AUDITED FINANCIAL STATEMENTS AND THE WORLD WIDE WEB

November 1999

By John L. Archambault and Kim M. Gibson

Private companies have joined public companies in presenting audited financial statements on their websites. There are many questions regarding the auditor's responsibility and how much involvement, if any, the auditor should have with information included on a client's website.

The Electronic Dissemination of Audited Financial Information Task Force (task force) of the AICPA's Auditing Standards Board was formed to monitor developments in this arena. The task force, in conjunction with the Steering Group of the Illinois CPA Society's Accounting and Assurance Services Network, prepared a questionnaire to gather the views and comments of the membership regarding this complex topic. As a result of the questionnaire, it was apparent that additional guidance was needed with respect to the CPA's responsibilities under Statements on Auditing Standards (SAS) No. 8, Other Information in Documents Containing Audited Financial Statements, and its Interpretation #4, Other Information in Electronic Sites Containing Audited Financial Statements. The respondents also requested guidance about the procedures, if any, that a CPA should perform if a client plans on electronically disseminating audited financial statements.

SAS No. 8

SAS No. 8 is "applicable only to other information contained in a) annual reports to holders of securities of beneficial interest, annual reports of organizations for charitable or philanthropic purposes distributed to the public, and annual reports filed with regulatory authorities under the Securities Exchange Act of 1934 or b) other documents to which the auditor, at the client's request, devotes attention." Under SAS No. 8, the auditor's responsibility for other information in a document containing audited financial statements does not extend beyond the financial information identified in his or her report, and the auditor has no obligation to perform any procedures to corroborate other information contained in such a document. However, the auditor should read the other information and consider whether such information (or the manner of its presentation) is materially inconsistent with information (or the manner of its presentation) appearing in the financial statements. SAS No. 8 was issued in 1975, when the concept of electronically disseminated audited financial statements was not contemplated.

In March of 1997, the Audit Issues Task Force of the Auditing Standards Board issued an interpretation of SAS No. 8 that addressed electronically disseminated financial information. The interpretation addressed the question, "When audited financial statements and the independent auditor's report thereon are included in an electronic site, what is the auditor's responsibility with respect to other information included in the electronic site?"

This interpretation explains that electronic sites are a means of distributing information and are not considered documents as that term is used in SAS No. 8. Therefore, the auditor is not required to read information contained in electronic sites or to consider the consistency of other information in such sites with the original documents. In this interpretation, annual reports, financial statements, and auditors' reports are included in the concept of "information."

Open Issues

Although the interpretation is clear as to the auditor's responsibility with respect to other information in electronic sites, the results of the questionnaire indicate that there are still unanswered questions regarding this topic. The following are issues that were raised by respondents to the questionnaire:

Issue 1: What was the basis for the conclusion reached in Interpretation #4 to SAS No. 8, Other Information in Electronic Sites Containing Audited Financial Statements?

Discussion: On a given website, there may be no clear boundaries between the audited financial statements and other financial or nonfinancial information. Not only can a website include a substantial amount of information generated by the company (i.e., about products, employment, and nonfinancial data) but, through hyperlinks, it can also include information from outside sources. This information may also be continuously changing.

It is not only impractical, but almost impossible for an auditor to access all of the information that is on or linked to a client's website. This is analogous to the auditor attempting to access all of the client's internal information, reports, or documents and all external information about the client from other sources. Thus, under SAS No. 8, a website is not considered to be a "document" as that term is used in AU section 550, and an auditor is not required to read the information on a website or to consider whether it is consistent with information in original documents.

Issue 2: Should a practitioner consider reviewing the client's website as part of the planning stage of the current year's engagement?

Discussion: AU section 311 discusses that an auditor should obtain a level of knowledge of the entity's business that will enable him or her to plan and perform the audit. The client's website may provide a description of the client's current activities and significant events, which may be evaluated as part of audit planning. As such, the auditor may wish to consider reviewing the website as part of planning the audit.

Issue 3: Should a practitioner consider reading the audited financial statements that the client has included in its website?

Discussion: Under interpretation #4 to SAS No. 8, an auditor is not required by AU section 550 to read information contained in electronic sites, nor to consider the consistency of other information in electronic sites with the original documents. Likewise, an auditor is not required to determine if a report will be disseminated electronically. However, if the auditor becomes aware of the client's plan to include the annual report or the audited financial statements and the auditor's report on its website, the auditor may provide services relating to the website, which may include reading the financial information before it is placed on the site.

Issue 4: Should a practitioner consider reviewing and testing those controls over the design and maintenance of the client's website that relate to the presentation of audited financial statements included on the electronic site?

Discussion: It is management's responsibility to maintain appropriate controls over the design and maintenance of its website. Under generally accepted auditing standards, the auditor has no responsibility to review or test such controls. However, the auditor may be engaged by the client to perform services with respect to the website, such as a WebTrust engagement, which could involve reviewing and testing controls over the design and maintenance of the site, including that of the presentation of the audited financial statements.

Issue 5: What should a practitioner do if he or she becomes aware that the audited financial statements included on the client's website have been revised or altered?

Discussion: If the auditor becomes aware of such a situation, bringing it to the client's attention for revision and investigation into the causes of the changes should be considered. The auditor might request that the client not display the auditor's report on the website until corrective action has been taken. If management refuses, the auditor should consider taking the following actions: bringing the situation to the attention of the audit committee, seeking the advice of legal counsel, and considering the client's refusal in the auditor's client continuation process.

Issue 6: If a client's web page has hyperlinks between the audited financial statements and other information or websites, should the practitioner read the other information or websites to determine if the linked information is materially inconsistent with the audited financial statements? What if the linked information and the audited financial statements are materially inconsistent?

Discussion: Under the interpretation to SAS No. 8, auditors are not required by AU section 550 to read information contained in electronic sites or to consider the consistency of other information (as that term is used in AU section 550) in electronic sites with the original documents. Hyperlinked information would be considered other information. The auditor can, however, be engaged by the client to perform services with respect to the client's site, such as determining if hyperlinked information is materially consistent with the audited financial information.

Issue 7: Should a practitioner recommend to his or her client that the website include notices, such as entering and exiting notifications, when a user of the website moves between the annual report or the audited financial statements and other information in the website?

Discussion: The auditor does not have a responsibility to recommend controls for a client's website. However, many companies (such as www.intel.com) have included entering and exiting notifications on their websites, and an auditor may wish to inform his or her client as to the benefits of incorporating these types of notifications into the website.

Issue 8: If a client includes audited financial statements on its website, who should the practitioner notify if it is determined that the audit report should no longer be relied upon?

Discussion: If the auditor has advised the client that action should be taken to prevent future reliance on a previously issued audit report, the auditor should also advise the client to remove the auditor's report from the website. If the client does not take the action to prevent future reliance on the report (including removing the auditor's report from the website), the auditor should notify the board of directors, inform regulatory agencies having jurisdiction over the client and known users, and consult with legal counsel.

The Auditing Standards Board plans to continue to monitor developments related to the electronic dissemination of audited financial statements and will consider the need for additional guidance to respond to those developments. *

John L. Archambault, CPA, is a partner at Grant Thornton LLP. He is the chair of the Electronic Dissemination of Audited Financial Information Task Force and a former member of the AICPA's Auditing Standards Board. Kim M. Gibson, CPA, is a technical manager in the AICPA's audit and attest standards division.

The views expressed in this article are those of the Electronic Dissemination of Audited Financial Statements Task Force and not those of the Auditing Standards Board. Official positions are determined through certain specific committee procedures, due process, and deliberation.

Editors:
Neal B. Hitzig, PhD, CPA
Saint Peter's College
Jerry M. Klein, CPA
M.R. Weiser & Co. LLP

Home | Contact | Subscribe | Advertise | Archives | NYSSCPA


The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.


©2008 The New York State Society of CPAs. Legal Notices