1 Discussion of “Computer- Assisted Tools for Auditing XBRL- Related Documents” Symposium on Information Integrity & Information Systems Assurance David Plumlee University of Utah
How to Spend a Saturday Afternoon 2
Significance and Contribution Significance of the question Assurance in XBRL-related documents is inevitable Conducting the procedures manually is tedious and not fully reliable Contributions Lays out a set of a assurance objectives Describes software that assists auditors (and others) in meeting the assurance objectives Some insights into the XBRL knowledge of a limited number of members of the Information Systems Audit and Control Association 3
Assurance Objective – Internal Control To determine whether the controls over the creation of the XBRL-related document are operating effectively (and efficiently) Do we care whether they are efficient? We would benefit from some details about how XBRL-related controls would be assessed. In the US, what happens when the tagging process is integrated into the financial reporting system? (in the case no reliance was placed of controls) 4
Other Assurance Objectives Suitability – “appropriateness” is in the eye of the beholder For example, the client feels that “OperatingExpensesWithCOGS” in their taxonomy extension is sufficiently different from “OperatingExpenses” in the official taxonomy There needs to be a more objective criterion for suitability. Accuracy – how do you apply “in all material respects” to the XBRL setting where tagged facts can be extracted from EDGAR in isolation? 5
Man versus Machine 6 Assess validity Graphically represent - systematic structure - XBRL taxonomy Render elements Map business facts to the XBRL- tagged data Determine whether documents have required information Assess the appropriateness of the elements Determine whether “similar” elements are created in extension taxonomies Determine that the instance document does not contain information not in the official filing Determine that the same taxonomies and rules were applied to create context information
The Role of Rendering In a world where individual items are extracted by users from a database like EDGAR, is rendering the right tool for the auditor? Will rendering reveal intentionally wrong tags? Will rendering lead to a false confidence in the correctness of the tags? Is fatigue in “ocular analysis” an issue? Should there be standards for rendering software that make it easier for preparers, users and auditors? 7
What Else Can Be Automated? Focus on exceptions Same tag in multiple instances Compare contexts for common tags Industry-based templates focusing on “standard items” Standard disclosures; e.g., Pension footnote More easily analyzed by software agents Semantic languages and tools that exploit intelligent reasoning 8
Is there a role for risk assessments? Can the auditor use the risk of mis-tagging to reduce the number of tags that must be evaluated in detail on a given engagement? Items tagged on a basis consistent with last year? Amounts that even if 100% wrong would be immaterial by financial audit guidelines. Will the proposed process detect intentional mis-tagging? Are the results of XBRL internal control evaluations useful in designing the “substantive” tagging procedures? 9
Workshop Participants’ Opinions on XBRL-related Assurance What information was gathered? What questions were asked? How were the scales labeled? What were the ranges (may be Std. Deviations) of the responses? Are there demographic variables that explain variation in the knowledge ratings or the rankings? Are other populations interesting/relevant? 10
Conclusions Professors Boritz and No are ahead of the regulators who have been reluctant to mandate assurance on XBRL-related documents. XBRL Audit Assistant points out the current advantages and limitations of computer technology in the XBRL assurance setting. There are serious limitations in the knowledge of professionals who will be called on to provide XBRL assurance. 11