XBRL for GRC: Will the Auditing Profession Embrace XBRL for Governance, Risk Management, and Compliance as the Accounting Profession Has Begun to Do?
Chironna, John, Zwikker, Ernst, Strategic Finance
On April 13, 2009, in an effort to improve the usefulness of financial statements to investors, the Securities & Exchange Commission (SEC) adopted rules requiring public companies to provide their financial statements to the Commission and on their corporate websites in interactive data format using eXtensible Business Reporting Language (XBRL).
The auditing profession has raised liability concerns that users of financial statements in XBRL format may incorrectly assume that auditor assurance has been provided on the data tags that make up a financial statement in XBRL format. These audit firms recommend that the standard audit report clarify the extent to which the audit extends to XBRL data. The SEC has addressed this concern by stating that issuers aren't prohibited from disclosing the degree of auditor involvement in the XBRL data.
Although the auditors' preemptive concern about liability has some merit, we take a broader view of XBRL and the potential of this standard for compliance and financial audits. Could the audit profession benefit from XBRL--i.e., could XBRL have an impact on the level of audit risk? Or could it affect detection risk?
Considering that most management accountants are exposed to a company's internal and external audits, they can benefit greatly from an understanding of how XBRL can facilitate improved efficiency and accuracy of various audit procedures.
Data Formats for Auditing
Public companies are filing their financial statements and various forms (such as the 10-K and 10-Q) with the SEC via its Electronic Data Gathering Analysis and Retrieval System (EDGAR) (and its next-generation EDGAR for filing XBRL-tagged interactive data files). The processes of electronic filing began in 1993, and, since then, companies have been required to file their financial statements in American Standard Code for Information Interchange (ASCII) or HyperText Markup Language (HTML). ASCII, a widely used standard for encoding text documents on computers, is often used when transferring files between computers. HTML was designed to display data, say, for example, on a Web page.
What has this meant for the audit profession since financial statements of issuers are available in ASCII or HTML format? Auditors have made limited use of the digital format of the financial statements whether in ASCII or HTML format. Instead, they rely primarily on printed documents. They might use Computer-Assisted Audit Techniques (CAATs) to execute substantive procedures when financial statements are available in a digital form. Most standard CAAT solutions work with character-delimited ASCII files because of ASCII's characteristics for data transfer, but data in HTML format is of little use for standard CAAT solutions. Also, the data in financial statements is an aggregated form of accounting data. For testing transactions, account balances, and internal controls, auditors rely on the underlying, nonaggregated accounting data stored in the issuers' financial system or enterprise resource planning (ERP) system.
What could the audit profession have done with the available financial statements in ASCII or HTML format? Auditors could use character-delimited ASCII files to have companies' financial statements available on their computer and import them to a spreadsheet program. This digital format helps when conducting standard analytical audit procedures--i.e., preliminary analytical procedures, substantive analytical procedures, and final analytical procedures. Preliminary analytical procedures are performed to better understand the business and to assess business risk. Substantive analytical procedures are performed to obtain evidence about assertions related to account balances. And final analytical procedures are performed as an overall review of the financial information in the final state of the audit.
But the use of digital data hasn't taken off within the audit profession the way it has transformed how issuers file with the SEC. …