|
Search
|
 |
TA Homepage |
|
Meetings |
|
Members |
|
Events |
|
Forums |
|
Other Committees |
 |
|
XBRL, Financial Reporting, and Auditing
March 2003 Introduction The future widespread delivery of financial reporting will be in digital form; however, the question of which information exchange language will become the de-facto standard remains unanswered. Currently, most digital representations of financial information are coded in Hypertext Markup Language (HTML), which controls the way that information is displayed, in terms of appearance, size, shape, and color. HTML, however, does not recognize content, so its use generally is limited and is not effective for extracting data. The HTML format also does not allow for searching, analysis, or manipulation of information without re-entering data to a spreadsheet or downloading some other software application that has analysis and manipulation capabilities. Extensible Business Reporting Language (XBRL) was developed by a consortium of leading financial organizations, accounting firms, financial services providers, and technology companies. It is designed to make financial reports easier to post on the Internet and easier to understand once they are posted 1. According to the American Institute of Certified Public Accountants, a total of 66% of public companies surveyed by the Association for Management and Investment Research have a website, and 76% of those companies provide financial information on their website. The same study also found that, even when other sources exist, analysts preferred using websites to obtain information because it is easier. Another study indicated that approximately 80% of major U.S. companies make some type of financial disclosure online 2. Investors need accurate and reliable financial information that can be delivered promptly in order to help them make informed financial decisions. XBRL meets these needs and is particularly important in improving the usefulness of financial information delivered via the Internet. It also makes full use of the efficiencies of the Internet the primary source of financial information for today’s users. The purpose of this article is to present an overview of XBRL as well as the technical aspects relevant to financial reporting and auditing. XBRL Technical Developments and Issues In early 1993, the Securities Exchange Commission (SEC) began to mandate electronic filings through its Electronic Data Gathering, Analysis, and Retrieval system (EDGAR). This system was intended to benefit electronic filers, enhance the speed and efficiency of SEC processing, and make corporate and financial information available to investors, the financial community, and others in a matter of minutes. Electronic dissemination generates the participation of more informed investors as well as more informed securities markets3. Currently, the EDGAR system accepts both ASCII and HTML documents as official filings. Although EDGAR delivers the advantages of speed and efficiency characteristic of a centralized database, it still forces users to download reports from the SEC website or manually to search for and prepare data for use in other purposes. The use of XBRL-coded financial statements, bank loan documentation, and tax filings delivered via the Internet to regulatory authorities, analysts, and investors is gaining credibility. Efficiency and effectiveness are increased because data in XBRL format can be retrieved more easily and can be analyzed with greater accuracy. Moreover, XBRL provides relevant and reliable exchanges of information by allowing for technological independence and less human involvement. According to Cohen and Hannon’s 2000 article:
The
XML Format
The XBRL specifications and taxonomies are created by the XBRL community. The creators are referred to as a community because XBRL is not developed or owned by a single entity; rather, it is an open-source software developed by representatives of over one hundred seventy different worldwide organizations and companies. An XBRL specification is software code that describes financial information presented and represented by XBRL. The specification facilitates software developers and coders in creating exchangeable digital documents. It also allows financial users to compare business reporting information from different entities, even if the information was originally in otherwise incompatible formats. The use of the specifications is not limited to financial statements: It may be used for digital reporting and presentation of general ledger details through drill-down, regulatory filings, and non-financial information as well5. XBRL taxonomies are standard descriptions for presenting business information and accounting reports. With XBRL, financial information preparers link data elements stored in accounting databases, and use XBRL to code them in a standard manner based on the taxonomy. For example, a digital annual report would include management’s discussion and analysis, financial statements, footnote disclosure, and the auditor’s opinion, all coded in XBRL. As
an example, the taxonomy for the changes in treasury stock information
under US GAAP—Commercial and Industrial (US-GAAP-CI)6is
presented below: XBRL instance documents are used to represent financial data with tags from one or several taxonomies. For example, an instance document could include a company’s annual report, the earnings release, and general ledger details. Instance
documents make digital financial information for external or internal
reporting and regulatory filing user-friendly because XBRL facilitates
data to be read directly by computer programs, manipulated by
end-users, and generates output in various forms. Instance documents
may also include style sheets, which allow presentation quality
documents to be printed from a Web browser or an Adobe Acrobat
file7. <item entity="Sample Company" period="19981231" xmlns="http://www.x4gfr.org/core/00-03-31" xmlns:aicpa="http://www.x4gfr.org/aicpa/us/gaap/ci/03-03-31" schemaLocation="http://www.x4gfr.org/aicpa/us/gaap/ci/03-03-31.xsd" type="aicpa:NotesToFinancialStatements.Concentrations" /> Concentration of credit risk with regard to short term investments is not considered to be significant due to the Company's cash management policies. These policies restrict investments to low risk, highly liquid securities (that is, commercial paper, money market instruments, etc.), outline issuer credit requirements, and limit the amount that may be invested in any one issuer. </item> Users of financial reports will not see the tags when they retrieve financial information because they are embedded inside the program along with other formatting tags. Thus, the disclosure in the above example will always be recognized as the footnote disclosure for concentrations of credit risk for the financial statement of Sample Company at December 31, 1998. This attribute also contributes to more effective searches on the Internet, as the user can specify a specific tag as a search criterion. Such a search cannot be performed on HTML documents. An entity may have a financial data item that does not already exist in the US-GAAP-CI taxonomy. In that case they can create a XBRL tag unique to their specific taxonomy. Once financial data is correctly tagged, users can utilize XML-enabled software and browsers for analysis, reporting, and other functions. As XBRL-formatted data, information can be accessed and queried based on individual user preferences in an efficient manner9. XBRL Audit and Control Issues Many
financial information technology experts strongly believe that
XBRL will succeed. Alan Anderson, the AICPA’s Senior Vice
President, envisions the business-reporting model of the future
as online, real-time disclosure. Today’s legacy audit opinion
is backward-looking because it applies to the company’s
financial condition and activity at a previous point in time or
period-end, usually at least sixty days ago. However, users of
financial information are unlikely to have information and assurance
on activity that just happened, happened yesterday, or last week,
which, if known, might improve capital allocation decisions10. Rather
than having to rely on stale financial information from dated
hard copy documents or websites, stakeholders today want data
in real time. Financial information available on the Internet
and coded in XBRL allows users to find easily and on demand the
underlying accounting data of their specific interests. According to SAS 94, “In circumstances where a significant amount of information supporting one or more financial statement assertions is electronically initiated, recorded, processed, or reported, the auditor may determine that it is not possible to design effective substantive tests … significant audit evidence may be available only in electronic form. In such cases, its competence and sufficiency as evidential matter usually depend on the effectiveness of controls over its accuracy and completeness.” 12 When fully implemented, the risks of XBRL center on the accurate and complete mapping of the financial information and accounting data to the tags. An adequately designed and effective internal control structure for XBRL will ensure that the data retrieved represents valid and accurate transactions, has integrity, and is recognized in the proper accounting period. Another audit concern with respect to the use of XBRL is whether all relevant data in the source records has been tagged, i.e., whether the report is complete. This would involve reviewing the tagging system in software systems in order to ensure that information such as new data elements or new accounts are included in the tagging process.13 The Operational Environment and XBRL The auditor needs to design procedures that determine whether the specifications, taxonomy, and instance documents are appropriate for financial statements. Engagement audit staff should have the technical expertise to apply these procedures as well as be knowledgeable of relevant industry standards and any specific generally accepted accounting principles applicable to the entity. The audit procedures should address the specifications, taxonomy, and instance documents in this context. Such an examination would involve considering XBRL details in order to ensure that they are up to date and properly applied. 14 Adequately
designed internal controls over XBRL that have been placed in
operation and are operating effectively are important in ensuring
the integrity and consistency of a particular taxonomy being applied
in an entity. General control audit procedures relevant to XBRL
include network operations, application development and maintenance,
and access controls. Application controls relevant to XBRL address
input, error correction, and output. For example, when a taxonomy
is assigned, modified, or added, the auditor should validate or
check an instance document against the taxonomy so to ensure the
tags used are all from the taxonomy. XBRL may provide live links from financial documents back to the underlying production databases. In this case, substantial security risks exist if the security of the operating system, application, and database is inadequately configured. Such miss-configurations could allow unauthorized changes or destruction of the data that supports the financial statements. When such links are present, the auditor should consider the adequacy of the entity’s security policies and procedures for configuring firewalls, hardening operating systems, and other relevant security controls, given the nature of the data.15 The security polices and procedures should address classifying the sensitivity or criticality of digital information, especially if the entity is subject to the Sarbanes Oxley Act,16 Gramm Leach Bliley Act (GLB),17 or Health Insurance Portability and Accountability Act (HIPAA).18 Conclusion Investors and regulators around the globe are calling for increased financial transparency in order to regain market confidence and stimulate the economy. According to John Delta, Vice President of NASDAQ, “XBRL is a way to really improve transparency for investors and the timely delivery of standardized [Securities and Exchange Commission] data.” 19 Because of its simplicity and the improved efficiency of XBRL, the expected growth of XBRL will impact the ways that companies exchange financial data as well as business reporting of all kinds. The use of XBRL for financial statements, however, will lead to new audit issues that practitioners must take into consideration. In order to experience how XBRL formatted data could be used, go to NASDAQ.com’s XBRL pilot, “NASDAQ-Microsoft-PwC Demo” at http://www.nasdaq.com/xbrl. This demonstration provides a glimpse of how information reported by companies in the XBRL format will be more useful to investors and other users. About the Author
Ryan is a member of the NYSSCPA Technology Assurance committee and the Task Force on Alternative Delivery Methods of CPE. Ryan can be reached at rshin@jhcohn.com Technical
Editor Amanda B. Chaloupka, English Ph.D. Student, Rutgers
University. amandachaloupka@hotmail.com
______________________________ Endnotes: 1“XBRL Approved for U.S. Implementation.” Journal of Accountancy; October , 2000. http://www.aicpa.org/pubs/jofa/oct2000/news1.htm 2“New Developments for XBRL: What Do They Mean for Large Firms?” The CPA Letter, AICPA; October, 2000. http://www.aicpa.org/pubs/cpaltr/oct2000/supps/large1.htm 3“Electronic
Filing and the EDGAR System: A Regulatory Overview,” U.S.
SEC; May, 2002. 4Cohen, Eric E. and Neal Hannon. “How XBRL will Change Your Practice,” The CPA Journal; November, 2000. 5XBRL.org: http://www.xbrl.org/whatisxbrl/index.asp?sid=11
6US GAAP—Commercial and Industrial (US-GAAP-CI)
Taxonomy: 7XBRL supra 8Vun Kannon, David and Yufei Wang. “Design of the XBRL Specification.” http://www.gca.org/papers/xmleurope2000/papers/s26-01.html 9“Section Seven: XBRL Instance Documents,” Bryant College. http://web.bryant.edu/~xbrl/xbrl/instance.htm 10“The Business Reporting Model of the Future.” The CPA Letter, AICPA; Novevember, 2002. http://www.aicpa.org/pubs/cpaltr/nov2002/supps/edu1.htm 11“The Effect of Information Technology on the Auditor’s Consideration of Internal Control in a Financial Statement Audit.” Statement on Auditing Standards, AICPA, No. 94, paragraph 4; 2001. 12Ibid, Paragraph 65. 13“Audit & Control Implications of XBRL,” CICA Information Technology Advisory Committee: http://www.cica.ca/multimedia/Download_Library/Standards/Studies/English/CICA-XBRL-0502-e.pdf 14Ibid 15Ibid 16The Sarbanes Oxley Act of 2002: http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=107_cong_public_laws&docid=f:publ204.107.pdf 17Gramm Leach Bliley Act of 1999 (GLB): http://www.ftc.gov/privacy/glbact/
18Health Insurance Portability and Accountability Act
of 1996 (HIPAA): http://www.cms.hhs.gov/regulations/hipaa/cms0003-5/0049f-econ-ofr-2-12-03.pdf |
Ryan
Youngwon Shin, CISA, is an IT auditor at J.H. Cohn, LLP. He
has a Bachelors degree in Applied Statistics and Business Administration
from Yonsei University, Seoul, Korea, and a Masters of Science
in Accounting Information Systems from Pace University, Lubin
School of Business. His experience includes stock market-based
accounting and SEC 10-K filing research with statistical analysis.
He also has been involved in redesigning business processes, administrating
databases, and other various accounting functions.
Home
| About Us | Continuing
Education | Future CPAs
| Government Affairs
| Professional Resources
| Publications |
Sound Advice | Tax Resources
Chapters | Committees
| Member Center
| Events Calendar |
Classifieds |
Careers | E-zine
Subscriptions | The
Trusted Professional | The
CPA Journal
Search
| Site Map | Become
a Member | Jobs | Press
Room | Contact Us
| Feedback
©1997 - 2009 New York State Society of Certified Public Accountants. Legal Notices