Upload
maximilian-jacobs
View
219
Download
0
Embed Size (px)
Citation preview
DISCUSSION ON “ISSUES WITH THE COMMUNICATION AND
INTEGRITY OF AUDIT REPORTS WHEN FINANCIAL REPORTING SHIFTS TO AN INFORMATION-CENTRIC PARADIGM”
Rajendra P. SrivastavaErnst & Young Distinguished
ProfessorUniversity of Kansas, Lawrence, KS
Presented at University of Waterloo Symposium
on Information Integrity and Information Systems Assurance
(UWCISA)
October 4, 2013
Outline• Research issues considered• Highlights of the Strengths on the paper• Some suggestions to improve the paper• Summary and Conclusion
Research issues considered• Communication of audit and
assurance reports• Security of audit and assurance
reports• Research questions related to these
issues
Issues related to communication• Content and Coverage (XBRL)Three Scenarios1. Separate audit report and instance
document with electronic signature Problem: No signal between audit
report and what is audited and what is not audited
2. Integrated audit report and FS through Xlink Problem: Increased Expectation gap
3. Integrating assurance report into other forms of disclosure (color coding to distinguish what is covered and what is not covered)
Strengths• Well developed concepts for
both communication and security
• Various scenarios discussed for both communication and security
• Understandable discussion on Inline XBRL
Concerns• Communication and Security discussed separately• Security concerns are closely tied to
communication approach• Expectation gap: Totality versus individual pieces,
no solution provided • Technical aspects, sometimes, are beyond the
reach. The authors need to elaborate on these concepts, provide a discussion in a footnote ..
• Since it is a conceptual piece, why not talk about level of assurance for each individual piece. This is closely related to the expectation gap
• Auditors cannot provide the same level of assurance for each atomic piece, then how would one express the opinion (use the example of sustainability reports)
Figures 5-6
Figures 7-8
Figure 9
Figure 10
More ConcernsControl over audit report and Instance document for its content using hash total
• The term MD5 is not as common, a footnote explanation would be helpful
• Looking at the EY audit report, it appears to me that they are giving hash total for the FS instance document and not the hash total of the report.
• Explain SHA-2
• I do not understand the concern raised by the authors about MD5 or SHA-2 that it shows that the report is changed even though the change is only the order of things that does not matter. I think this is important, change is a change.
• Semantic equivalence versus byte-by-byte equivalence.
More Concerns: Use of Inline XBRLI liked this part of the paper: “Inline XBRL embeds XBRL metadata and instance data facts within HTML or XHTML document”• I would like to see an explicit example of
how Inline XBRL would look like: the hidden and visible parts
• I did not find any discussion on the security issues of Audit Report in Inline XBRL
Example of Sustainability Assurance Report of France Telecom Orange 2010
Various Levels of Assurance
CSR ASSURANCE REPORT
Summary and Conclusion• Interesting thought piece– I enjoyed reading it and learnt new things, especially
about Inline XBRL• Provides various scenarios to communicate and
secure the assurance report– Raises several concerns about communicating what is
assured and what is not assured• Suggestions– Needs to answer some of the questions raised– Elaborate on technical terms– Provide a specific example on Inline XBRL usage– Provide some thoughts on various level of assurance and
how to report them– Look at other reporting models such as CSR assurance
reports– Read the manuscript carefully, the automated feature of
MS Words has its own mind, it puts its own word.
THANKS!!!&
QUESTIONS?