Alles and Gray 2012 ABS 1 XBRL Auditing

JOURNAL OF INFORMATION SYSTEMS American Accounting Association
Vol. 26, No. 1 DOI: 10.2308/isys-10248

Spring 2012
pp. 103–126
A Relative Cost Framework of Demand for

External Assurance of XBRL Filings
Michael G. Alles
Rutgers, The State University of New Jersey
Glen L. Gray
California State University, Northridge
ABSTRACT: There has been much discussion in the academic literature and in the
XBRL community on the role of audit firms in providing assurance services for XBRL
filings, especially now that the use of XBRL has been mandated in the United States.
This paper presents the development of a framework of the demand for external
assurance of XBRL filings predicated on two relative cost arguments. First, that in the
absence of a mandate for XBRL filings to be assured by an external auditor, a manager
will compare the cost of obtaining external assurance against the cost of obtaining
confidence on the filings internally. Second, managers will be reluctant to pay more for
external assurance on an XBRL filing than they paid to prepare it. The former is called
the external cost relative to internal cost comparison, and the latter the external cost
relative to preparation cost comparison. Based on our relative cost framework, it is
predicted that there will only be a role for externally provided assurance of XBRL filings if
the cost of that assurance can be either reduced or appear less significant to clients. The
former outcome can be brought about by shifting assurance from the XBRL filings
themselves to assurance of the preparer through a SSAE No. 16/SAS No. 70 report,
thereby converting the cost of XBRL assurance from a variable cost to a fixed cost that is
spread among many filers. External auditors can also attempt to make the cost of XBRL
assurance less salient to managers by folding that cost into their total audit fees.
Keywords: XBRL; assurance services; audit ﬁrms; relative cost; SSAE No. 16; SAS
No. 70.
I. INTRODUCTION
T
his conceptual paper explores the interaction between relative costs, relative demand, and
relative scope of external assurance services associated with XBRL EDGAR filings at the
U.S. Security and Exchange Commission (SEC). (Hereafter, all documents tagged with
We thank David Blaszkowsky, Eric Cohen, Roger Debreceny, Alex Kogan, Paul Penler, Matthew Slavin, Raj Srivastava,
Miklos Vasarhelyi, Mike Willis, and three anonymous referees for helpful comments, as well as participants at the 2nd
International Symposium on Accounting Information Systems in Rome and the 5th University of Kansas International
Conference on XBRL. Feedback is welcome and may be addressed to either author.
Editor’s note: Accepted by Rajendra Srivastava, Guest Editor.
Published Online: February 2012
103
104 Alles and Gray
XBRL and submitted to the SEC are referred to as ‘‘XBRL filings.’’) The SEC does not require
external assurance on XBRL filings; however, it is clear that these filings need some form of quality
control (whether it is externally provided assurance or something else) to improve the quality of
these filings. Both the professional and academic communities (Boritz and No 2008; Debreceny et
al. 2010; Bartley et al. 2010; http://www.xbrlcloud.com; http://www.edgar-online.com) have
reported ongoing occurrences of errors in the XBRL filings. The SEC has periodically published
‘‘staff review observations’’ since 2009 that summarize XBRL filing errors, and the latest bulletin
on December 13, 2011, indicates that errors are still being frequently encountered in XBRL filings.1
Management and board members of XBRL filers desire a high level of confidence that their
filings are free of material errors, given their awareness that filing errors will be reported by such
near real-time online analysis websites as http://www.xbrlcloud.com. Besides the imperatives of
company executives, the uptake in the usage of XBRL filings by analysts and other consumers of
financial information is also dependent on those filings meeting their quality thresholds.2
Nonetheless, as with traditional financial statement audits, the scope and depth of XBRL-filing
assurance will be subject to the cost of obtaining that assurance. Theoretically, an accounting firm
could conduct a financial statement audit where it will have nearly 100 percent confidence that the
accompanying financial statements are essentially 100 percent error free; however, it would be so
exorbitantly expensive there would be no demand for such a comprehensive audit because no client
would consider paying the required fee for such an audit. As discussed in this paper, parallels can
be drawn in the XBRL-filing assurance domain in terms of cost, demand, and scope. Particularly
critical to our discussion is the fact that, unlike financial statement audits, the scope of XBRL-filing
assurance engagements is still under discussion by the AICPA.3
The overarching question explored in this paper is what role external auditors can play in
improving confidence in XBRL filings given that there is no mandate at present for those filings to
have independent assurance. The Center for Audit Quality (CAQ 2009) Alert #2009-2055,
Potential Audit Firm Service Implications Raised by the SEC Final Rule on XBRL, lists seven
potential XBRL-related services audit firms may be asked by their clients to provide:
1. Advisory Services
2. Assurance Services
3. Agreed-upon Procedures
4. Examination of an Assertion about XBRL-Tagged Data
5. Examination of Controls over the Preparation of the XBRL-Tagged Data
6. AT Section 601, Compliance Attestation
7. Review of an Assertion about XBRL-Tagged Data
While any of the above services could improve confidence in XBRL filings, this paper focuses
on assurance services and, secondarily, on agreed upon procedures (AUP). The last four services
are excluded because the CAQ views them as relatively minor ones, which would not likely be
complete engagements onto themselves, but would be just a part of other engagements. Advisory
services are also excluded because of limitations on audit firms providing non-audit services, such
1
http://www.sec.gov/spotlight/xbrl/staff-review-observations-121311.shtml: ‘‘We continue to see the same issues
around the topics of formatting of the financial statements, negative values, use of unnecessary extensions, and
the completeness of the tagging (i.e., parentheticals and string values).’’
2
While there is only anecdotal evidence at present as to the usage of XBRL tagged information directly by
analysts, it is known that data providers to the analyst community, such as Reuters and Bloomberg, are making
use of XBRL information.
3
An exposure draft of the AICPA’s Proposed XBRL Principles and Criteria for XBRL-Formatted Information
is available at: http://www.aicpa.org/interestareas/frc/accountingfinancialreporting/xbrl/pages/
exposuredraft-xbrlprinciplesandcriteria.aspx
Journal of Information Systems

Spring 2012
A Relative Cost Framework of Demand for External Assurance of XBRL Filings 105
as advising clients on preparing their XBRL filings, although a form of consulting that audit firms
may be providing businesses in this context is discussed in Section V.
As CAQ (2009) makes clear, there is, as yet, no requirement that filers obtain an assurance
service (under Attestation Standards AT section 101), but the anticipation that this might change in
the future is why academic research focuses on external assurance of XBRL filings.4 Agreed upon
procedures (AUP) engagements, which are conducted under Attestation Standards AT section 201,
are included because they have many overlapping characteristics with assurance services and are
currently far more popular than assurance services. As its name implies, the scope of an AUP
engagement can be whatever the client and firm agree to. AUPs are discussed in this paper in order
to establish a lower bound for the cost of assurance services for XBRL filings. The scope of these
AUP engagements may be good indicators of the scope of future mandated assurance engagements.
An XBRL-filing AUP engagement could range from a relatively small engagement that focuses on
just one aspect of the XBRL filing to a comprehensive engagement that addresses all aspects of the
filing. The key distinguishing characteristic of an AUP engagement in contrast to an assurance
engagement is that the accountant does not issue an opinion at the end of the AUP engagement.
The fact that independent assurance is not mandated for a mandated XBRL filing provides a
unique opportunity to examine what drives the endogenous demand for assurance and auditing
services in general.5 As reflected by the establishment of international and U.S.-based XBRL
assurance committees soon after the public release of XBRL in the year 2000, many academics and
practitioners have taken for granted that filers would ultimately demand assurance services provided
by external auditors; however, at present, few filers have employed external auditors to even
conduct the less demanding AUP engagements. Ernst & Young estimated that less than a quarter of
filers were using an external auditor in their XBRL filing process as of November 2010.6
To address the overarching question about the roles for external auditors in XBRL filings, this
paper constructs a relative cost framework for understanding the decision making process of
managers of companies submitting XBRL filings who are contemplating employing an external
auditor to provide assurance services for those filings. The framework assumes that these managers
would examine substitutes for external assurance services and also that behavioral factors will
constrain how much they are willing to pay for those services. While the examples and references to
auditing standards are specific to the USA, the framework would apply to any XBRL jurisdiction in
which assurance of XBRL filings remains a voluntary choice of management.
The next section of the paper lays out the development of the relative cost framework. Section
III then examines in depth one aspect of our framework, called the external cost relative to
preparation cost comparison. Section IV does the same for the external cost relative to internal cost
comparison. Section V discusses the economic predictions arising from our relative cost framework
for non-mandated independent assurance of XBRL filings by external auditors. Section VI offers
concluding comments.
4
This literature is discussed below.
5
Wanda Wallace (1980) has shown that some organizations obtained third-party assurance of their financial
statements even before the use of an auditor was mandated in the USA in 1933 (Niemi et al. [2012] examine
demand for non-mandatory auditing by small companies in Europe in recent years). She puts forward three
hypotheses for why these organizations voluntarily used an auditor: stewardship, information, and insurance. As
discussed later, these reasons may well also explain why organizations today may want to hire an external auditor
to examine their XBRL filings, but this demand for external assurance needs to be balanced by examining its cost
and the availability of substitute sources of confidence. Not all organizations prior to 1933 hired an external auditor
despite these hypothesized reasons for doing so, and the vast majority of XBRL filers do not do so today either.
6
As stated by Matthew Slavin of Ernst & Young at the 5th KU XBRL Conference, April 2011, with statistics
based upon more than 1,000 responses to an E&Y webcast held in November 2010. E&Y emphasized that due to
self-selection bias, this is not a representative sample, but it does provide a general perspective on the level of
demand for AUPs.

Spring 2012
106 Alles and Gray
TABLE 1
Phase-In of SEC XBRL Requirements
Adoption Summary Periods Ending after Periods Ending after Periods Ending after
for Corporate Filers June 15, 2009 June 15, 2010 June 15, 2011
A. Large Accelerated Year 1—structure Year 2—structure Same as Year 2.
Filers w/ public float amounts in financial amounts in financial Limited liability provisions
.$5B (; Fortune 500) statement tables in statement tables and are scheduled to be lifted
detail and notes to individually tag each by the SEC after 2nd
financial statements in significant accounting year. Companies may
‘‘block text.’’ Roughly policy, table within a desire more comfort on
300 disclosure footnote and each processes and controls.
elements. (;950 quantitative amount
filings) within a footnote.
Roughly 3,000þ
disclosure elements.
B. Balance of Accelerated Year 1—structure Year 2—structure amounts
Filers with public float amounts in financial in financial statement
.$700m (;next 1,600 statement tables in tables and individually
largest public detail and notes to tag each significant
companies) financial statements in accounting policy, table
‘‘block text.’’ Roughly within a footnote and
300 disclosure each quantitative amount
elements. (;5,000 within a footnote.
filings) Roughly 3,000þ
disclosure elements.
C. Balance of ;10,000 Year 1—structure amounts
public companies in financial statement
(including FPIs under tables in detail and notes
IFRS) to financial statements in
‘‘block text.’’ Roughly
300 disclosure elements.
(;26,500 filings)
II. THE DEMAND FOR NON-MANDATED EXTERNAL ASSURANCE SERVICES FOR

XBRL FILINGS
In December 2008, the SEC officially mandated the phase-in of XBRL filings to be furnished as
an attachment to traditional Form 10-Q and 10-K filings. The timing and scope of the mandate is
illustrated in Table 1. The schedule for the application of that mandate to filers depends on the size of
the company’s public float and, in addition, the scope of the mandate increases over time for all filers.
The framework takes as given that managers will demand some (non-zero) level of confidence
on their company’s mandated XBRL filings and focuses on their decision about how they obtain
that desired level of confidence.7 That inevitably focuses attention on who can provide that
7
If filers simply do not care about the quality of their XBRL filings, then, of course, this situation is outside of this
model, but that scenario is rather unrealistic. After all, at least 25 percent of firms did, in fact, employ an external
auditor to conduct assurance or AUP services associated with their XBRL filings, so demand for such services
cannot literally be zero. The demand of managers for confidence in their XBRL filings will also reflect their
perception of the demand by investors for those services.

Spring 2012
confidence and the relative cost of each of those providers.8 This is a perspective that does not need
to be considered in situations where the use of the external auditor is mandated (such as the audit of
the financial statements themselves), which is what makes the case of XBRL a unique experiment
to help determine what is the endogenous demand for external auditors in a ‘‘free market’’ for the
assurance that they provide.
As discussed in the introduction, management wants confidence in the accuracy of their XBRL
filings since it is part of their disclosure regime, and even when those filings are under the SEC’s
two-year liability provisions for XBRL (the safe harbor provision), the company would bear a
reputational cost if it is shown to be materially incorrect. Moreover, there is always the possibility
that a loss of credibility of the XBRL filings would flow back to the financial statements
themselves. An important point to note in this regard is that while obtaining assurance of XBRL
filings is currently a voluntary choice of management, those documents—if correctly prepared and
rendered—are required to be identical in information content to the standard financial statements
which are audited. That means that any confidence obtained by investors from externally assured
XBRL filings is a second order effect compared to the primary effect of having the financial
statements themselves audited by an external auditor.
Since the traditional financial statements are audited, the decision about obtaining XBRL
assurance will be made by managers primarily on the basis of cost rather than shareholders
attempting to overcome a principal/agent problem with those managers. That primarily moral
hazard issue would presumably have already been taken care of by the fact that financial statements
are disclosed and independently audited. However, even being correctly rendered does not
guarantee that the XBRL instance documents themselves are entirely free of error, and so a separate
demand for confidence in the XBRL documents remains. The issue remains what the source of that
confidence will be given the relative cost of that confidence, in particular, the cost of obtaining that
assurance from an external auditor.
Multiple Confidence Providers

The key to understanding demand for external assurance services for XBRL filings in the
absence of a mandate for external assurance is that, as Figure 1 illustrates, there are multiple
potential providers of the confidence sought by management that their XBRL filing is free of
material errors.9 The overall confidence of management in its XBRL filing, as well as that of users
of those filings, is an aggregation of:
1. Confidence in the skills of the internal staff involved in preparing XBRL filing as well as
those of the staff that review and/or approve them;10
2. Confidence in the validation tools in the XBRL creation/conversion software (or other
validation tools) that may be used to prepare/validate the XBRL filing;
8
Considering the CAQ list of seven possible XBRL services accounting firms could provide, the question of what
type of services filers will demand should also be considered. While, as mentioned above, this paper focuses on
comprehensive assurance, in this paper, the same relative cost issues will arise for whatever type of services the
filer is contemplating.
9
We thank an anonymous referee for helping us refine this figure.
10
While there is a distinction between the internal preparers of XBRL filings and those staff who check them, this
paper does not focus on the relative contributions of each of those parties in providing confidence on the filings,
since our model concentrates on the relative cost of assurance obtained from an external auditor versus the
aggregate of that obtained internally. There is also a relative cost tradeoff between the internal cost of preparation
and the internal cost of assurance, but however that is resolved, there still remains the relative cost consideration
with respect to the cost of hiring an external auditor.

Spring 2012
108 Alles and Gray
FIGURE 1
Potential Confidence Providers for XBRL Filings
3. Confidence in the capabilities of the filing agent or other outside service provider that may
be used to prepare the XBRL filing; and
4. Confidence arising from the assurance of the XBRL filing by an external auditor.
Hence, given that there are a variety of providers who individually and in aggregate deliver the
desired level of confidence about the XBRL filings to the management and board, a role for the
external audit firm as the primary source of assurance for XBRL filings cannot be taken for granted,
as it obviously can with the financial statements themselves where auditing is mandated by law. In
the absence of such a mandate for independent assurance of XBRL filings, the role of a company’s
auditor in relation to those filings can be very client specific, depending on the mix and skills of the
other three parties in the above list.
Evolution of XBRL Assurance

Paralleling the development of XBRL taxonomies was the consideration of the appropriate
characteristics of assurance services for XBRL-tagged financial reports that appeared in the release
of several white papers discussing the issue (AICPA 2002; Trites 2005, 2006). In 2005, the Audit
Standards Board (ASB) of the AICPA published Attest Engagements on Financial Information

Spring 2012
Included in XBRL Instance Documents (AT 9101.47-0.54) to provide guidance to accountants

providing XBRL-related assurance services. In 2005, the Public Company Accounting Oversight
Board (PCAOB 2005) published guidance for assurance on filings under the SEC Voluntary Filing
Program (VFP). More recently, the AICPA published an exposure draft Proposed XBRL Principles
and Criteria for XBRL-Formatted Information (AICPA 2011) for preparers, reviewers, and
practitioners to use in evaluating information formatted in XBRL. This exposure draft is discussed
in more detail later in this paper.
Although activities continue in the XBRL community regarding assurance, the SEC
specifically noted that assurance was not required for its prior VFP or its current mandatory
XBRL filings (SEC 2009). It is notable that in its explanations for not mandating assurance of
XBRL filings, the SEC makes reference to many of the alternate providers of confidence shown in
Figure 1:11
[N]ote that we are not requiring that filers involve third parties, such as auditors or
consultants, in the creation of their interactive data filings. We are taking this approach
after considering various factors, including:
commenters’ views;
the availability of a comprehensive list of tags for U.S. financial statement reporting from
which appropriate tags can be selected, thus reducing a filer’s need to develop new elements;
the availability of user-friendly software with which to create the interactive data file;
the multi-year phase-in for each filer, the first year of which entails the relatively
straightforward process of tagging face financial statements, as was done during the
voluntary program, and block tagging footnotes and financial statement schedules;
the availability of interactive data technology specifications, and of other XBRL U.S., XBRL
International, and Commission resources for preparers of tagged data;
the advances in rendering/presentation software and validation tools for use by preparers of
tagged data that can identify the existence of certain tagging errors;
the expectation that preparers of tagged data will take the initiative to develop practices to
promote accurate and consistent tagging; and
the filer’s and preparer’s liability for the accuracy of the traditional format version of the
financial statements.
A Conceptual Framework
As long as the SEC does not mandate that a company’s external auditor must provide
independent assurance regarding its XBRL filings, whether to ask that auditor to provide XBRL-
related assurance services, or a lesser-scope AUP engagement, is ultimately a cost/benefit decision
to be made by management on the basis of the relative cost of the various providers of confidence
illustrated in Figure 1. Management’s cost/benefit decision is one component of our framework.
The other component arises from considering what an external auditor would charge to provide
assurance services regarding XBRL filings in comparison to the company’s cost of preparing those
filings in the first place. The evidence is that preparation costs are falling even as the price of
externally provided assurance services remains high or unknown—especially since the preparation
of XBRL filings can be outsourced by management, for example, to India, while for all practical
purposes assurance has to come from a U.S.-based auditor.12 Srivastava and Kogan (2010) and
11
SEC (2009, 94–95).
12
Since the decision framework is from the perspective of the management of XBRL filers, the paper will,
henceforth, refer to the cost to filers of obtaining external assurance of XBRL filings, rather than the price
charged by the external auditor to provide that assurance.

Spring 2012
110 Alles and Gray
Boritz and No (2009, 2011) have suggested frameworks for the assurance of XBRL filings by an
external assurance provider, but these papers do not discuss the cost of implementing their
assurance frameworks, which, considering their scope, may well be considerable. Plumlee and
Plumlee (2008) also discuss assurance of XBRL filings, and they do call for research into the cost
and benefits of that assurance, while warning that the specialized technical knowledge needed to
verify XBRL filings may be very expensive to obtain. Just as managers have to consider the relative
cost of alternative providers of confidence in the XBRL filings, they also have to think about how
much of their XBRL filing budget they are willing to allocate to obtaining external assurance
relative to how much they spend on actually creating those filings.
These two components are joined in a conceptual framework on the demand for external
assurance of XBRL filings. The framework is predicated on an aspect of the costs of that external
assurance that has yet to be raised in either the academic or practice literature, that the feasibility of
an external auditor providing assurance of XBRL filings is a function not just of the absolute cost of
providing assurance for those XBRL filings, but also of two relative cost comparisons:
1. The external cost relative to preparation cost comparison: The cost to the filer of obtaining
independent assurance on XBRL filings from an external auditor relative to the company’s
cost of preparing those filings. This comparison arises from extrapolating what happens if
the cost of preparing XBRL filings keeps falling while the cost of externally assuring those
statements does not. Our proposition is that given behavioral considerations, managers will
be resistant to pay more for assuring an XBRL filing than they pay for preparing that filing
in the first place.
2. The external cost relative to internal cost comparison: The cost of obtaining independent
assurance on XBRL filings from an external auditor relative to the cost of using internal
providers of confidence. This comparison comes down to whether it costs less to obtain
adequate confidence internally by improving the process by which the XBRL filings are
prepared, as opposed to having to employ an external auditor to ex post verify an XBRL
filing that has already been prepared by the company or outsourced service provider.
Discussions regarding relative cost have not significantly impacted auditing previously. With
the auditing of financial statements mandated, the trade-off with internally generated confidence is
not an issue: as outlined in SAS No. 65, an external auditor can rely to some extent on the work
performed by the internal auditor, but the external auditor is alone responsible for the audit opinion
that accompanies the financial statements, and that responsibility cannot be shared. Hence, there is
no equivalent to the decision facing management in the case of XBRL filings about the relative
value of obtaining assurance from internal and external providers of confidence. Similarly, while
audit committees will always negotiate with the auditor over the cost of the audit and pressure
CFOs to control costs in the accounting department, there has been no compelling reason to
compare these two costs against each other since both are large and not apparently trending in any
particular direction. Both of these costs are seen as necessities, with hiring an external auditor being
mandated—as is filing financial statements—and not an optional extra, as is the case at present with
XBRL filing assurance.
Both of these relative cost comparisons will impact the demand for the provision of assurance of
XBRL filings by an external auditor. In fact, these two relative cost comparisons would be predicted
to drive external XBRL assurance to converge to outcomes that either reduce the relative cost of
external assurance or else effectively reduce the significance of that cost to potential clients. An
approach that leads to the former outcome is one in which the XBRL filing preparation process will be
the focus of the assurance services rather than the XBRL filings themselves, hence, making the cost of
assurance a fixed cost that can be spread among many users rather than a variable cost to be borne by
each filer. The second scenario would see audit firms attempting to fold the cost of assuring XBRL

Spring 2012
filings into the overall costs of providing assurance for all the company’s mandated SEC filings so
that the client does not make a stand-alone comparison between the costs of XBRL assurance and
either the preparation costs or the cost of internally obtained confidence on the XBRL filings.
What combination of these outcomes will actually arise is an empirical question. Predictions
based on the relative cost framework are discussed in Section V, but first, each component of the
framework is discussed in greater detail.
III. THE EXTERNAL COST RELATIVE TO PREPARATION COST COMPARISON

When considering the cost of preparing XBRL filings relative to the cost of providing
assurance on them, the evidence from practice is that, despite the increasingly onerous requirements
for XBRL filings (e.g., detailed footnote tagging in the second year), the cost of preparing XBRL
filings falls significantly after the second filing year, and, moreover, even the startup cost is not
particularly high. Microsoft, for example, reportedly spent 180 person-hours preparing its initial
XBRL filings in 2008 (under the VFP), but only 24 person-hours in 2009. The cost to Microsoft of
preparing its XBRL filings in 2010 was under $100,000.13 Phil Moyers of EDGAR Online claims
that, with his automated tagging approach, a typical company’s statements can be processed in no
more than eight to ten hours.14 These numbers are in line with those reported for the SEC’s earlier
voluntary filing program, which are shown in Table 2 (source: SEC 2009, 133).
As shown in Table 1, the SEC mandate for XBRL requires progressively more complete and
complex XBRL filings during the second filing year, in particular, the tagging of the detailed contents
of financial statement footnotes.15 Hence, one can make the argument that the cost of filings will rise
somewhat from that of VFP filers, although as can be seen from Table 2, even an order of magnitude
increase in these costs in the second year would still make them relatively small for all except the
smallest of filers.16 Moreover, a countervailing force on these costs is the tendency of XBRL tagging
to attain a ‘‘steady state,’’ meaning that once the ramp-up in the mandated requirements is complete
for a specific company, its tags (and associated labels) are going to be virtually the same from year to
year. Essentially the XBRL filing will become a template for each filer, with only its content
(numbers, dates, etc.) being updated each year, not its tags or other structure.
That is, indeed, a feature of such XBRL software as Rivet Software’s Crossfire Compliance,
which allows users to simply drop new content into the correct ‘‘buckets’’ on a template drawn from
the prior year’s filing.17 As such, the numbers of hours needed to prepare the filing should fall
significantly after the second year of the mandate, as Table 2 indicates. In addition, despite the
initial safe harbor for XBRL filings, it is likely that a company’s counsel would advise that the tags
and structure of a XBRL filing be held constant as much as possible in order to retain direct
comparability to prior years. It is this fear of litigation that resulted in companies using taxonomy
extensions to tag their filings even when the official taxonomy provided a near-equivalent tag: the
safest course of action was to make sure that the XBRL filings used the same terminology as the
13
All these numbers are obtained from statements made by Bob Laux, Senior Director, Technical Accounting and
Reporting, Microsoft Corporation, at AAA panel discussions in 2009, 2010, and 2011.
14
Statement made at AAA panel, 2009.
15
‘‘Financial statement footnotes and financial statement schedules initially will be tagged individually as a block
of text. After a year of such tagging, a filer also will be required to tag the detailed quantitative disclosures within
the footnotes and schedules and will be permitted, but not required, to the extent they choose, to tag each
narrative disclosure.’’ Available at: http://www.sec.gov/rules/final/2009/33-9002.pdf
16
SEC (2009, 135): ‘‘Block tagging of footnotes is estimated at seven hours for the first filing, with a 50 percent
reduction in time for subsequent filings; and detailed tagging of footnotes is estimated at 70 hours for the first
filing, with a 50 percent reduction in time for the subsequent filings.’’
17
Available at: http://www.rivetsoftware.com/solutions/default.aspx

Spring 2012
112 Alles and Gray
TABLE 2
Preparation Costs of XBRL Voluntary Filing Program Filers
Subsequent Subsequent
1st Submission/ Submission/ 1st Submission/ Submission/
Block-Text Block-Text Detailed Detailed
Footnotes and Footnotes and Footnotes and Footnotes and
Schedules Schedules Schedules Schedules
Preparation face financials $31,370 $4,310 $4,310 $4,310
Preparation footnotes $1,750 $1,750 $17,500 $8,750
Preparation schedules $250 $250 $1,750 $875
Software and filing agent services $6,140 $6,140 $6,140 $6,140
Web site posting $1,000 $1,000 $1,000 $1,000
Total cost $40,510 $13,450 $30,700 $21,075
Upper bound $82,220 $21,340 $60,150 $37,940
previous paper filings to the SEC, just as the structure of those paper filings is also kept largely
invariant from year to year.18
A counterargument is that companies will be fearful of creating too many extensions since that
may reduce the comparability of their filings relative to that of other filers—and, indeed, the SEC is
urging firms to reduce the use of extensions when there is an equivalent tag in the official
taxonomy.19 However that dynamic plays out, the cost of preparing these filings will still remain
relatively small, though the need for assurance—from some source—on the appropriate utilization
of extensions may remain.
Academic Assurance Frameworks

In contrast to the decreasing cost of preparing the XBRL filings, the academic frameworks put
forward for assuring XBRL filings are becoming, depending on one’s point of view, either more
complete or more complex, but undoubtedly very time consuming and costly to implement.
Srivastava and Kogan (2010) develop a ‘‘conceptual framework of assertions for providing
assurance on XBRL instance documents.’’ They claim that violations of any of these assertions
‘‘will constitute errors in the XBRL instance documents.’’ Even the summary diagram as shown in
Figure 2 (source: Srivastava and Kogan 2010, 267) for their framework, let alone the lengthy
written explanation of each element in the diagram, indicates the complexity of their approach
toward assurance.
Boritz and No (2011) develop their own framework for assurance of XBRL-related documents,
as shown in Figure 3 (Boritz and No 2011, 31), and they claim that theirs is more thorough than that
of Srivastava and Kogan (2010): ‘‘Our model differs from the model developed by Srivastava and
Kogan in two ways. First, our model includes several additional components (e.g., internal control
and consistency) that were not addressed in their model. Second, our model identifies the audit tasks
that an auditor needs to perform to achieve the related audit objectives.’’
18
In a speech at the AAA Annual Meeting (2003), Colleen Cunningham, then the Chief Accountant at AT&T,
indicated that the legal department would never let her change anything on the financial statements (other than
numbers, etc.). The labels and level of details/aggregation were cast in concrete.
19
We thank Raj Srivastava for this argument.

Spring 2012
FIGURE 2
Srivastava and Kogan (2010) Conceptual Framework of Assertions for Providing Assurance
on XBRL Instance Documents
Neither Boritz and No (2011) nor Srivastava and Kogan (2010) discuss the effort required to
implement their frameworks or the costs of doing so. But some indication of the time needed can be
assessed by the earlier study of Boritz and No (2009) in which the authors ‘‘audited’’ the XBRL
filings of United Technologies Corporation to determine whether their ‘‘XBRL-Related Documents
were a complete and accurate reflection of its paper paradigm government filing.’’ Completeness
and accuracy are only one portion of the Boritz and No (2011) framework, but even that more
limited task took Boritz and No (2009) some 63 hours to complete (in other words, nearly eight full
working-days). Even then, the authors warned that the assurance provided was incomplete: ‘‘At the
end of the process, we had high assurance that the 10-Q XBRL Related Documents were a complete
and accurate reflection of UTC’s 10-Q. However, if we had to form a conclusion on the fairness of
the presentation in accordance with GAAP of the XBRL-Related Documents, we would be unable
to do so because there are no assurance standards or guidelines for making such an assessment for
various sections such as the MD&A, regulatory information, and the company’s taxonomy
extensions’’ (Boritz and No 2011, 65, emphasis in original). Presumably then, the time and cost of
implementing the complete Boritz and No (2011) framework, which extends far beyond the
completeness, accuracy, and fairness of the XBRL filings, would be significantly higher.
Draft AICPA Proposed Principles and Criteria for XBRL-Formatted Information

The AICPA’s XBRL Assurance Task Force published an exposure draft of their Proposed
XBRL Principles and Criteria for XBRL-Formatted Information on June 1, 2011 (AICPA 2011),
which states that: ‘‘The AICPA Assurance Services Executive Committee (ASEC) has developed a
set of principles and criteria for preparers, reviewers, and practitioners to use in evaluating the

Spring 2012
114 Alles and Gray
FIGURE 3
Boritz and No (2011) Framework for Assurance of XBRL-Related Documents
completeness, mapping, accuracy, and structure of information formatted in eXtensible Business

Reporting Language (XBRL) (XBRL principles and criteria).’’20 Although the AICPA document
does not cite other materials (in particular, the academic literature discussed above), in many ways
the scope of the document parallels the frameworks of Boritz and No (2011) and Srivastava and
Kogan (2010). The exposure draft is organized around four principles (AICPA 2011, 9):
a. Completeness—All required information is formatted at the required levels as defined by the
entity’s reporting environment. Only permitted information selected by the entity is
included in the XBRL files;
b. Mapping—The elements selected are consistent with the meaning of the associated concepts
in the source information in accordance with the requirements of the entity’s reporting
environment;
c. Accuracy—The amounts, dates, other attributes (for example, monetary units), and
relationships (order and calculations) in the instance document and related files are consistent
with the source information in accordance with the requirements of the entity’s reporting
environment; and
20
Available at: http://www.aicpa.org/InterestAreas/AccountingAndAuditing/Resources/XBRL/Pages/
ExposureDraft-XBRLPrinciplesandCriteria.aspx

Spring 2012
d. Structure—XBRL files are structured in accordance with the requirements of the entity’s
reporting environment.
Under these principles, the document lists a total of 24 specific criteria: two for completeness,
eight for mapping, nine for accuracy, and five for structure. Appendix B then maps detailed SEC
filing requirements from the EDGAR Filer Manual and other SEC documents to the principles and
criteria. While the word ‘‘cost’’ never appears in the AICPA exposure draft, there is no reason to
believe that implementing it would be any less onerous than the frameworks of Boritz and No
(2011) or Srivastava and Kogan (2010).
It is important to note that this paper is not arguing that the academic frameworks or the
AICPA’s proposed principles and criteria are not appropriate or useful, and this paper accepts the
arguments of these authors that a comprehensive approach is needed if assurance services on XBRL
filings are to meet the same high standards expected of financial statement audits. Rather, what this
paper draws attention to is the disparity between the potential costs of implementing ever more
demanding frameworks for XBRL assurance services and the ever decreasing cost of preparing
XBRL filings, which in turn is likely to be a major source of controversy as assurance standards are
developed.
Behavioral Considerations
In theory, the decision on whether to utilize an external auditor for assuring a company’s
XBRL filing is a function of the costs of that assurance compared against the tangible and intangible
future benefits of that assurance, such as decreased risks of litigation or reputational damage arising
from a faulty filing. As such, the costs of preparing the XBRL filings are a sunk cost and should be
irrelevant to this decision.
So, why does this paper consider preparation costs central in our relative cost argument?
Whatever normative theory may say, in practice, managers will generally be willing to spend only a
fraction of the original preparation cost on assurance, especially since the dollar value of avoided
litigation or reputation damage is difficult to quantify. The paper considers it unlikely that the
decision making process for external assurance of XBRL filings could escape similar constraints on
how much users will be willing to pay for it. This is particularly the case when, as yet, there is no
indication of the cost of not getting assurance on XBRL filings. While that cost—the same as the
benefit of XBRL assurance—need not have any relation to the cost of preparation, it is
commonplace that when there is uncertainty as to benefits, they are perceived as being proportional
to costs, which results in a relative cost decision model: if assurance costs too much, it becomes
hard to justify such an additional expense; on the other hand, if assurance is inexpensive, its benefits
may be perceived as correspondingly low. Indeed, many people perceive the benefits obtained from
or quality of a product that they are unfamiliar with (wine, antiques, electronics) by their purchase
price (‘‘Good things are not cheap; cheap things are not good’’). There is considerable research
literature in economics and marketing documenting this phenomenon (summarized by Rao and
Monroe [1988]; see also the seminal paper by Scitovszky [1945]).21
21
The declining relative cost of XBRL preparation will also impact the decision on XBRL assurance through the
way in which decisions are made within all but the smallest companies in practice: by having thresholds for
authorization, with only those expenses over a certain (large) limit being referred to the most senior management.
With the cost of XBRL preparation already measured in the tens of thousands of dollars (rather than millions),
once the filing itself reaches a steady state with the novelty and risks of the first few years’ filing behind them,
will C-level management of Fortune 500 companies really pay attention to an activity with such a relatively small
cost? And if they do not, will the lower-level managers then placed in charge of the process be willing to spend a
relatively large amount of money on obtaining XBRL assurance on their own authority?

Spring 2012
116 Alles and Gray
Lessons from Agreed Upon Procedures

There is a need to reconcile these two seemingly diametrically opposed forces, of decreasing
XBRL preparation costs accompanied by ever-stringent demands for XBRL assurance to be ‘‘done
right.’’ The solution is that either the cost of assurance has to fall in line with the cost of preparing
XBRL filings, or else the level or scope of assurance has to be constrained.
In the latter case, assurance will be much less comprehensive than the research literature
proposes, something akin to the typical agreed upon procedures, performed under SOP No. 09-1
(Performing Agreed-Upon Procedures Engagements That Address the Completeness, Accuracy, or
Consistency of XBRL-Tagged Data), as well as under SAS No. 75.22 Under SAS No. 75, the auditor
and the specified users agree on procedures to be performed under the AUP, and the users take
responsibility for the sufficiency of the procedures for their purposes.23 As discussed above, when
performing AUPs, the auditor provides no opinion, certification, or assurance that the assertions being
made in the XBRL filing are free from material misstatement. The users of reports based on AUPs
must draw their own conclusions on the results of the tests reported. Audit firms have offered such
services for XBRL filings, but it would appear that there has been, thus far, little demand for them.
But relative to the preparation costs shown in Table 2, the costs of even the more limited AUPs
are high. According to private discussions between the authors and Big 4 auditors, the average cost
of such AUPs that have been conducted is about $25,000. Dan Roberts, past chairman of the XBRL
U.S. steering committee, put the cost higher:
Current ranges for non-detail tagged ‘‘Agreed upon Procedures’’ engagements are running
anywhere from $25,000 to $50,000 per, with anecdotal evidence that the base price is
moving upward pretty quickly. I fully expect that number to increase dramatically for
detail tagged XBRL.24
Matthew Slavin from Ernst & Young provided an estimate of the audit effort needed to conduct
an AUP in the first two years of the XBRL filing mandate that would imply an even greater cost:25
Typical year one engagement takes two–three elapsed weeks and ranges from 80–120 hours.
Typical year two engagement (detailed footnote tagging) takes four–five elapsed weeks and
ranges from 250–400 hours.
Using the $250 hourly rate used by the SEC in their cost calculations (in Table 2) would thus
imply AUP costs ranging from $20,000–$30,000 in the first year and $62,500–$100,000 in the
second year, numbers which need to be contrasted against the preparation costs shown in Table 2.
In relation to our relative cost framework, these costs of AUPs are important for they define a lower
bound for the cost of the more comprehensive—and, hence, presumably even more costly—
assurance services provided by an external auditor.
Implications of Changes in Safe Harbor Provisions

Finally, auditors currently face no liability for XBRL filings made by their clients, and those
clients themselves enjoy a safe harbor for those filings for the first two filing years.26 What does our
22
Available at: http://www.cpa2biz.chttp://www.cpa2biz.com/AST/Main/CPA2BIZ_Primary/Accounting/
Standards/AICPASOPsAccounting/PRDOVR ; PC-014947/PC-014947.jsp
23
http://www.nysscpa.org/cpajournal/1996/JAN96/f160196.htm
24
Available at: http://www.raasconsulting.blogspot.com/
25
Speaking at the 5th KU XBRL Conference, April 2011.
26
‘‘There is no additional basis for auditor liability based on data tagging. Also, an auditor will not be required to
apply AU Sections 550, 711 or 722 to interactive data provided in an exhibit or to the related viewable interactive
data.’’ SEC (2009, 94).

Spring 2012
relative cost framework predict will happen when that safe harbor expires?27 On the one hand, the
threat of litigation might make filers seek higher levels of confidence in their XBRL filings,
including through greater demand for AUPs and assurance services. On the other hand, once the
safe harbor is removed, external auditors will have to price into their products an insurance
component to compensate for being perceived as a target by potential litigants. It is unlikely that
audit firms will offer any service for as little as $25,000 if they risk being sued as a result.
An additional insurance cost may possibly be avoidable with AUPs with their explicit
disowning of assurance, but that also makes AUPs less desirable as far as XBRL filers are
concerned. On the other hand, adding an insurance premium to the cost of external assurance
services will lead to a greater divergence in relative costs between preparation and assurance.
It should also be kept in mind that there are numerous instances where businesses face liability
but do not respond by seeking external assurance—product liability being the most obvious
example. In the absence of a mandate, external auditors are just one provider of confidence out of
many, including internal sources such as investments in product quality, as discussed below. Thus,
even if the elimination of the safe harbor provision increases the concerns of management about
their XBRL filings, that does not guarantee a role for external assurance, for demand for the latter
will still depend on relative cost of that particular source of confidence.
The accelerated filers (approximately 500 companies) that originally started XBRL filings in
2009 are coming off the modified liability provisions for new filings after June 2011. Because safe
harbors end with the first filing after June 2011, it would most likely apply to filings dated
September 30, 2011, and actually filed up to 60 days after that date. Because the first non-safe
harbor filings occurred in November 2011, there is currently little actual evidence as to the impact
of this change. With that said, based on informal discussions with members of the XBRL
community, it appears that there was not a sudden spike in assurance or AUP activities for these
filers.
IV. THE EXTERNAL COST RELATIVE TO INTERNAL COST COMPARISON

As shown in Figure 1, determining the relative utilizations by management of the XBRL filer
of the various providers of confidence in the filings, and particularly, whether to purchase external
assurance services is a multi-dimensional decision. Figure 4 illustrates the various elements of the
decision framework. The numbers and thresholds are shown for illustrative purposes and will
obviously vary across XBRL filers and audit firms.
The key points illustrated in Figure 4 are:
1. The cost to the external auditor of providing a level of confidence exhibits decreasing
returns to scale, meaning, for example, that the incremental cost of going from the 80
percent to the 90 percent level of confidence is higher than going from 70 percent to 80
percent.
2. The benefit to the management of the filer of obtaining a level of confidence exhibits
decreasing marginal returns, meaning, for example, that the incremental benefit obtained
from going from the 80 percent to the 90 percent level of confidence is less than that
obtained when going from 70 percent to 80 percent.
3. At some level of confidence, the cost and benefit curves would intersect beyond which the
incremental costs of obtaining further confidence would be greater than the incremental
benefits received by management from that additional confidence, and it would not make
27
Safe harbors expire ‘‘within 24 months of the time the filer first is required to submit interactive data files but no
later than October 31, 2014’’ SEC (2009, 26).

Spring 2012
118 Alles and Gray
FIGURE 4
The Discretionary Decision Space for XBRL Assurance Services at the Beginning of the
Filing Mandate
economic sense for managers to continue to spend money to obtain external assurance of
their XBRL filings.
4. There is some internal level of confidence threshold that management obtains without the
additional assurance provided by an external auditor. This is the essence of the external cost
relative to internal cost comparison.
5. There may also be a threshold minimum project size (in terms of fees that can be charged to
the client) that the accounting firm is willing to take on.
6. On the other hand, there is a threshold fee resistance frontier that is the upper limit the client
would be willing to pay for assurance services. Based on the external cost relative to
preparation cost comparison, there is going to be considerable resistance by management to
paying assurance fees that exceed their cost to prepare the XBRL filings.
7. Taken together, these various functions and constraints determine the ‘‘Discretionary
Decision Space’’ only within which management would feel it worthwhile to employ an
external auditor to provide assurance on their XBRL filings. Pricing assurance services
outside of this space would be unsatisfactory to either management (if priced too high) or
the accounting firm (if priced too low).
Moreover, the importance of this perspective is to illustrate further that no matter what the
exact numbers, shape of curves, thresholds, and the discretionary decision space are for a specific
XBRL filer, all of these parameters would be expected to change over time such that the
discretionary decision space would shrink in size, as shown in Figure 5.

Spring 2012
FIGURE 5
The Discretionary Decision Space for XBRL Assurance Services Once Steady State Is
Attained
As the company personnel and the filing agents move along the learning curve and reduce the
errors and mistakes identified in prior filings, the confidence obtainable from these internal sources
will shift to the right (4) reflecting the increase in confidence by management and the board in the
company’s XBRL filing even without assurance provided by an external auditor. In addition, the
fee resistance frontier threshold is going to make a major shift down in the third and subsequent
SEC filing years (6) when the company filing process achieves a steady-state, template-based
condition, and hence the cost of preparation falls even further relative to the cost of assuring it by
using an external auditor. Using the Microsoft numbers presented earlier, that fee resistance frontier
would move from $100,000 to insignificant.
As discussed above, another possibility is that as the safe harbor provision expires, the demand
for external assurance of XBRL filings will increase due to the insurance hypothesis put forward by
Wallace (1980). That would be reflected in our framework by a shift upward in the benefits curve.
At the same time, the cost curve would also shift upward as the audit firm incorporated an insurance
premium in their audit fee for XBRL assurance. It is an interesting empirical question as to what
will happen to the fee resistance frontier and how the dimensions of the economically feasible space
for external assurance of XBRL filings will change as a consequence of these dynamics, but as our
framework shows, the main point is that there is such a space, meaning that the role of an external
auditor will remain subject to the cost/benefit considerations discussed in this paper.
In short, the external cost relative to internal cost comparison will increasingly reduce the
discretionary decision space within which the purchase of assurance for XBRL filings becomes
feasible. This is similar to the way in which the external cost relative to preparation cost comparison

Spring 2012
120 Alles and Gray
works against the use of an external source of confidence in XBRL filings as the cost of preparation
and the cost of external assurance of XBRL filings diverge.
Both relative cost comparisons lead to the same conclusion that the demand for assurance of
XBRL filings using an external auditor is not guaranteed and is difficult to sustain without major
adjustments to the relative cost of obtaining that assurance. Based on that outcome of our
framework, the following section now turns to predictions for how the market will react in response
to these relative cost forces.
V. PREDICTIONS FROM THE RELATIVE COST FRAMEWORK

Both relative cost comparisons imply that the type of comprehensive XBRL assurance
proposed in the academic and practitioner literature will be difficult to make a market reality.
Reducing the scope of assurance is one alternative, but that will be difficult, especially since as the
cost of preparation continues to fall and the capabilities of internal confidence providers rise, the
cost of providing even that limited external XBRL assurance will have to continue to spiral
downwards. But this outcome assumes that market forces will not induce participants—particularly
the external auditors seeking new products to sell—to react in ways that will restore the
competitiveness of external assurance of XBRL filings.
Our framework allows us to make predictions on how the market will evolve in order that the
relative cost disadvantage of external auditing can be reduced. If external auditors are to secure a
role in providing confidence in XBRL filings, they have to overcome the problem that the relative
cost of the product they offer—be it an agreed upon procedures engagement or a full-blown
assurance service that meets the standards of Srivastava and Kogan (2010) and Boritz and No
(2011, 2009)—is too high relative to either the preparation cost or the cost of alternative providers
of confidence. Hence, there are two possible responses:
1. Either the cost of external assurance has to actually fall, or else
2. The salience of that external cost in the manager’s decision-making process has to be
reduced, thus making the cost of external assurance appear relatively less significant.
Folding XBRL Assurance into the Audit Engagement

Is it possible for the impact of the cost of external assurance of XBRL filings in management
decision making to be reduced even if its actual cost remains the same? It is, because the external
auditor is in the favorable position of already offering a product to the XBRL filer with a guaranteed
demand: the mandated audit of the financial statements. That gives the external auditor the
opportunity to reframe the discussion from ‘‘how much does assurance of XBRL filings cost relative
to the cost of preparing XBRL filings and/or the cost of obtaining confidence in those filings through
an alternative means’’ to ‘‘how much more will it cost the company to obtain assurance of its XBRL
filings relative to what it is already paying in fees for the financial statement audit.’’
Significantly, this is still a relative cost argument, but one that is much more favorable to the
external auditor. Essentially, while the numerator remains the same, the denominator in the relative
cost comparison is being shifted from the internal costs to prepare the XBRL filing (assurance cost
4 preparation cost) to the much larger total cost billed by the external auditor to conduct the
financial statement audit (assurance cost 4 financial statement audit cost), thus reducing the
resulting relative cost ratio.
The strength of the predictions in this paper can be gauged by the fact that the audit firms are
already making this very argument with respect to AUPs, which are themselves relatively expensive
compared to the filer’s other XBRL-related costs. For example, Paul Penler of Ernst & Young
recently indicated with respect to the cost of XBRL filing assurance that ‘‘with the average audit fee

Spring 2012
being approximately $2 million, another $25,000–$50,000 is just another one or two percent
increase in costs.’’28 Daniel Roberts, former Chairman of the XBRL U.S. Steering Committee,
made a similar argument when he stated that the cost of the AUPs is ‘‘[very insignificant] to a top
500 company already paying millions for their audit.’’29
Changing the conversation this way for assurance services may well work for the external
auditor, at least as far as large clients with audit fees sufficiently greater that the cost of the XBRL
assurance service, which would not be noticeable when it is folded into the audit fees. But the
success of such a strategy depends critically on whether the client indeed sees the audit of the
financial statements and the assurance of the XBRL filings as a joint product that should be
combined, which is a hard argument to make when only the audit is mandated. It is akin, perhaps, to
selling an extended warranty on a consumer product or new car: it works sometimes, but not all the
time and not with all consumers, and still depends critically on keeping the relative costs, however
they are measured, in check. Moreover, this tactic is far harder to apply to smaller filers with their
lower financial statement audit fees. Finally, if one believes in market forces, a strategy of changing
the perspective of cost comparisons rather than reducing fees is hard to sustain in the long run,
especially in the absence of a mandated demand for the product.
Shifting External Assurance Costs from a Variable to a Fixed Cost

The alternate prediction of the relative-cost framework is that in response to unfavorable
relative cost comparisons, costs for obtaining external assurance for XBRL filings would actually
have to fall. The best outcome in that regard is to attain full XBRL assurance but in a way that
respects both relative cost comparisons. Like modern financial statement auditing, XBRL assurance
needs to shift to providing assurance that the process that produces the XBRL instance documents
is producing high quality XBRL filings. Just as each subsequent year’s XBRL document is
essentially an incremental change to the prior year’s document, once the process has been assured,
then in each subsequent year a brief review of the process and procedures may be adequate to
provide an appropriate level of assurance.
Currently, almost all XBRL documents are prepared in a bolt-on approach, reflecting the after-
the-fact nature of the filing where the traditional financial statements are first prepared and then
those documents are given to someone in-house or outside to independently prepare the XBRL
documents. Eventually, the next generations of ERP and accounting software will integrate XBRL
document generation into the software. As these software modifications appear in future, then
XBRL filing assurance can also shift to these packages.
In summary, to the extent possible, externally provided XBRL assurance has to adopt a similar
model to modern financial auditing. If XBRL assurance is important, then that assurance has to shift
from being provided on each XBRL filing, and instead, to focus on the mechanism that converts the
paper financial statement into an XBRL filing. Currently, that means either the company’s own staff
utilizing XBRL preparation software or the outsourcing of the filing preparation and submission to
a financial printer or other filing agent.
On the former point, there is evidence that some larger companies have been moving their
outsourced XBRL-filing activities in-house to prepare their second-year (detailed) XBRL tagging as
they gain confidence in the software, which enables them to tag and post their own filings. Figure 6
28
Stated at the 5th KU XBRL Conference, April 2011. In fact, actual audit costs are somewhat higher than the
number cited: ‘‘Publicly held companies paid an average of $3.3 million in audit fees in 2010, a slight 2 percent
rise over the prior year, while public company audits averaged 12,540 hours, roughly the same as the year-ago
period’’ Carlino (2011).
29
Available at: http://raasconsulting.blogspot.com/2011/05/putting-price-on-xbrl-for-american.html

Spring 2012
122 Alles and Gray
FIGURE 6
U.S. Registrants Using Built-In Solutions
shows the number of companies using built-in solutions to prepare their XBRL filings. These are
primarily accelerated filers (approximately 2,100 companies).30
An alternative means of obtaining confidence in XBRL findings at relatively lower cost is
through shifting the XBRL filing preparation from inside the company to a preparer outside it,
which is certified by an external auditor through an assurance service as following appropriate
guidelines for the XBRL conversion. These guidelines may well be based on the frameworks
proposed in the research literature for XBRL filing assurance. The key is that, by providing
assurance on the conversion process followed by a preparer rather than on individual filings, the
expense of the assurance service becomes a fixed cost that can be spread among many filers and
their XBRL filings, thus satisfying the relative cost criteria. This alternative may well appeal to
smaller filers who are less confident about their ability to use in-house software solutions or wish to
avoid the startup cost and ongoing demands on staff.
Providing assurance on the process used by the filing agent is analogous to obtaining ISO
certification, such as the ISO 9000 certificates that organizations obtained when Total Quality
Control was driving business practices globally, or ISO 14000 for environmental management.31
For certification to work, there has to be consistency in the way in which the XBRL conversion is
undertaken. This means that the filing agents have to follow a standardized set of procedures,
including, most critically, for selection of tags and extensions.
SAS No. 70/SSAE No. 16

Research is needed on how frameworks such as those proposed by Srivastava and Kogan
(2010) or Boritz and No (2011) can be modified to shift their focus from the XBRL filings to the
process that gives rise to those filings, thus providing a standard that can be followed by XBRL
filing agents. Whatever assurance framework is utilized, there is already a regulatory system in
place that allows an external auditor to provide assurance on the XBRL filing agent: the Service
30
Data from XBRL Cloud (https://www.edgardashboard.xbrlcloud.com/edgar-dashboard/dashboard.do).
31
Available at: http://www.iso.org/iso/about/discover-iso_whats-different-about-iso-9001-and-iso-14001.htm

Spring 2012
Organization Controls Reports issued under SSAE No. 16 (Reporting on Controls at a Service
Organization), which on June 15, 2011, replaced SAS No. 70 (Service Organizations).32
SAS No. 70 was promulgated in 1992 to help auditors deal with clients that had begun to
outsource important business functions to service organizations, such as data centers or data
processing firms. Clearly the way in which those service organizations conducted their outsourced
activities impacted the client’s audited financial statements, which meant that the client’s auditor
had to pay attention to the service organization. The problem is that service organizations typically
have many different companies as clients, and the auditors of each of them require assurance that
the service organization has proper internal controls over the way in which it is performing
contracted services. That assurance can only be obtained by examining the processes and controls
of the service organization in detail, but it is obviously impractical and too costly for the auditor of
each and every client to audit the service organization separately. Hence, the intention of SAS No.
70, and now of SSAE No. 16, is to obtain returns to scale by having the service organization itself
commission a report from an auditor as to the presence and effectiveness of controls on its
processes, a report which can then be shared with the auditors of all its clients.
There is an obvious parallel between the context of SSAE No. 16/SAS No. 70 and the situation
of a firm that outsources its XBRL filing preparation and submission to a filing agent. If the XBRL
filer can obtain assurance as to its conversion process, then that will go a long way toward
providing managers with the external confidence they need as to their company’s XBRL filings. Of
course, the level of confidence will in all likelihood not reach 100 percent of the level of assurance
that can be obtained from assuring the filing itself, just as a test of controls is not a substitute for a
test of detail. But as Figures 4 and 5 indicate, all a manager wants is to obtain enough confidence to
attain the discretionary decision space, and there is a clear trade-off between the cost of assurance
and its effectiveness.
SOC 1 Report
We envisage XBRL filing agents commissioning a SOC 1 Report, which is a Report on Controls
at a Service Organization Relevant to User Entities’ Internal Control over Financial Reporting. As
stated by the AICPA, ‘‘SOC 1 engagements are performed in accordance with Statement on
Standards for Attestation Engagements (SSAE) 16, Reporting on Controls at a Service Organization.
SOC 1 reports focus solely on controls at a service organization that are likely to be relevant to an
audit of a user entity’s financial statements. SOC 2 and SOC 3 engagements address controls at the
service organization that relate to operations and compliance.’’33 Given the specific situation, in
terms of the mix of players (company personnel, filing agents, etc.) and the assigned responsibilities,
some aspects of SOC2 and SOC3 may also be applicable.
Apart from specifying SOC 1, 2, and 3 reports, SSAE No. 16 also introduces Type 1 and Type
2 engagement reports for each SOC report:34
Type 1—report on the fairness of the presentation of management’s description of the
service organization’s system and the suitability of the design of the controls to achieve the
related control objectives included in the description as of a specified date.
Type 2—report on the fairness of the presentation of management’s description of the
service organization’s system and the suitability of the design and operating effectiveness of
32
http://www.aicpa.org/InterestAreas/AccountingAndAuditing/Resources/SOC/Pages/SORHome.aspx
33
Available at: http://www.aicpa.ohttp://www.aicpa.org/InterestAreas/InformationTechnology/Resources/
TrustServices/DownloadableDocuments/10957-378%20SOC%20Whitepaper.pdf
34
Available at: http://www.aicpa.org/InterestAreas/AccountingAndAuditing/Resources/SOC/Pages/
AICPASOC1Report.aspx

Spring 2012
124 Alles and Gray
the controls to achieve the related control objectives included in the description throughout a
specified period.
The difference between a Type 1 and a Type 2 report depends on whether the auditor simply
verifies that the service organization has controls over its processes or whether the auditor also
verifies that those controls are, in fact, working effectively. A Type 1 report is analogous to a
company obtaining ISO 9000 certification, although the AICPA makes it clear that a service
organization cannot claim to be ‘‘SAS 70/SSAE 16 certified.’’ However, as far as XBRL assurance
is concerned, a Type 2 report is more consistent with the frameworks of Srivastava and Kogan
(2010) or Boritz and No (2011). The imperatives of both absolute and relative assurance cost will
determine the exact form of assurance that would be optimal for an XBRL filer to obtain. But the
main point this paper makes is that shifting assurance from filing to filer prevents relative cost
comparisons from making externally provided XBRL filing assurance economically infeasible in
the first place.
This section concludes by pointing out that there is a variant of this strategy, of converting the
variable cost of external assurance of XBRL filings into a fixed cost, which can be utilized by filers
that prepare their own filings as opposed to hiring a filing agent. What these filers can do is hire an
external auditor to undertake an agreed upon procedure the first time they file, with the emphasis
not on just obtaining confidence on that year’s filings, but also on using the external auditor to help
improve the filer’s own processes for preparing and reviewing those filings. Effectively, the auditor
is being used as much as a provider of advisory services as of assurance, but the key is that the
external auditor is only employed once. Once the firm has improved its own processes, it obtains its
required confidence internally without having to pay a yearly cost for external assurance.
VI. CONCLUSION
The analysis in this paper of the relative cost comparisons that impact the decision of
management about the provider of confidence on their company’s XBRL filings raises issues
regarding the economic feasibility of using an external auditor that would provide independent
assurance at the level proposed in the research literature. However, this is not an all-or-nothing
situation; instead, future research needs to focus on rank-ordering or prioritizing the assurance
components contained in the research frameworks on XBRL assurance in light of different
characteristics of companies and the various sources from which confidence can be obtained, as
shown in Figure 1. One question is how the ranking of the components of assurance would change
if the company used a filing agent to prepare the XBRL filing versus preparing the XBRL filing
completely in-house. As to what will happen when safe harbor provisions expire, that will become
evident in the near future.
If the SEC’s future rules mandate a scope of XBRL assurance similar to the comprehensive
frameworks of Srivastava and Kogan (2010), Boritz and No (2011), and AICPA (2011), that may
push the assurance cost well outside of the discretionary decision space; the SEC will then receive a
tremendous level of negative feedback from filers. As such, it is hard to imagine that the SEC will
mandate a broad scope of assurance requirements; instead, the SEC rules will probably be more
principles based, providing broad guidelines and leaving much discretion to the external auditors to
design their assurance plans specific to each client. One imagines that the lessons were learned from
the implementation of Section 404 of the Sarbanes-Oxley Act, when the original highly prescriptive
Auditing Standard No. 2 (AS 2), promulgated by the PCAOB, resulted in very large
implementation costs, and which was subsequently replaced by the more principles based AS 5
standard, which also shifted some of the work from the external to the internal auditor.
The SEC itself, in its final ruling mandating XBRL filings, raised another possibility about how
external auditors might impact the process:

Spring 2012
As the technology associated with interactive data improves, issuers may integrate
interactive data technology into their business information processing, and such
integration may have implications regarding internal control over financial reporting no
different than any other controls or procedures related to the preparation of financial
statements. If this integration occurs, the preparation of financial statements may become
interdependent with the interactive data tagging process and an issuer and its auditor
should evaluate these changes in the context of their reporting on internal control over
financial reporting.35
But having raised this possibility, which seemingly implies that external assurance of XBRL filings
may become mandated as part of the Sarbanes-Oxley Section 404 attestation engagement, the SEC
backs off by re-emphasizing that such assurance is not required:
However, this evaluation is separate from the preparation and submission of the interactive
data file, and as such the results of the evaluation would not require management to assess
or an auditor to separately report on the issuer’s interactive data file provided as an exhibit
to a filer’s reports or registration statements.36
There is clearly an inconsistency here that may well be resolved in such a way that would bring
about a guaranteed place for the external auditor in the XBRL assurance process, although, of
course, one may well question how long it will be before ‘‘issuers . . . integrate interactive data
technology into their business information processing.’’
Finally, what happens if the XBRL filing becomes the actual SEC filing, as opposed to being a
supplement to the ‘‘official’’ SEC filing? This has already happened in some XBRL jurisdictions,
and many in the XBRL community expect this change to eventually happen in the U.S. The exact
impact of this change is hard to predict. On the one hand, if the XBRL filing becomes the official
filing, the filer’s and auditor’s self-interest in ensuring and assuring that there are no material errors
in the XBRL filing increases. On the other hand, many of the current assurance components in the
Srivastava and Kogan (2010) and Boritz and No (2011) frameworks relate to comparing the official
source document to the XBRL filing. These audit tasks, and their associated costs, essentially go
away if the XBRL filing becomes the source document.
Regardless of what happens, however, as far as mandates and assurance frameworks are
concerned, the bottom line is that any XBRL assurance regime cannot function if it does not take
into account the relative costs of obtaining that confidence.
REFERENCES
American Institute of Certified Public Accountants (AICPA). 2002. Third-Party Assurance and
Considerations Regarding XBRL Instance Documents of Audited Financial Statements. Discussion
Document. December. New York, NY: AICPA.
American Institute of Certified Public Accountants (AICPA). 2011. Proposed XBRL Principles and Criteria
for XBRL-Formatted Information. Exposure Draft. June. New York, NY: AICPA.
Bartley, J., Y. S. Al Chen, and E. Taylor. 2010. Avoiding common errors of XBRL implementation.
Journal of Accountancy (February). Available at: http://www.journalofaccountancy.com/Issues/
2010/Feb/20092058.htm
Boritz, J., and W. No. 2008. The SEC’s XBRL voluntary filing program on EDGAR: A case for quality
assurance. Current Issues in Auditing 2: A36–A50.
35
SEC (2009, 99–100).
36
SEC (2009, 100).

Spring 2012
126 Alles and Gray
Boritz, J., and W. No. 2009. Assurance on XBRL-related documents: The case of United Technologies
Corporation. Journal of Information Systems 23 (2): 49–78.
Boritz, J., and W. No. 2011. Computer-Assisted Functions for Auditing XBRL-Related Documents. Working
paper, Iowa State University.
Carlino, B. 2011. FEI survey: Little change in audit fees, hours. Accounting Today (June 9).
Center for Audit Quality (CAQ). 2009. Potential Audit Firm Service Implications Raised by the SEC Final
Rule on XBRL. CAQ Alert #2009-55. June 1. Available at: http://www.thecaq.org/members/alerts/
CAQAlert2009_55_06012009.pdf
Debreceny, R., S. Farewell, M. Piechocki, C. Felden, and A. Gräning. 2010. Does it add up? Early evidence
on the data quality of XBRL filings to the SEC. Journal of Accounting and Public Policy 29 (3): 296–
306.
Niemi, L., J. Kinnunen, H. Ojala, and P. Troberg. 2012. Drivers of voluntary audit in Finland: To audit or
not to audit? Accounting and Business Research 42 (forthcoming).
Plumlee, R. D., and M. A. Plumlee. 2008. Assurance on XBRL for financial reporting. Accounting.
Accounting Horizons 22 (3): 353–368.
Public Company Accounting Oversight Board (PCAOB). 2005. Attest Engagements Regarding XBRL
Financial Information Furnished under the XBRL Voluntary Financial Reporting Program on the
EDGAR System. May 25. Available at: www.pcaob.org/Standards/QandA/05-25-2005.pdf
Rao, R. A., and K. B. Monroe. 1988. The moderating effect of prior knowledge on cue utilization in product
evaluations. Journal of Consumer Research 15 (September): 253–264.
Scitovszky, T. 1945. Some consequences of the habit of judging quality by price. The Review of Economic
Studies 12 (32): 100–105.
Securities and Exchange Commission (SEC). 2009. Interactive data to improve financial reporting.
Available at: http://www.sec.gov/rules/final/2009/33-9002.pdf
Srivastava, R., and A. Kogan. 2010. Assurance on XBRL instance document: A conceptual model of
assertions. International Journal of Accounting Information Systems 11: 261–273.
Trites, G. 2005. Audit & Control Implications of XBRL. The Canadian Institute of Chartered Accountants
(CICA). December. Toronto, Canada: CICA.
Trites, G. 2006. Interactive Data: The Impact on Assurance. Assurance Working Group of XBRL
International. November. Working paper available at: http://www.xbrl.org/Announcements/
Interactive-Data-Assurance-2006-11-10.pdf.
Wallace, W. 1980. The Economic Role of the Audit in Free and Regulated Markets. New York, NY: Touche
Ross, Aid to Education Program.

Spring 2012
Copyright of Journal of Information Systems is the property of American Accounting Association and its
content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's
express written permission. However, users may print, download, or email articles for individual use.

Alles and Gray 2012 ABS 1 XBRL Auditing

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Alles and Gray 2012 ABS 1 XBRL Auditing

Uploaded by

Copyright:

Available Formats

JOURNAL OF INFORMATION SYSTEMS American Accounting Association

Vol. 26, No. 1 DOI: 10.2308/isys-10248

A Relative Cost Framework of Demand for

Published Online: February 2012

Journal of Information Systems

Journal of Information Systems

II. THE DEMAND FOR NON-MANDATED EXTERNAL ASSURANCE SERVICES FOR

Journal of Information Systems

Multiple Confidence Providers

Journal of Information Systems

Evolution of XBRL Assurance

Journal of Information Systems

Included in XBRL Instance Documents (AT 9101.47-0.54) to provide guidance to accountants

Journal of Information Systems

Journal of Information Systems

III. THE EXTERNAL COST RELATIVE TO PREPARATION COST COMPARISON

Journal of Information Systems

Academic Assurance Frameworks

Journal of Information Systems

Draft AICPA Proposed Principles and Criteria for XBRL-Formatted Information

Journal of Information Systems

completeness, mapping, accuracy, and structure of information formatted in eXtensible Business

Journal of Information Systems

Journal of Information Systems

Lessons from Agreed Upon Procedures

Implications of Changes in Safe Harbor Provisions

Journal of Information Systems

IV. THE EXTERNAL COST RELATIVE TO INTERNAL COST COMPARISON

Journal of Information Systems

Journal of Information Systems

Journal of Information Systems

V. PREDICTIONS FROM THE RELATIVE COST FRAMEWORK

Folding XBRL Assurance into the Audit Engagement

Journal of Information Systems

Shifting External Assurance Costs from a Variable to a Fixed Cost

Journal of Information Systems

SAS No. 70/SSAE No. 16

Journal of Information Systems

Journal of Information Systems

Journal of Information Systems

Journal of Information Systems

Journal of Information Systems

You might also like