XII Assurance Committee Scope
Given the nature of XBRL-tagged data and emerging practice related to the accuracy of this data, the scope of the Committee’s work should not be limited to the narrowest definition of assurance used by public accountants. Instead, the Committee will focus on a broader context, taking into account the various forms of assurance and related services and processes that lend credibility to the accuracy of XBRL-tagged data. For more detail on the definition of assurance and related services that defines the potential scope of the Committee’s work, please see below Appendix A: Potential Scope of the XII Assurance Committee.
XII Assurance Committee Goals and Objectives
- Provide a forum for the identification, analysis and communication of market needs and issues related to the accuracy of XBRL-tagged data
- Proactively identify, reach out to and engage influencers, stakeholders, standards setters and regulators as appropriate
- Serve as the official liaison between market participants and XBRL International on assurance and related matters (coordinate visibility in both the market and within XII leadership and membership)
- Identify relevant resources, materials, and research on the topic
- Develop awareness materials (articles and publications) on the accuracy and integrity of information tagged in XBRL format, and the provision of assurance and related services on this informationThe XII Assurance Committee will not develop standards or related guidance for XBRL assurance
On an ongoing basis, the XII Assurance Committee will work to:
- Develop and maintain a listing of information on XBRL assurance and related services, such as guidance and educational materials, including illustrations, examples, pilot case studies, etc.
- Develop and deliver articles, publications, case studies, etc. on XBRL assurance and related services, covering topics such as the need for assurance and related services, as well as strengths and weaknesses of approaches taken to date
- Develop and maintain the assurance education and awareness component of the XII website
- Identify and communicate information about activities in XII jurisdictions, or elsewhere, focusing on XBRL assurance topics including examples of implementations in process
- Provide consultation to the IAASB XBRL Task Force and other task forces as they come to the attention of the XII Assurance Committee
- The XII Assurance Committee will maintain a detailed action plan for projects underway, which will be made available upon request.
Appendix A: Potential Scope of the XII Assurance Committee
In defining the mission and objectives of the XBRL International Assurance Committee (the Committee), it is important to clarify what might be covered under the scope of the Committee’s work. This is a living document and may evolve over time as new developments occur in the XBRL space and in the international practice of assurance and related services in general. To date, as a result of emerging practice in different parts of the world, this scope has been broader than ‘assurance’ as technically defined by the IAASB and other accounting bodies around the world. There are various definitions of the term ‘assurance’ within and among geographic jurisdictions: some are formal, legal and narrow; some are broader but fit within the scope of services a public accountant, CPA or CA would generally provide; some are so broad, they incorporate any feeling of well-being. Therefore, it is important to clarify what we mean by ‘assurance’ in the context of the XII Assurance Committee’s scope and work plan, and to clarify that the scope of the Committee’s work will not be limited to assurance as technically defined, it will also cover other related services that help to provide some level of comfort around the accuracy of XBRL-tagged data.
In general, the objective of ‘assurance’ is to enhance the degree of confidence 1) of the intended users and/or 2) of those responsible for governance in delivering information to the intended user. From the perspective of the intended user, ‘assurance’ can fall across a very broad spectrum from that derived informally to that delivered through formal, structured services and communications. On one side of that spectrum, simply knowing who provided information or by what means, systems or channels information was produced can provide a kind of ‘assurance’ (or comfort) to a user. Knowing that information is being reviewed by management through some kind of a quality control process can provide some level of ‘assurance’ (or comfort) as well. Assurance provided by a third (independent) party will have more value than assurance provided by a dependent party; for example, by an independent auditor who provides an opinion vs. a CIO issuing an assertion on the accuracy of information.
Representatives of the accounting and auditing profession, in different regions, have defined the term ‘assurance’ related to assurance services. Assurance services, especially those related to historical financial information, are well structured and documented in professional standards and guidance. The International Federation of Accountants (IFAC) defines an ‘Assurance engagement’ as an engagement in which a practitioner expresses a conclusion designed to enhance the degree of confidence of the intended users other than the responsible party about the outcome of the evaluation or measurement of a subject matter against criteria. Under the “International Framework for Assurance Engagements,” there are two types of assurance engagements that a practitioner is permitted to perform: a reasonable assurance engagement and a limited assurance engagement.
Different jurisdictions around the world also have established definitions of assurance. For example, the American Institute of Certified Public Accountants (AICPA) defines assurance services as ‘independent professional services that improve the quality of information, or its context, for business or individual decision makers.’ CPAs in the United States deliver audit reports (the highest level of assurance) and review reports (expressing limited assurance).
The primary purpose of assurance services is to provide independent and professional opinions that add credibility to the accuracy of information to management as well as other decision makers who will rely on the information. Auditors can also, however, perform engagements that lend credibility to information but that are not technically considered to be assurance. For example, agreed-upon procedures can be performed under international standard ISRS 4400 and US standard AT201. While these engagements do not provide assurance and reporting is restricted use (e.g. in most cases restricted to management), they do provide some level of comfort to management and/or other specified parties. Auditors can also express themselves at different points across a spectrum of alternatives between 0% (i.e. no) assurance and 100% assurance, depending on the object of the assurance. For example, under the IFAC IAASB assurance framework, where the subject matter is financial statements taken as a whole (i.e. the subject matter of the assurance is ‘information’ rather than ‘data’), engagements can provide 0%, limited, reasonable, or 100% assurance. This same framework could be applied to XBRL data rendered into a presentation (thereby transforming it into ‘information’). If instead the subject matter of assurance is the XBRL data itself (i.e. not the presentation of that data), then assurance can be expressed anywhere along a continuum between 0% and 100% assurance.
Given the nature of XBRL-tagged data and emerging practice related to the accuracy of this data, the scope of the Committee’s work should not be limited to the narrowest definition of assurance used by auditors. Instead, the Committee will focus on the broader context of internal processes of supplying relevant information used by internal and external users, taking into account the various forms of assurance and related services and processes that lend credibility to the accuracy of XBRL-tagged data. These might include, but are not limited to, advisory services, agreed-upon procedures engagements, review engagements, examination-level assurance engagements, and examination of processes and controls related to the XBRL-tagged data. Services related to the accuracy of XBRL-tagged data that are known to have been performed to date include advisory services, agreed-upon procedures, and examination-level assurance engagements.
It is also important to note that, just as assurance and other related services are not confined to financial statements or conventional reports (they could also relate to nonfinancial information, and both information producer and information consumer-oriented processes or systems), the scope of the Committee will not be limited only to a focus on financial information structured and communicated with XBRL, but instead will cover the accuracy of XBRL-formatted communication of both internal and external financial and nonfinancial information.
Since the area of XBRL assurance and related services is still fairly undeveloped, it is likely that the spectrum of services will evolve. In the short term, the focus will likely continue to be on content assurance (e.g. making sure that XBRL formatted disclosures are correctly derived from traditional financial statements, and verifying that information included in instance documents is correctly mapped to a generally accepted taxonomy). Over time, there will likely be increasing focus on process assurance as well (e.g. internal controls regarding processing of financial information including XBRL information, completeness of disclosures, reliability of XBRL reporting software, controls around correctness and completeness of tagging process, etc), possibly complemented with additional content assurance for specific groups of users (e.g. government, tax authorities, shareholders, banks, etc). Staying abreast of this evolution will be an ongoing focus of this Committee.
Adoption of the Inline XBRL specification will also impact this evolution. Inline XBRL is a standard for embedding XBRL fragments into an HTML document. The objective is to provide documents which can be viewed in a browser while making use of XBRL tags which can be processed automatically by consuming applications. With Inline XBRL, the electronic XBRL tags are embedded in the human readable report, whereas with traditional XBRL the electronic instance document is separate from a human readable rendering. This raises a number of considerations from the perspective of assurance and related services, which will be monitored by the Committee.