xbrl and continuous auditing/assurance the third continuous reporting and auditing conference eric...
Post on 19-Dec-2015
220 views
TRANSCRIPT
XBRL and Continuous Auditing/Assurance
The Third Continuous Reporting and Auditing ConferenceEric E. Cohen, CPA
PricewaterhouseCoopers LLP.1 June 2001, Newark, New Jersey, USA
Requirements for CA
Reliable Communication
Links
Auditor Proficiency
Automated Audit
Procedures
Timely Audit Reports
Reliable Systems
Subject Matter
CICA /AICPA Research Study on Continuous Auditing
<sales>1000</sales>
Manual compilation of dataAutomated link
Nature of Reliable SystemsReliable systems
provide ths subjectmatter
Paper documents,mail, fax, verbal
Electronicdocuments:
EDI, XML
Codedfor entry
Entry into systems
AccountingSystem
Edocuments rely onmapping and setup files for
interpretation and entry;users generally canmanually override
distributions as necessary.
Manual documents requirecoding decisions or defaultsdriven by information from
master files; by customer, byvendor, by item, sales
person, product line, orcombination of items.
Reliable systemsprovide ths subject
matter
<sales>1,000,000</sales>
User finds XBRL information on theweb in HTML or XML format. Is the
information usable and reliable?
User Discovers Information
Subject matter hassuitable
characteristics
Is Information In Context?
<sales>1,000,000</sales>
Is all of the accompanyingcontextual information
available? Is other informationdirectly related to this face
available?
Discover item
User finds XBRL information on theweb in HTML or XML format. Is the
information usable and reliable?
Reporting entity, reporting period, source of assurance,work performed, qualified? Is tag known, appropriate to
industry, company?
Subject matter hassuitable
characteristics
<sales>1,000,000</sales>
Is all of the accompanyingcontextual information
available? Is other informationdirectly related to this face
available?
Discover item
Yes
Is the number or fact traceableto/ actually that represented/
reported by the company?
Can context be derivedaccurately from surroundinginformation or be obtained
through alternate resources?
No
Reporting entity, reporting period, source of assurance,work performed, qualified? Is tag known, appropriate to
industry, company?
Is Context Derivable?
Subject matter hassuitable
characteristics
Is all of the accompanyingcontextual information
available? Is other informationdirectly related to this face
available?
Yes
Is the number or fact traceableto/ actually that represented/
reported by the company?
Can context be derivedaccurately from surroundinginformation or be obtained
through alternate resources?
No
Yes
Proceed at own risk?
No
Method: repository look-up? Need tounderstand level of assurance orrisk attached to using information
from this repository.
Is Original Company the Source?
Highly automatedaudit procedures
can provide most ofthe audit evidence
Is the number or fact traceableto/ actually that represented/
reported by the company?
Is third party assurance givenon this collection of facts
(document) and this particularfact (data)?
Yes
Proceed at own risk?Are differences due to
explainable adjustments byreliable third party?
No No
Yes
Method: repository look-up? Need tounderstand level of assurance orrisk attached to using information
from this repository.
Method: digital signatures,reliable third party lookup
e.g., analyst may make adjustmentsso data is expressed more consistent
Reconciliation and AssuranceHigh degree of
auditor proficiencyin IT & auditedsubject matter
Is third party assurance givenon this collection of facts
(document) and this particularfact (data)?
Are there issues with the thirdparty assurance?
No
Proceed at own risk?
Is some other independent, thirdparty proof available?
No
Yes
No
Use information with good idea ofrisk involved.
No
Method: digital signatures,reliable third party lookup
Source of attestation not a trusted partyor considered "as reliable" as others,
qualified opinions, discovery of auditorchange during process, level/degree/
amount of assurance
Are theyresolvable?
Yes
Yes
Nohow does this data assurancerelate to the assurance on the
overall company position?
Resolution and Determination of RiskHigh degree of
auditor proficiencyin IT & auditedsubject matter
XBRL: Facilitator for CA
Subject matter hassuitable
characteristics
Timely availability ofand control overauditor's reports
Reliable systemsprovide ths subject
matter
High degree ofauditor proficiency
in IT & auditedsubject matter
Highly automatedaudit procedures
can provide most ofthe audit evidence
Reliable means ofobtaining results ofaudit procedures on
a timely basis
•Value of a standard•Built into applications for better integration•Built into audit tools for testing and communications•Setup, changeovers eased•(Human) communications and expectation setter
Business Facts and Accounting
• Business events (sale, cash receipt)• ebXML space
– Interpretation of events (mapping to accounts)– Accomplished now through Setup or Master files
• Results of interpretation (entry of account-oriented info)
• XBRL GL space
– Summarization of events (detail to summary)– XBRL for XYZ reporting space
» Presentation of interpretation of events (print/view/export summary)
» XBRL for XYZ reporting space
Foundation Facts• Facts enter financial systems through journal entries
or postings from subsidiary journals– Account, amount, date = Atomic entry– Related atomic entries match a journal header– Related journal headers match a source wrapper
• Relationship to reporting– bottom up (atom relates to taxonomies and elements)
or – top down (this report uses these atomic classifications)
• XBRL GL– Reporting neutral– “Fact gatherer”
Information about related journal
headers
Journal Header
Journal Detail
Groupings of journal detai ls
(e)Business and Accounting
VENDOR BUYER
Sale &delivery
AR of order BooksDeliveryBooks
Order
BooksInventory
Books
BillingInvoiceBooks
InvoiceBooks
Transferof funds
BooksCredit noteBooks
Debit noteBooks
a r c h i v i n g
ControlCircularizationControlBooksFinancial statements
CircularizationControlBooks
Financial statements
PaymentPayment documentBooksBank deposit
Payment documentBooks
Pre-saleOffer
QuotationRequest for quotations
Source - Michel Lesourd - UN-EWG Paris - 03-00
Purchase& delivery
Billing
Transferof funds
Control
Payment
Pre-purchase
Mirror Image
General Ledger
• Bridge between EDI and XBRL Reporting• Foundational repository for Foundational Facts• Hub between Financial reporting, Tax and all others• Enabler of outsourcing/ASP
– Provides means to extract or download GL information from outsource ASP in reusable, standardized format
– Insurance for ASP failure, problems, dissatisfaction– Information available at any time, from anywhere, for
anyone responsible with rights to access it– Facilitates
• Consolidations and other interoperability issues• Migration between systems
Chart of AccountsAccounting
Periods
Budgetsversions years
Comparativesyears
Journal Entries
Standard, repeating, recurring journals
Sourcejournals
Mappings
Ledger
StandardReports
TB, Source
Mask
CustomReports, exports
EXPORT
TO
XML
Chart of AccountsAccounting
Periods
Budgetsversions years
Comparativesyears
Journal Entries
Standard, repeating, recurring journals
Sourcejournals
Mappings
Ledger
StandardReports
TB, Source
Mask
CustomReports, exports
IM PORT
FROM
XML
Account
Amount
Date
EDIFICAS - derived after-the-fact GL-AR-AP-
IM-PR-XX
One File, Three Levels
Accounting Entries Entry Header Entry Line
General Ledger detailsInclude primary postings
Departmentalallocations
Chart of AccountsIncludesAccounts
And customers, vendors
Customer, vendor open items
“General Ledger” Holds More
Cost or Analytical Accounting …
“General Ledger” Holds More
Legal issues
• Sequential logging and governmental audits
Book to TaxDifferences
Book = Governmental Reporting
Software Developers
• Pros– Easier coupling, interface
• Less development required to interface with third party products
– ASP– Add-ons– Financial reporters– Budgeting
– Specialization OK• Users can use best
software for their own use and use XBRL to consolidate rather than one package throughout
• Cons– Switching costs
• Easier for users to buy complimentary products outside of the vendor’s family
– Plug-and-play– Modular
• Easier for users to leave product
– Data migration path
End Result
Assurance Today
• No piece-meal opinions• As a whole• Relies on
– Materiality– Subsequent events
• Documents on the Net are representations of paper document; reusability limited– HTML
– Java(script)
• Questions surrounding where assurance ends– Links off-site– Management comment
data
Demands for Data Level Assurance
• Data level assurance is …• Assurance on the data?• Assurance on the processes, per se? … (necessary for)• Assurance on the tags / “classifications”?
• Data level assurance
– Are the tags assigned correctly?
– Was it posted to the right account / bucket / classification?
• Supplemental assurance
– Linkage to “taken as a whole”
• Presentation a non-issue
data
XBRL
• Tags assigned to data• Data items can be presented
– As single fact – Collectively as extract– As entire financial statement
• Information reusable• Tools exist to show what is covered under assurance
– This is where we need to go
data
XBRL
Promises to make financial information more discoverableEnables integrated reporting, from point of entry to
reportingWill ride along on XML-related technologiesMove from presentation of data to data-centric modelRaise the bar on expectations
Partial: receivables and inventory information to bank New: Performance metrics offered to shareholders
Continuous: Sales figure constantly updated on web siteContinuous audit
data
XBRL
Does not create the data level assurance needIs a facilitator and catalystCan be part of the solution
XBRL
Is a CPA firm that creates an XBRL file doing a compilation?
Does it need an accountant’s letter for the XBRL file itself if the CPA firm creates it?
Can only the firm’s personnel assign tags to the file?If the wrong tag but correct label are provided, what
are the repercussions?What happens if only a partial financial statement is
represented with XBRL?What about adding information not normally included?
data
How Can We Cope?
Technology to tie Company authorization and CPA assuranceTo eDocumentTo eData …
Must beTransparent to non-technical usersMuch simpler than assurance sealsNearly impossible to counterfeit
data
Selective Unfolding: Tax XML
Tax information:Page 1: General info
Page 2: Sales taxPage 3: Motor fuelsPage 4: Corporate
Page 2
Page 3
Page 4
Page 1 toeveryone
TAXPAYER
TAX AUTHORITY
AGENT 3
AGENT 2
AGENT 1
Sees only cyphertext
Hacker
coping
Selective Unfolding: Order XML
Web buyer
Web orderPage 1: General infoPage 2: credit info
Page 3: purchase info
Page 2
Page 3
Page 1 toeveryone
AR
ShippingSees only cyphertext
Hacker
coping
PubliclyDisclosedF/R DataToday’s F/R and
tomorrow’s businessmetrics – publicly
disclosed.
Why Does This Affect XBRL?
• XBRL for Financial Statements – today’s publicly disclosed financial reporting information … right?
Predisclouredata
Accounting and business reporting
data.
•Managers
•Trading partners
•CPA
•Banks
•Consolidation
Traditional financial reporting – the tip of the iceberg?
•Investors
•Creditors
coping
Accounting Data Warehouse
Internet
User
live connection to network
login:password:
Rightscheck
Here is thedata you are
allowed to see
The User Matters …
•Need live connection to network•Rights determine access
coping
Accounting Data Warehouse
Internet
User
xml stored, mailed, etc.
Open fileMy key …
Createfile
Here is thedata you are
allowed to see
More please?Key request
Here is thedata you are
allowed to see now
•XML file archived•Or email•Or ftp
•User accesses XML•Based on keys, sees certain information•More needed?
• Key request•More information opens
The User Matters …
<?xml version="1.0"?><signed data key1 cyphertext<signed data key2 cyphertext
DISCONNECT
coping
Selective Unfolding: XBRL GL
XBRL FR and GLTop level: Public disclosure
Level 1: Segmental breakdownLevel 2: AR, AP, cash flow
Level 3: Full GL detail
Level 3, filter by division
Level 2
Sees only Top level
Hacker Public
BankLevel 1
Investor relations
Divisional Manager
Treasury Management
coping
Key Considerations
• Data Level Assurance– Tag
• Was tag applied to right number
– Data Fairly Presented In Context Of Overall Financials• Item in context of the rest of the financials• More than just numbers … links info (like going concern status)
to numbers
– Data Fairly Presented• Item on its own
Call to action
Key Considerations
• Data Level Assurance Issues Is it possible?– Materiality in a data age– Assurance to numbers or to processes– Classification (is the tag right) or data (is the number right)– What is the investor's expectations of what this means?
Call to action
Academic/Industry Relations
• "the most persistent observation . . . is that researchers and users belong to .. separate communities with very different values and ideologies and that these differences impede utilization."
Beyer, J.M. & Trice, H.M. 1982. The utilization process: A conceptual framework and synthesisof empirical findings. Administrative Science Quarterly, 27: 591-622.
Academic Involvement
• So far– Business Reporting on the Internet authors
• Lymer, Debreceny, Gray (and Rahman)• LDB involved in development
– Bryant College• Symposium and administrate the
– XBRL Academic Competition• Students particpate in research, applications, taxonomy
– University of Kansas• Helping Edgar Online with XBRLization of SEC filings
– Rutgers• Awareness and considerations
– Seattle Pacific• Working with vendor XBRL Solutions to create training materials
• To come– AAA Stovepipes coming together
Opportunities for Research and Teaching
• Audit ramifications of XML– XML Audit and Control
• Development of performance measurements items
– GRI, Sustainability
• Accounting and organizational behavior
– XML changes roles– What is obsolete, new?
• Financial reporting systems– What can happen?
• Objective evaluations of value
• What are keys to acceptance and implementation
• Digital signatures and encryption
• How does this serve the public interest
• Need the discipline of being model oriented
• How will this affect policy making?
• How do we best– Bring together communities– Provide rigor– Encouraage future
thought• What is the downside?• Data trust - how to live
without materiality and subsequent events?
Questions?
• Eric E. Cohen, CPA– PricewaterhouseCoopers LLP
• 117 Rossiter Road, Rochester NY 14620-4127 USA• 716.271.4070• Internet