IFR has been the subject of many academic (e.g. Lymer & Tallberg 1997, Ashbaugh, Johnstone, and Warfield 1999; Ettredge, Richardson, and Scholz 1999) and professional studies by Canadian (Trites 1999), US (FASB 2000) and international (IASC 1999) accounting organizations. These reports show that more than two thirds of large corporations based in countries that have developed securities markets make some form of IFR. In markets such as the USA, UK, Australia, Canada and Hong Kong effectively all major corporations now make such disclosures (Allam & Lymer 2002).
Insert table 1 about here While these studies show that corporations have rapidly adopted IFR, they also show that extent to which the audit report was displayed on a corporation’s Website varied considerably. The audit report was rarely fully associated with the full annual reports to which it related. Table 2 , drawn from IASC (1999) and Allam & Lymer (2002) illustrates this point.
Insert Table 2 about here.
This position reflects little change from a study made in Europe in late 1998 by Debreceny and Gray (1999). Their study indicated that of the fifteen largest corporations in each of the UK, Germany and France (forty five in total), each of which already had a Website by that point, only ten provided their audit report online in any form. Not one firm linked back their audit report to the relevant auditors’ Website. Nor did any site provide any kind of signature on the document, even an image of the signature. Only four Websites had hyperlinks between the report and other parts of the financial displayed on their site. This indicates that the corporations did not place a high degree of emphasis on the role offered by these reports as value bearing documents.
Similarly in a study performed in the UK on the reporting of Internet-based interim, summary statements, highlights and preliminary information Hussey, Gulliford, and Lymer (Hussey, Gulliford, and Lymer 1998) found that the very few corporations provided any indication of the audited status of this information, as required for example, by the relevant ASB guidance on Preliminary Statements at the time. For example, the study revealed that only 27% of top 100 UK corporations provided audit reports or statement about the audited nature of the information on their Website related to interim statements, although they all were providing these statements themselves online. This study also highlighted the concerns over the provision of incomplete annual reports data with, and without, audit reports.
The IASC study (1999 – using early 1999 data across 22 countries) found only 36% of companies surveyed provided auditor reports. The FASB survey of US companies in late 1999 (FASB 2000) suggested 35% of their sample did not provide reports at the time, 19% providing unsigned versions of audit reports and the remaining 46% providing signed reports as would be expected to be associated with paper versions of the annual reports.
The most recent review available of audit report use in association with online financial data (Allam & Lymer, 2002) suggests much greater availability of audit reports is now the case (see Table 2 for country specific details). They report 96.4% of companies across heir sample of 250 companies provide such data (maximum 100% availability in Canada to a low of a respectable 89.8% in Hong Kong). Of these, however, 44.6% of the sample still provided unsigned reports (although the name of the auditor or auditing firm was usually present).1
The development of IFR creates, or at least brings into focus, a number of issues for the external audit function. This section reviews the important issues that are likely to result from IFR.
The scope of verification: Many authors highlight the change in roles that may be required of the external auditor as reporting activity moves from paper-based to online reporting (for example Wallman 1996; AICPA 1996; Wyatt 1997). These concerns are illustrated with the use of the diagram expressed in Figure below.
Insert Figure 1 about here.
This diagram illustrates the moving of a boundary of responsibility for verification from the existing focus on financial information expressed in accordance with accounting rules, to the need to address wider investor relations information available as contextual information to the financials.
In a paper-based reporting environment the extent to which auditors are required to specifically examine other information is limited to that produced as part of the package of the annual report (Debreceny and Gray 1999). As IFR are normally delivered as just one part of a corporate Website, there is much greater potential for misleading information to be presented alongside the financials for which the auditor is primarily responsible. The determination of the boundary of the external auditor’s responsibility may therefore become problematic. There will not necessarily be a clean line of demarcation as shown in Figure . This line may also be drawn in different places for different jurisdictions creating further confusion for the users of these accounts that may now access IFR from various jurisdictions.
Allam & Lymer (2002) discuss the latest techniques used by companies to provide this type of guidance to users of their information – ‘Inside Annual Report indicators (FASB 2000). They report 58% of their sample of 250 companies (top 50 from 5 sophisticated capital market countries) used some form of indication to remind users of the audited status of the information they were viewing.
Width of reviewed information: Current rules already require the auditor to review more information than is illustrated by the hashed area in Figure . For example in the UK context, requirements include examination of the Director’s Report, the Operating and Financial Review (OFR) now provided by many corporations as part of their annual reporting process (Arthur Andersen 2000). The further a user traverses the corporate Website from the IFR component, the less information displayed that is of a business reporting nature (with the associated clearer reporting restrictions). This creates a potentially misleading situation for the user of this data.
Depth of reviewed information: The depth to which data is audited has also been questioned within the context of the scope of verification (for example, Cushing 1989; IASC 1999). An online reporting environment may enable users to ‘drill down’ into reported data to remove layers of aggregation. If this facility is provided a point will soon be reached at which information could not be considered as audited as the traditional audit function will not be able to place acceptable levels of verification on such disaggregated data as part of the traditional audit engagement.2 This issue is perhaps the most hotly debated of those raised in this sections and the recent auditing guidance on the audit of the use of the Internet in business activity has much to say on this issue (e.g. IFAC 2001, AASB 2001).
Reporting Issues: A number of papers highlight specific issues of concern in relation to the audit of IFR. Debreceny and Gray (1999) discuss the following issues:
Is the audit opinion safe from change by the client or other party?
Should the web-based auditor’s report reside at the auditor’s or the client’s Website?
What weight should be given to an auditor’s report date when documents on the web can be changed?
Should the auditor allow hyperlinks to, and/or from, the auditor’s report?
Auditor’s report look and feel
The expression of authority of audit statements.
Most of these issues are still current and have not been addressed as yet by professional standards-setting bodies. Ashbaugh, Johnstone, and Warfield (1999) also addressed the role of the auditor in ensuring the reliability of reported data online. In their examination of US online corporate reporting activity, Ashbaugh, Johnstone, and Warfield reported that only 35% of responding firms3 provide any form of direct assurance to users of their Websites as to the accuracy of the information they provide online. They also suggest that even where this assurance is provided, the extent to which this is fully provided and clearly visible to users is very limited.