Global Accounting and Auditing Firms Raise Auditor Attestation Issues with SEC XBRL Proposal
While expressing overall support for the SEC‘s proposed move towards requiring interactive XBRL filings of financial statements, global accounting and auditing firms have concerns about auditor attestation and internal controls. The firms are concerned about the extent of the independent auditor’s involvement with the XBRL information. The SEC proposal would require the submission of interactive data-formatted financial statements according to a phase-in schedule beginning with domestic and foreign large accelerated filers with a worldwide public common equity float above $5 billion. The comment period on Release No. 33-8924 ended on August 1, 2008.
The firms agree with the proposing release’s provision that during the three-year phase-in period no form of auditor assurance should be required for the interactive data exhibit furnished with a company’s filing. But, the firms generally believe that, in order to prevent investor confusion, filings should clearly specify the extent of auditor involvement with the interactive data exhibit. Deloitte & Touche specifically urged the SEC and PCAOB to work with the auditing profession to revise the standard report of the independent auditor to expressly refer to the financial statements filed in Item 8 of the Form 10-K and perhaps to include a statement that assurance has not been provided on the interactive data.
Moreover, until the issuance of amended auditing standards, the firm recommends that the final SEC rules prohibit tagging the auditor’s report when no assurance has been provided on the interactive data exhibit. Otherwise, reasoned the firm, an investor viewing the report in the rendered XBRL document could incorrectly conclude that the auditor’s report covers the interactive data.
Unless an auditor’s report on the interactive data exhibit is included in the filing, said the firm, the SEC also should require separate disclosure in the interactive data exhibit explicitly stating that the interactive data has not been subject to any assurance procedures either at the individual tag level or taken as a whole. The firm also suggested that the SEC could avoid the potential for confusion by requesting the PCAOB to issue guidance consistent with this interpretation.
PricewaterhouseCoopers urged the SEC to consider cautionary language in the XBRL Exhibit and on the SEC Viewer to make clear to investors that there will be neither auditor assurance on the Exhibit nor any consideration by the auditor of the information. Eventually, predicted PwC, users relying on XBRL-formatted financial statement information will seek the same level of confidence in the reliability and accuracy that they currently have on audited financial statements used in traditional format.
The firm fundamentally believes that independent assurance on XBRL documents adds value by increasing reliability and enhancing public confidence in financial reporting. In this spirit, the firm wants to engage in a collaborative process with the SEC, the PCAOB and other market participants to help define an appropriate assurance framework that provides meaningful value to investors.
The firms expect that a number of issuers will voluntarily seek assurance-related or other permitted services on their XBRL submissions. As a result, PwC, BDO, and Grant Thornton said it would be appropriate for the SEC to request that the PCAOB update the May 2005 PCAOB Staff Questions and Answers, Attest Engagements Regarding XBRL Financial Information Furnished Under the XBRL Voluntary Financial Reporting Program, for use beyond the voluntary program, which would be discontinued under the SEC proposal.
In addition, PwC believes that it would be beneficial for the SEC to include in the final rules guidance around the appropriate protocol for submitting general use auditor XBRL attestation reports when a company obtains such voluntary assurance. Ernst & Young asked the PCAOB and SEC to seek input from companies and investors on the type, timing and extent of assurance, if any, that should be provided during the phase-in period.
Further, BDO suggested that the PCAOB consider the feasibility of services other than an examination, such as a review or agreed upon procedures, and provide appropriate guidance. In any event, the Commission should clarify in the final rule the type of reports that would be appropriate in filings as well as the legal liability, if any, associated with any attestation reports issued by auditors and voluntarily provided by companies. The Commission also should develop specific guidance on how the auditor reports that are issued on interactive data are to be filed in conjunction with the interactive data exhibit.
The SEC noted in the proposal that the preparation of financial statements may eventually become interdependent with the interactive data tagging process. As this occurs, a company and its auditor should evaluate these changes in the context of their Sarbanes-Oxley mandated reporting on the effectiveness of internal controls. However, the evaluation would not require an auditor to separately report on a company’s interactive data provided as an exhibit to a reports or registration statement
With this in mind, commenters asked that the final rules clarify that the auditor’s report on a company’s internal controls provides no assurance on the interactive data exhibit. Under PCAOB standards, an auditor is not permitted to perform an audit of the effectiveness of internal controls unless it has audited the underlying financial statements to which the internal controls relate. Thus, for internal controls to be extended to include controls over the creation of the XBRL submission, reasoned the firms, the auditor also would have to perform an audit of the
XBRL submission.
The SEC proposal indicates that the interactive data is excluded from the officer certification requirements under the Exchange Act, but it is unclear whether the basis for this exclusion is that the exhibit does not constitute disclosure controls and procedures as defined by the Exchange Act or whether the exclusion is simply an exception to the general rule that has been granted by the Commission at this time. In the view of KPMG, the exemption of the Interactive Data Exhibit from the officer certification requirements implies that the Exhibit need not be subjected to the issuer’s disclosure controls and procedures.