XBRL assurance is the auditor's opinion on whether a financial statement or other business report published in XBRL, is relevant, accurate, complete, and fairly presented. An XBRL report is an electronic file and called instance in XBRL terminology.
IFAC and other accounting organizations are discussing the topic to decide on a common approach and XBRL auditing standards. The auditor may give assurance to an XBRL financial statement, an XBRL business report and XBRL real-time reporting (often referred to as continuous reporting). The short term focus is on XBRL financial statements and regulatory reports, while the future focus is expected to be more on real-time reporting.
An XBRL report is part of a digital reporting supply chain. The auditor should not focus only on the reliability of the report itself. It is better to focus on the whole supply chain including the communication over a network of the report. The auditor needs to check if the report that has been sent (and received) is complete and in time.
In assessing the XBRL reporting process the auditor can use a reference model in which the layering of the whole digital reporting supply chain is reflected. The auditor performs an audit on every layer of the digital reporting supply chain, with assistance of experts and use of software tools on specific areas. A known example of a reference model is the OSI model. The use of a more comprehensive and detailed reference model by the auditor seems logical.
XBRL assurance is a container concept which covers multiple types of XBRL reports, audits, audit reports and related topics. In order for the auditor to be able to give the assurance, several aspects need to be clear:
With XBRL assurance the auditor needs to distinguish between primary and secondary audit objects:
The term standard taxonomy is here used in the context of clear ownership. A standard taxonomy is owned by an authoritative body and responsibility for the quality is taken by the owner. Obvious taxonomy owners are governments, regulators and standard setters. Ownership can be linked with creation, maintenance, publication and/or certification of the taxonomy. A custom taxonomy is not owned by an authoritative body.
Base-taxonomy and extension-taxonomy refer to the XBRL mechanism where an extension-taxonomy refers to -or imports- a base-taxonomy to expand the available reporting concepts and/or their relations.
XBRL assurance can be described using following model:
Primary audit object | XBRL financial statement | XBRL report/filing | Real time reporting |
---|---|---|---|
Aspect | |||
Audit objectives, auditing standards and audit approach | |||
Audit report (text) including the auditor's opinion | |||
Link between audit report and audit object and auditor's signature |
The following, mainly XBRL specific reporting steps serve as a basis for the audit approach. The auditor checks that:
The distinction between a standard (base) taxonomy and a custom (extension) taxonomy is important for the auditor. A standard taxonomy is normally owned, created and published by the government or regulator. It is the responsibility of the government or regulator to create a taxonomy that is correct. The quality of a standard taxonomy is fixed input for the auditor. The auditor just needs to check -with help of software tools- that the right taxonomy is used. With a custom (extension) taxonomy this is not the case. The auditor needs to validate the custom (extension) taxonomy, a secondary audit object. He needs to perform an audit to check if this taxonomy complies with regulations and if it is accurate and complete.
A significant difference with paper based assurance is the concept of material misstatement. Material misstatement concerns the accuracy of the audit opinion on a financial statement or filing as a whole. An XBRL report contains a collection of individually identifiable business facts. The facts are building blocks of an XBRL report. Material misstatement in an XBRL report concerns the individually identifiable business facts.
The most common audit report in the world is an external auditor's report on an auditee's financial statements and its accompanying notes. XBRL assurance covers different audit reports depending on the primary and secondary audit objects.
To let the auditor to give an opinion on fair view is not obvious. An XBRL report (instance) contains little presentation metadata. More presentation metadata is needed to present the XBRL report in a human readable manner.
The auditor opts for an approach whereby the current audit object (a paper based report) will be cut in two new audit objects, each with its own audit report and opinion. The primary audit object is the instance containing all the business facts. The secondary audit object contains the presentation or rendering metadata.
The split in primary and secondary audit objects with different audit reports (and opinions) is necessary to prevent any confusion about the assurance the auditor adds to the XBRL financial statement instance or any other XBRL report without presentation in a human readable form.
One approach to this is to have different auditor opinions on the primary audit object and the secondary object that combined make clear the XBRL report provides a fair view.
This aspect covers the unbreakable linkage of the audit report and auditor's signature to the (primary or secondary) audit object. Both the primary and the secondary audit objects are electronic files which can be altered without leaving a trace. All this means that the auditor must use techniques like encryption and electronic signatures, ensuring that his opinion actually came from him and is permanently linked to the audited XBRL audit object without any unauthorized changes.
The XBRL standard has the ability to define business rules. These business rules can be found in different places in the XBRL taxonomy, that is in datatypes or linkbases. Application of these business rules will contribute to the reliability of the XBRL report. The business rules can be used by the reporting company, the taxonomy author or the auditor.
Accounting or Accountancy is the measurement, processing, and communication of financial and non financial information about economic entities such as businesses and corporations. Accounting, which has been called the "language of business", measures the results of an organization's economic activities and conveys this information to a variety of users, including investors, creditors, management, and regulators. Practitioners of accounting are known as accountants. The terms "accounting" and "financial reporting" are often used as synonyms.
Financial statements are formal records of the financial activities and position of a business, person, or other entity.
An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, and evaluate the propositions in their auditing report.
A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organisation. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.
An auditor is a person or a firm appointed by a company to execute an audit. To act as an auditor, a person should be certified by the regulatory authority of accounting and auditing or possess certain specified qualifications. Generally, to act as an external auditor of the company, a person should have a certificate of practice from the regulatory authority.
XBRL is a freely available and global framework for exchanging business information. XBRL allows the expression of semantic meaning commonly required in business reporting. The language is XML-based and uses the XML syntax and related XML technologies such as XML Schema, XLink, XPath, and Namespaces. One use of XBRL is to define and exchange financial information, such as a financial statement. The XBRL Specification is developed and published by XBRL International, Inc. (XII).
The auditor's report is a formal opinion, or disclaimer thereof, issued by either an internal auditor or an independent external auditor as a result of an internal or external audit, as an assurance service in order for the user to make decisions based on the results of the audit.
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
Statement on Auditing Standards No. 99: Consideration of Fraud in a Financial Statement Audit, commonly abbreviated as SAS 99, is an auditing statement issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) in October 2002. The original exposure draft was distributed in February 2002.
An external auditor performs an audit, in accordance with specific laws or rules, of the financial statements of a company, government entity, other legal entity, or organization, and is independent of the entity being audited. Users of these entities' financial information, such as investors, government agencies, and the general public, rely on the external auditor to present an unbiased and independent audit report.
Generally Accepted Auditing Standards, or GAAS are sets of standards against which the quality of audits are performed and may be judged. Several organizations have developed such sets of principles, which vary by territory. In the United States, the standards are promulgated by the Auditing Standards Board, a division of the American Institute of Certified Public Accountants (AICPA).
Materiality is a concept or convention within auditing and accounting relating to the importance/significance of an amount, transaction, or discrepancy. The objective of an audit of financial statements is to enable the auditor to express an opinion whether the financial statements are prepared, in all material respects, in conformity with an identified financial reporting framework such as Generally Accepted Accounting Principles (GAAP).
ISA 500 Audit Evidence is one of the International Standards on Auditing. It serves to guide the auditor on obtaining audit evidence through the application of an appropriate mix of tests of control systems and substantive tests of transaction and balances.
In financial auditing of public companies in the United States, SOX 404 top–down risk assessment (TDRA) is a financial risk assessment performed to comply with Section 404 of the Sarbanes-Oxley Act of 2002. Under SOX 404, management must test its internal controls; a TDRA is used to determine the scope of such testing. It is also used by the external auditor to issue a formal opinion on the company's internal controls. However, as a result of the passage of Auditing Standard No. 5, which the SEC has since approved, external auditors are no longer required to provide an opinion on management's assessment of its own internal controls.
Negative assurance, also known as limited assurance, is a method used by the Certified Public Accountant to assure various parties, such as bankers and stockbrokers, that financial data under review by them is reasonable. Negative assurance tells the data user that nothing has come to the CPA's attention of an adverse nature or character regarding the financial data reviewed.
The following outline is provided as an overview of and topical guide to accounting:
XBRLS is an application profile of XBRL.
Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of exceptions or anomalies, analyze patterns within the digits of key numeric fields, review trends, and test controls, among other activities.
The XBRL Global Ledger Taxonomy Framework is a holistic and generic XML and XBRL-based representation of the detailed data that can be found in accounting and operational systems, and is meant to be the bridge from transactional standards to reporting standards, integrating the Business Reporting Supply Chain.
Entity-level controls are internal controls that help to ensure that management directives pertaining to the entire entity are carried out. They are the second level of a top-down approach to understanding the risks of an organization. Generally, entity refers to the entire company.