Home | Join | Site Map

TA Homepage
Other Committees


XBRL, Financial Reporting, and Auditing

By Ryan Youngwon Shin, CISA, CPA

March 2003


The future widespread delivery of financial reporting will be in digital form; however, the question of which information exchange language will become the de-facto standard remains unanswered. Currently, most digital representations of financial information are coded in Hypertext Markup Language (HTML), which controls the way that information is displayed, in terms of appearance, size, shape, and color. HTML, however, does not recognize content, so its use generally is limited and is not effective for extracting data. The HTML format also does not allow for searching, analysis, or manipulation of information without re-entering data to a spreadsheet or downloading some other software application that has analysis and manipulation capabilities.

Extensible Business Reporting Language (XBRL) was developed by a consortium of leading financial organizations, accounting firms, financial services providers, and technology companies. It is designed to make financial reports easier to post on the Internet and easier to understand once they are posted 1. According to the American Institute of Certified Public Accountants, a total of 66% of public companies surveyed by the Association for Management and Investment Research have a website, and 76% of those companies provide financial information on their website. The same study also found that, even when other sources exist, analysts preferred using websites to obtain information because it is easier. Another study indicated that approximately 80% of major U.S. companies make some type of financial disclosure online 2. Investors need accurate and reliable financial information that can be delivered promptly in order to help them make informed financial decisions. XBRL meets these needs and is particularly important in improving the usefulness of financial information delivered via the Internet. It also makes full use of the efficiencies of the Internet the primary source of financial information for today’s users.

The purpose of this article is to present an overview of XBRL as well as the technical aspects relevant to financial reporting and auditing.

XBRL Technical Developments and Issues

In early 1993, the Securities Exchange Commission (SEC) began to mandate electronic filings through its Electronic Data Gathering, Analysis, and Retrieval system (EDGAR). This system was intended to benefit electronic filers, enhance the speed and efficiency of SEC processing, and make corporate and financial information available to investors, the financial community, and others in a matter of minutes. Electronic dissemination generates the participation of more informed investors as well as more informed securities markets3. Currently, the EDGAR system accepts both ASCII and HTML documents as official filings. Although EDGAR delivers the advantages of speed and efficiency characteristic of a centralized database, it still forces users to download reports from the SEC website or manually to search for and prepare data for use in other purposes.

The use of XBRL-coded financial statements, bank loan documentation, and tax filings delivered via the Internet to regulatory authorities, analysts, and investors is gaining credibility. Efficiency and effectiveness are increased because data in XBRL format can be retrieved more easily and can be analyzed with greater accuracy. Moreover, XBRL provides relevant and reliable exchanges of information by allowing for technological independence and less human involvement. According to Cohen and Hannon’s 2000 article:

Just as Tim Berners-Lee designed HTML (Hypertext Markup Language) to exchange information among physicist colleagues—and has seen it transform the world of communications, business, entertainment, and even government—XBRL might be the foundation of dramatic change in the business reporting environment 4.

The XML Format

XBRL uses XML (eXtensible Markup Language) data tags in describing financial information. A simple example of converting a text to the XML format can be seen in the following:

Original Dat XML Data
John Smith <name>John Smith</name>
1 Pace Plaza

<street>1 Pace Plaza</street>

New York, NY 10038

<city>New York</city>


<state>New York</state>


<country>United States of America</country>



(212) 346-1200 <telephone>2123461200</telephone>

XBRL has various and complex components and documents. To understand how XBRL works, the following XBRL technical terms need to be understood:

  • Specifications
  • Taxonomies
  • Instance Documents

The XBRL specifications and taxonomies are created by the XBRL community. The creators are referred to as a community because XBRL is not developed or owned by a single entity; rather, it is an open-source software developed by representatives of over one hundred seventy different worldwide organizations and companies.

An XBRL specification is software code that describes financial information presented and represented by XBRL. The specification facilitates software developers and coders in creating exchangeable digital documents. It also allows financial users to compare business reporting information from different entities, even if the information was originally in otherwise incompatible formats. The use of the specifications is not limited to financial statements: It may be used for digital reporting and presentation of general ledger details through drill-down, regulatory filings, and non-financial information as well5.

XBRL taxonomies are standard descriptions for presenting business information and accounting reports. With XBRL, financial information preparers link data elements stored in accounting databases, and use XBRL to code them in a standard manner based on the taxonomy. For example, a digital annual report would include management’s discussion and analysis, financial statements, footnote disclosure, and the auditor’s opinion, all coded in XBRL.

As an example, the taxonomy for the changes in treasury stock information under US GAAP—Commercial and Industrial (US-GAAP-CI)6is presented below:

<element id="us-gaap-ci_ChangesTreasuryStockParValue" name="ChangesTreasuryStockParValue" abstract="true" />
<element id="us-gaap-ci_ChangesTreasuryStockNumberShares" name="ChangesTreasuryStockNumberShares" type="xbrli:monetaryItemType" substitutionGroup="xbrli:item" />
<element id="us-gaap-ci_ChangesTreasuryStock" name="ChangesTreasuryStock" abstract="true"

XBRL instance documents are used to represent financial data with tags from one or several taxonomies. For example, an instance document could include a company’s annual report, the earnings release, and general ledger details.

Instance documents make digital financial information for external or internal reporting and regulatory filing user-friendly because XBRL facilitates data to be read directly by computer programs, manipulated by end-users, and generates output in various forms. Instance documents may also include style sheets, which allow presentation quality documents to be printed from a Web browser or an Adobe Acrobat file7.

David Von Kannon and Yufei Wang discussed the design of X4GFR, a component of the XBRL framework, at XML Europe in 2000. In their paper they present the following example of the instance document for an XBRL report, which shows the text of the Concentrations note at calendar year end 1998 for Sample Company8.

<item entity="Sample Company" period="19981231" xmlns="http://www.x4gfr.org/core/00-03-31" xmlns:aicpa="http://www.x4gfr.org/aicpa/us/gaap/ci/03-03-31" schemaLocation="http://www.x4gfr.org/aicpa/us/gaap/ci/03-03-31.xsd" type="aicpa:NotesToFinancialStatements.Concentrations" /> Concentration of credit risk with regard to short term investments is not considered to be significant due to the Company's cash management policies. These policies restrict investments to low risk, highly liquid securities (that is, commercial paper, money market instruments, etc.), outline issuer credit requirements, and limit the amount that may be invested in any one issuer. </item>

Users of financial reports will not see the tags when they retrieve financial information because they are embedded inside the program along with other formatting tags. Thus, the disclosure in the above example will always be recognized as the footnote disclosure for concentrations of credit risk for the financial statement of Sample Company at December 31, 1998. This attribute also contributes to more effective searches on the Internet, as the user can specify a specific tag as a search criterion. Such a search cannot be performed on HTML documents.

An entity may have a financial data item that does not already exist in the US-GAAP-CI taxonomy. In that case they can create a XBRL tag unique to their specific taxonomy. Once financial data is correctly tagged, users can utilize XML-enabled software and browsers for analysis, reporting, and other functions. As XBRL-formatted data, information can be accessed and queried based on individual user preferences in an efficient manner9.

XBRL Audit and Control Issues

Many financial information technology experts strongly believe that XBRL will succeed. Alan Anderson, the AICPA’s Senior Vice President, envisions the business-reporting model of the future as online, real-time disclosure. Today’s legacy audit opinion is backward-looking because it applies to the company’s financial condition and activity at a previous point in time or period-end, usually at least sixty days ago. However, users of financial information are unlikely to have information and assurance on activity that just happened, happened yesterday, or last week, which, if known, might improve capital allocation decisions10. Rather than having to rely on stale financial information from dated hard copy documents or websites, stakeholders today want data in real time. Financial information available on the Internet and coded in XBRL allows users to find easily and on demand the underlying accounting data of their specific interests.

When financial information is streamed in real time, the risk of error in the financial statements could become higher, depending on the controls in place regarding changes in that data. SAS 94 states, “when evidence of an entity’s initiation, recording, or processing of financial data exists only in electronic form, the auditor’s ability to obtain the desired assurance only from substantive tests would significantly diminish."11 When financial statements are prepared using XBRL, the auditor should consider gathering evidential matter and performing control tests on the correct application of specifications, taxonomy, and instance documents used in the coding.

Planning the Audit when XBRL is used for Financial Reporting

According to SAS 94, “In circumstances where a significant amount of information supporting one or more financial statement assertions is electronically initiated, recorded, processed, or reported, the auditor may determine that it is not possible to design effective substantive tests … significant audit evidence may be available only in electronic form. In such cases, its competence and sufficiency as evidential matter usually depend on the effectiveness of controls over its accuracy and completeness.” 12

When fully implemented, the risks of XBRL center on the accurate and complete mapping of the financial information and accounting data to the tags. An adequately designed and effective internal control structure for XBRL will ensure that the data retrieved represents valid and accurate transactions, has integrity, and is recognized in the proper accounting period. Another audit concern with respect to the use of XBRL is whether all relevant data in the source records has been tagged, i.e., whether the report is complete. This would involve reviewing the tagging system in software systems in order to ensure that information such as new data elements or new accounts are included in the tagging process.13

The Operational Environment and XBRL

The auditor needs to design procedures that determine whether the specifications, taxonomy, and instance documents are appropriate for financial statements. Engagement audit staff should have the technical expertise to apply these procedures as well as be knowledgeable of relevant industry standards and any specific generally accepted accounting principles applicable to the entity. The audit procedures should address the specifications, taxonomy, and instance documents in this context. Such an examination would involve considering XBRL details in order to ensure that they are up to date and properly applied. 14

Adequately designed internal controls over XBRL that have been placed in operation and are operating effectively are important in ensuring the integrity and consistency of a particular taxonomy being applied in an entity. General control audit procedures relevant to XBRL include network operations, application development and maintenance, and access controls. Application controls relevant to XBRL address input, error correction, and output. For example, when a taxonomy is assigned, modified, or added, the auditor should validate or check an instance document against the taxonomy so to ensure the tags used are all from the taxonomy.

Network Security

XBRL may provide live links from financial documents back to the underlying production databases. In this case, substantial security risks exist if the security of the operating system, application, and database is inadequately configured. Such miss-configurations could allow unauthorized changes or destruction of the data that supports the financial statements. When such links are present, the auditor should consider the adequacy of the entity’s security policies and procedures for configuring firewalls, hardening operating systems, and other relevant security controls, given the nature of the data.15

The security polices and procedures should address classifying the sensitivity or criticality of digital information, especially if the entity is subject to the Sarbanes Oxley Act,16 Gramm Leach Bliley Act (GLB),17 or Health Insurance Portability and Accountability Act (HIPAA).18


Investors and regulators around the globe are calling for increased financial transparency in order to regain market confidence and stimulate the economy. According to John Delta, Vice President of NASDAQ, “XBRL is a way to really improve transparency for investors and the timely delivery of standardized [Securities and Exchange Commission] data.” 19

Because of its simplicity and the improved efficiency of XBRL, the expected growth of XBRL will impact the ways that companies exchange financial data as well as business reporting of all kinds. The use of XBRL for financial statements, however, will lead to new audit issues that practitioners must take into consideration.

In order to experience how XBRL formatted data could be used, go to NASDAQ.com’s XBRL pilot, “NASDAQ-Microsoft-PwC Demo” at http://www.nasdaq.com/xbrl. This demonstration provides a glimpse of how information reported by companies in the XBRL format will be more useful to investors and other users.

About the Author

Ryan Youngwon Shin, CISA, is an IT auditor at J.H. Cohn, LLP. He has a Bachelors degree in Applied Statistics and Business Administration from Yonsei University, Seoul, Korea, and a Masters of Science in Accounting Information Systems from Pace University, Lubin School of Business. His experience includes stock market-based accounting and SEC 10-K filing research with statistical analysis. He also has been involved in redesigning business processes, administrating databases, and other various accounting functions.

Ryan is a member of the NYSSCPA Technology Assurance committee and the Task Force on Alternative Delivery Methods of CPE. Ryan can be reached at rshin@jhcohn.com

Technical Editor Amanda B. Chaloupka, English Ph.D. Student, Rutgers University. amandachaloupka@hotmail.com



1“XBRL Approved for U.S. Implementation.” Journal of Accountancy; October , 2000. http://www.aicpa.org/pubs/jofa/oct2000/news1.htm

2“New Developments for XBRL: What Do They Mean for Large Firms?” The CPA Letter, AICPA; October, 2000. http://www.aicpa.org/pubs/cpaltr/oct2000/supps/large1.htm

3“Electronic Filing and the EDGAR System: A Regulatory Overview,” U.S. SEC; May, 2002.

4Cohen, Eric E. and Neal Hannon. “How XBRL will Change Your Practice,” The CPA Journal; November, 2000.

5XBRL.org: http://www.xbrl.org/whatisxbrl/index.asp?sid=11

6US GAAP—Commercial and Industrial (US-GAAP-CI) Taxonomy:

7XBRL supra

8Vun Kannon, David and Yufei Wang. “Design of the XBRL Specification.” http://www.gca.org/papers/xmleurope2000/papers/s26-01.html

9“Section Seven: XBRL Instance Documents,” Bryant College. http://web.bryant.edu/~xbrl/xbrl/instance.htm

10“The Business Reporting Model of the Future.” The CPA Letter, AICPA; Novevember, 2002. http://www.aicpa.org/pubs/cpaltr/nov2002/supps/edu1.htm

11“The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit.” Statement on Auditing Standards, AICPA, No. 94, paragraph 4; 2001.

12Ibid, Paragraph 65.

13“Audit & Control Implications of XBRL,” CICA Information Technology Advisory Committee: http://www.cica.ca/multimedia/Download_Library/Standards/Studies/English/CICA-XBRL-0502-e.pdf



16The Sarbanes Oxley Act of 2002: http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ204.107.pdf

17Gramm Leach Bliley Act of 1999 (GLB): http://www.ftc.gov/privacy/glbact/

18Health Insurance Portability and Accountability Act of 1996 (HIPAA): http://www.cms.hhs.gov/regulations/hipaa/cms0003-5/0049f-econ-ofr-2-12-03.pdf

19Colkin, Eileen. “Nasdaq Giving XBRL a Try,” Informationweek.com; August 6, 2002. http://www.informationweek.com/story/IWK20020806S0004

| About Us | Continuing Education | Future CPAs | Government Affairs | Professional Resources | Publications | Sound Advice | Tax Resources

Chapters | Committees | Member Center | Events Calendar | Classifieds | Careers | E-zine Subscriptions | The Trusted Professional | The CPA Journal

Search | Site Map | Become a Member | Jobs | Press Room | Contact Us | Feedback

©1997 - 2009 New York State Society of Certified Public Accountants. Legal Notices