1 / 47

Issues with the Communication and Integrity of Audit Reports when Financial Reporting Shifts to an Information-Centric P

Issues with the Communication and Integrity of Audit Reports when Financial Reporting Shifts to an Information-Centric Paradigm. Eric E. Cohen PwC Roger Debreceny University of Hawai’i at Mānoa Stephanie Farewell University of Arkansas at Little Rock Saeed Roohani Bryant University.

malini
Download Presentation

Issues with the Communication and Integrity of Audit Reports when Financial Reporting Shifts to an Information-Centric P

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Issues with the Communication and Integrity of Audit Reports when Financial Reporting Shifts to an Information-Centric Paradigm Eric E. Cohen PwC Roger Debreceny University of Hawai’i at Mānoa Stephanie Farewell University of Arkansas at Little Rock SaeedRoohani Bryant University

  2. Setting the Stage • This is a non-theoretical paper. There are no hypotheses. • We are interested in providing a discussion of a potential problem and moving towards a solution. • Should we be proactive or reactive? • Who thinks all managers are honest in financial reporting? • Who knows the movie Rogue Trader? • What did Nick Leeson do when the auditors wanted a non-existent client confirmation? • Does electronic communication of financial information change the risk of deception? • The problems discussed pre-date XBRL. • The issue does not depend on whether we are discussing assurance on the XBRL process or providing an XBRL tagged audit report. • If we can ensure the integrity and security of the instance document and the assurance report we can improve the consumption of financial information.

  3. Motivation • The technology for communicating financial information has moved forward but critical tangential issues remain with regard to the communication of assurance. • The issues need to be resolved soon because of international demands for XBRL assurance.

  4. Outline • Communicating Assurance on XBRL instance documents • Background • Historical Examples • Potential Alternatives • Associating and Securing the assurance to the instance document • Implication of inline XBRL

  5. Q: When Is a … … door not a door? A: When it’s ajar. … Financial Statement not a document? A: When it’s digital. http://pcaobus.org/Standards/Auditing/Pages/AU9550.aspx

  6. E-Reporting and the Auditor In March 1997[1], the AITF issued its interpretation of AU 550 in the Journal of Accountancy, stating 'that electronic sites (including Internet sites) are a means of distributing information and are not "documents" as that term is used in SAS No. 8. Thus, auditors do not have an obligation pursuant to SAS No. 8, to read information in electronic sites or to consider the consistency of other information included in electronic sites with the original documents.'[1] http://www.aicpa.org/members/div/auditstd/opinion/apr97_3.htm The interpretation is TO THIS DAY a PCAOB interim standard http://pcaobus.org/Standards/Auditing/Pages/AU9550.aspx 1997, 2001

  7. The chair of that committee, John L. Archambault, reported on its deliberations in CPA Journal, November 1999 Issue 1: What was the basis for the conclusion reached in Interpretation #4 to SAS No. 8, Other Information in Electronic Sites Containing Audited Financial Statements? Discussion: On a given website, there may be noclear boundariesbetween the audited financial statements and other financial or nonfinancial information. Not only can a website include a substantial amount of information generated by the company (i.e., about products, employment, and nonfinancial data) but, through hyperlinks, it can also include information from outside sources. This information may also be continuously changing. It is not only impractical, but almost impossible for an auditor to access all of the information that is on or linked to a client's website. This is analogous to the auditor attempting to access all of the client's internal information, reports, or documents and all external information about the client from other sources. Thus, under SAS No. 8, a website is not considered to be a "document" as that term is used in AU section 550, and an auditor is not required to read the information on a website or to consider whether it is consistent with information in original documents. 1999

  8. SEC: Auditor Involvement in XBRL • Although Rule 405 as adopted does not include a requirement that auditors’ reports be tagged, the rules do not prohibit issuers from indicating in the financial statements (such as in a footnote) the degree of auditor involvement in the tagging process. Accordingly, we believe that an issuer can make clear the level of auditor involvement or lack thereof in the creation of the interactive data exhibit. • We note that issuers can obtain third-party assurance under the PCAOB Interim Attestation Standard—AT sec. 101, Attest Engagements on interactive data, and can start and stop obtaining assurance whenever they choose.

  9. How do we communicate assurance?

  10. Document Level Assurance Report on Client Website

  11. Historical Examples of Communicating XBRL Assurance • BDO Spain and Software AG Spain • PwC and UTC, WR Grace under SEC VFP • Deloitte NL and EY NL auditor report with hash total • Deloitte NL/EY NL and EY NL/BDO NL with digital signature • Just released Deloitte NL on EY NL uses a detached digital signature

  12. W. R. Grace under PCAOB Staff Q&A Is the auditor associated with this set of XBRL documents? Have they provided an auditor’s report? http://sec.gov/Archives/edgar/data/1045309/000110465907086296/0001104659-07-086296-index.htm

  13. Display on EY NL Web Site http://www.ey.com/NL/nl/About-us/XBRL-financial-statements-and-sustainability-information

  14. BDO Assurance Report

  15. Display on Deloitte NL Web Site http://2011-2012.deloitteannualreport.nl/xbrl/

  16. EY Report on Deloitte NL’s Financials

  17. Breaking News 2013 Reports Just In

  18. Attempt to Verify Signature on Filing

  19. Content on Web Site Includes XBRL reporting

  20. Drill Down Into XBRL

  21. Download “Report” Files XBRL Instance Document XML Signature on XBRL Instance Document

  22. Store Files

  23. XBRL Document Is Clean, Valid

  24. Signature Detached

  25. Attached or Detached Signature? 2012: “Attached” 2013: Detached There is no “physical” link from the instance Separation between responsibilities of management and auditor is maintain One detached signature can reference numerous external files (instance, schema, linkbases, auditor’s report) granularly (XML) or as a whole (XML, PDF, etc.) • Attached • Good news: • You know It has been signed • “Bad” news: • Enveloping: instance content is untouched but must be unwound from signature before using; can be used for multiple files (instance plus other files) • Enveloped: Instance is changed, still must be unwound before validating or using. • Question on separation of responsibilities, physical file “ownership”

  26. Altova XML Verification

  27. Problems with XML Spy Validation

  28. Guidance on EY Web Site • “Our auditors have used digital signing software to sign the instance documents for identification purposes, creating detached XML - Digital Signature (XML DSign) files. With for example DigiSeal Reader the integrity of the instance documents can be validated by verifying the digital signature files in combination with the XBRL instance documents. Due of technical limitations of the current version of DigiSeal Reader the verification cannot be performed online. Instead users have to install the certificate provided by our auditor into the directory C:\ProgramData\digisealreader\certificates\issuer_certificates.”

  29. If You Don’t Follow the Guidance

  30. If You Don’t Follow the Guidance

  31. If You Think You Followed the Guidance, But Didn’t Unzip the Certificate

  32. If You Unzip the File

  33. Signature approach • No association of assurance report with signature • EY digitally signs a copy of the instance, provides the signed copy as S/MIME file • http://2011-2012.deloitteannualreport.nl/fbcontent.ashx/downloads/2011-2012/Deloitte_NL_annual_report_2012.xbrl.p7m • DELOITTE (the Reporter, not the auditor) links to a tool consumers may use to check the signature

  34. Communication Alternatives

  35. Document Level Assurance Report: Document Level Assurance Report on Client and Auditor Website

  36. Document Level Assurance Report: XLink Identification of Covered Facts

  37. Securing Assurance Reports

  38. Document Level Assurance Report: XLinkIdentification of Covered Facts

  39. Document Level Assurance Report XLinkIdentification of Covered Facts

  40. Item Level Assurance Report XLinkIdentification of Covered Facts Quasi- or Real-time Management Context

  41. Inline XBRL Changes the game but doesn’t eliminate the problems

  42. We have audited the financial statements of ABC BERHAD, which comprise the balance sheets as at 30 June 2009 of the Group and of the Company, and the income statements, statement of changes in equity and cash flow statements of the Group and of the Company for the year then ended, and a summary of significant accounting policies and other explanatory notes, as set out on Pages XX to XX. • Directors’ Responsibility for the Financial Statements  • The Directors of the Company are responsible for the preparation and fair presentation of these financial statements in accordance with Financial Reporting Standards and the Companies Act, 1965 in Malaysia. This responsibility includes: designing, implementing and maintaining internal control relevant to the preparation and fair presentation of financial statements that are free from material misstatement, whether due to fraud or error; selecting and applying appropriate accounting policies; and making accounting estimates that are reasonable in the circumstances. • Auditors’ Responsibility • Our responsibility is to express an opinion on these financial statements based on our audit. Except as described in the Basis for Qualified Opinion paragraph below, we conducted our audit in accordance with approved standards on auditing in Malaysia. Those standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance whether the financial statements are free from material misstatement. An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures selected depend on our judgment, including the assessment of risks of material misstatement of the financial statements, whether due to fraud or error. In making those risk assessments, we consider internal control relevant to the Company’s preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Company’s internal control. An audit also includes evaluating the appropriateness of accounting policies used and the reasonableness of accounting estimates made by the directors, as well as evaluating the overall presentation of the financial statements. • We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion. Qualified Opinion  In our opinion, except for the effects of the adjustments on the financial statements, if any, as mentioned in the preceding paragraph, the financial statements have been properly drawn up in accordance with Financial Reporting Standards and the Companies Act, 1965 in Malaysia so as to give a true and fair view of the financial position of the Group and of the Company as at 30 June 2009 and of their financial performance and the cash flows for the financial year then ended. Qualified Opinion  In our opinion, except for the effects of the adjustments on the financial statements, if any, as mentioned in the preceeding paragraph, the financial statements have been properly drawn up in accordance with Financial Reporting Standards and the Companies Act, 1965 in Malaysia so as to give a true and fair view of the financial position of the Group and of the Company as at 30 June 2009 and of their financial performance and the cash flows for the financial year then ended.

  43. Take-aways • It’s an old issue that is finally at fruition: what is the risk to the profession if we don’t get it right • XBRL exacerbated the problem but can help resolve it • Solving the problem enhances the consumption and reliability of financial information across multiple constituents

  44. Conclusions • Need for formal evaluation • Need for market discussion and collaboration • Need for prototypes • Need for technical, legal and professional guidance and change • Evolutionary process

  45. Questions? • Contact author: • roger@debreceny.com

More Related