committee and serves as Treasurer of XII. My team and I also staff the AICPA Assurance Services Executive Committee and its various task forces and working groups, which include an XBRL assurance task force that is focused on considering potential services related to the accuracy of XBRL data tagging. This task force recently released a Statement of Position on Performing Agreed-Upon Procedures Engagements That Address the Completeness, Accuracy, or Consistency of XBRL-Tagged Data.
2. Former SEC Chairman Chris Cox once said that requiring assurance for XBRL filings would result in its "crib death", while Dan Roberts, former Director of Assurance at Grant Thornton, wrote the lack of an immediate assurance requirement in the SEC's XBRL mandate "made a mockery of the dream of interactive data."
Do you see merit in both points of view? If Cox and Roberts represent polar opposites on XBRL assurance, where does the AICPA's stance fall?
If there is one thing we’ve learned through the work of the XBRL Assurance Task Force, we’re navigating uncharted waters on this topic, and it is a constant learning process. In the absence of some kind of effort to address the completeness, accuracy, or consistency of XBRL-tagged data, there is no way of knowing that the XBRL-tagged data is an accurate reflection of the underlying, audited financial statements. Given that it is the XBRL-tagged data that will ultimately be consumed by investors, regulators, and other users of information, failure to look at the accuracy of tagging creates both a disconnect and a potential expectation gap between the audited financial statements and the data that is actually being consumed. Alternatives for addressing this issue are articulated in a recently issued Center for Audit Quality Alert entitled Potential Audit Firm Service Implications Raised by the SEC Final Rule on XBRL.
3. What do you hear from the AICPA membership regarding XBRL? How would you describe their general attitude -- "cautiously optimistic," "one more headache I can do without," or "what's XBRL?" How has that opinion changed, if at all, over the past few years?
Thanks in large part to the efforts of past SEC Chairman Cox to support the use of XBRL for enhancing the efficiency and transparency of financial reporting, knowledge of XBRL in the US has increased significantly over the course of the past three years. We have made and continue to make an effort to educate members and the general public on XBRL and how it will impact the practice of both preparers and auditors through articles, whitepapers, conference presentations, workshops, and other channels.
Much of our attention now is on educating our membership and the general public on how XBRL can be leveraged beyond financial reporting to a “broader footprint” for process improvements in reporting in all areas of the private and public sectors and at the local, state, and national levels. It is through adoption of XBRL for this broader footprint that producers and consumers of information will realize the true potential of XBRL for enhancing process efficiency (e.g., by eliminating the unnecessary duplication of efforts that results today from manually providing common data elements to multiple channels) and transparency (e.g., by communicating data in a common format that can be automatically consumed by diverse software platforms).
4. As the AICPA's liaison to the EBRC, you have worked to create a new XBRL taxonomy for the Management Discussion & Analysis. In its Comment to the SEC's proposal, the AICPA expressed the hope that companies would be able to tag their MD&A. Commission staff have indicated, however, that companies will not be able to include the MD&A in their current XBRL filings.
What are your thoughts on that decision? When do you think the SEC will allow, and even require, tagging of the MD&A?
As Bob Laux wrote in the blog posting that you link to in this question:
…the Enhanced Business Reporting Consortium (EBRC) is currently in the process of improving the taxonomy for Management’s Discussion and Analysis (MD&A). The current MD&A taxonomy consists of approximately 70 tags with most of the elements at the same hierarchical level. This required the creation of numerous company-specific extensions to make the taxonomy useful for those companies that tagged their MD&A under the SEC’s Voluntary Filing Program. While the new taxonomy being proposed by the EBRC currently only consists of approximately 140 tags, it has a structure that should significantly simplify the tagging of the information as well as facilitate access for users of this information.
It is my understanding that at least part of the SEC’s decision not to permit companies to include MD&A in their XBRL submissions at this time is based on the fact that, at the time of the final rulemaking, there was no existing taxonomy that had gone through a formal public exposure and review process that would enable meaningful tagging of MD&A (there is an MD&A file listed among the 2009 XBRL taxonomies that was also listed with previous versions of the taxonomies at the SEC website, but it is simply a list of tags that follow the table of contents for MD&A disclosures under Regulation S-K, and tagging at this level would not be useful to consumers of MD&A disclosures).
While a draft of the EBRC MD&A taxonomy was available for public review at the time of the rulemaking, public comment on it was limited by the fact that few companies had attempted to tag MD&A under the SEC’s Voluntary Filing Program. The EBRC MD&A taxonomy was built to take into consideration the needs of the companies that had attempted to tag MD&A under the Voluntary Filing Program. As Bob Laux said in his post, “It is hoped that the financial reporting supply chain will openly collaborate on the proposed taxonomy in order to create more detailed tags so that narrative information can be provided in an interactive data format.” I believe this will naturally occur as more and more companies start tagging their financial statements in XBRL under the SEC Final Rules, and as investors gain access to XBRL-tagged data in a consistent manner and can begin to understand the potential benefits of tagging narrative information such as MD&A.
This belief is supported by the following excerpt from a recent research study made possible by a grant from the FINRA Investor Education Foundation and support from the EBRC entitled Impact of Information Tagging in the MD&A on Investor Decision Making: Implications for XBRL:
This paper investigates how professional and nonprofessional investors use the information contained in the Management’s Discussion and Analysis (MD&A) portion of the corporate annual report in making financial decisions. In studying use of the MD&A, we compare the standard paragraph format used by U.S. public companies to a “tagged” format consistent with eXtensible Business Reporting Language (XBRL)…
…Overall, results are consistent with our expectation that the availability of tagging…facilitates better incorporation of risk information into investors’ mental model of the subject company, for investors who choose to focus on that information. Further, it takes them less time to review that information in the tagged format, which indicates a more efficient decision process. In sum, this study’s results suggest that the tagged MD&A structure results in more effective and efficient incorporation of risk information into financial decision-making.
The EBRC continues to invite interested parties to review the proposed MD&A taxonomy at this website. Follow the instructions for logging in and the MD&A taxonomy will be midway down the navigation tree once you are logged in.
5. In the AICPA whitepaper you authored titled The Shifting Paradigm in Business Reporting and Assurance, you say:
Because information on the Internet, especially the Web, can be easily created and revised without proper authorization, the integrity and authenticity of information lacking independent assurance should be skeptically considered by entities and individuals using XBRL to produce and consume information over the Internet.
Could you discuss the threats and dangers you perceive and what steps you think will be required to ensure that XBRL information on the Internet can be relied upon?
This question is partially answered in my response to Question 2 above as it relates to the accuracy of tagged data. However, as described in your reference to the AICPA Assurance Services Executive Committee whitepaper excerpt above, there is more at play in an electronic environment than just the accuracy of tagging. There are also issues of data security and authenticity.
For example, how do you ensure that an online, electronic auditor’s report with the electronic signature of the firm purported to have conducted the audit is in fact authentic (as opposed to a paper-based original that is physically signed by an authorized representative of the firm and kept in a secure, physical location such as a locked file cabinet)? Some audit firms are monitoring the Web for fraudulent postings bearing their name. New technologies such as digital signatures and other means should be and are being explored by preparers and auditors alike to ensure the authenticity of financial and other business information that is increasingly being made available to, and accessed by, investors and other stakeholders online in an electronic format.
6. Your paper also states:
Moreover, with more disaggregate information being reported [as a result of XBRL], auditing also will shift its emphasis away from verifying the way in which the firm aggregates and condenses its data, towards a broader conceptualization of assurance, particularly data level assurance.”
Are you concerned that asking auditors to not only express an overall opinion on the fairness of financial statements but to assure individual, disaggregated data elements as well places an unrealistic burden on them?
I believe reporting over time will evolve further toward an electronic model where users can define and consume the data elements that are most relevant to them. I have no doubt that audit and assurance models will evolve to address the changing needs and expectations that will come out of the evolution of the financial and business reporting model. The AICPA Assurance Services Executive Committee (ASEC) is committed to assuring the quality, relevance, and usefulness of information or its context for decision makers and other users into the future by (1) identifying and prioritizing emerging trends and market needs for assurance, and (2) developing related assurance methodology guidance and tools as needed. In addition to the ASEC XBRL Assurance task force referenced in my response to Question 1 above, the ASEC has established a Data Integrity task force, which is developing principles and criteria for data integrity to supplement the Trust Services Principles and Criteria that were previously established for system reliability.