DISCUSSION ON “ISSUES WITH THE COMMUNICATION AND

INTEGRITY OF AUDIT REPORTS WHEN FINANCIAL REPORTING SHIFTS TO AN INFORMATION-CENTRIC PARADIGM”

Rajendra P. SrivastavaErnst & Young Distinguished

ProfessorUniversity of Kansas, Lawrence, KS

Presented at  University of Waterloo Symposium

on Information Integrity and Information Systems Assurance

(UWCISA)

October 4, 2013

Outline• Research issues considered• Highlights of the Strengths on the paper• Some suggestions to improve the paper• Summary and Conclusion

Research issues considered• Communication of audit and

assurance reports• Security of audit and assurance

reports• Research questions related to these

issues

Issues related to communication• Content and Coverage (XBRL)Three Scenarios1. Separate audit report and instance

document with electronic signature Problem: No signal between audit

report and what is audited and what is not audited

2. Integrated audit report and FS through Xlink Problem: Increased Expectation gap

3. Integrating assurance report into other forms of disclosure (color coding to distinguish what is covered and what is not covered)

Strengths• Well developed concepts for

both communication and security

• Various scenarios discussed for both communication and security

• Understandable discussion on Inline XBRL

Concerns• Communication and Security discussed separately• Security concerns are closely tied to

communication approach• Expectation gap: Totality versus individual pieces,

no solution provided • Technical aspects, sometimes, are beyond the

reach. The authors need to elaborate on these concepts, provide a discussion in a footnote ..

• Since it is a conceptual piece, why not talk about level of assurance for each individual piece. This is closely related to the expectation gap

• Auditors cannot provide the same level of assurance for each atomic piece, then how would one express the opinion (use the example of sustainability reports)

Figures 5-6

Figures 7-8

Figure 9

Figure 10

More ConcernsControl over audit report and Instance document for its content using hash total

• The term MD5 is not as common, a footnote explanation would be helpful

• Looking at the EY audit report, it appears to me that they are giving hash total for the FS instance document and not the hash total of the report.

• Explain SHA-2

• I do not understand the concern raised by the authors about MD5 or SHA-2 that it shows that the report is changed even though the change is only the order of things that does not matter. I think this is important, change is a change.

• Semantic equivalence versus byte-by-byte equivalence.

More Concerns: Use of Inline XBRLI liked this part of the paper: “Inline XBRL embeds XBRL metadata and instance data facts within HTML or XHTML document”• I would like to see an explicit example of

how Inline XBRL would look like: the hidden and visible parts

• I did not find any discussion on the security issues of Audit Report in Inline XBRL

Example of Sustainability Assurance Report of France Telecom Orange 2010

Various Levels of Assurance

CSR ASSURANCE REPORT

Summary and Conclusion• Interesting thought piece– I enjoyed reading it and learnt new things, especially

about Inline XBRL• Provides various scenarios to communicate and

secure the assurance report– Raises several concerns about communicating what is

assured and what is not assured• Suggestions– Needs to answer some of the questions raised– Elaborate on technical terms– Provide a specific example on Inline XBRL usage– Provide some thoughts on various level of assurance and

how to report them– Look at other reporting models such as CSR assurance

reports– Read the manuscript carefully, the automated feature of

MS Words has its own mind, it puts its own word.

THANKS!!!&

QUESTIONS?