XBRL beyond SEC filings.
Already, the U.S. Securities & Exchange Commission (SEC) considers XBRL the standard for public companies to use to file financial statements (primary financial and detailed footnotes) in interactive data format with it and on corporate websites for investors. XBRL is Extensible Markup Language (XML), and, unlike other applications of XML, it has standardized identification tags for each individual item of data. Company net profit is always company net profit, regardless of the user creating the XBRL file. This means financial statements in XBRL format permit standardized, automated analytical procedures to be used by different issuers using standard tags.
Additionally, companies disclosing financial data unique to their industry use specific XBRL tags applicable to that industry, which allows standardized, automated analytical procedures to be executed within the scope of that industry.
Auditing in a Digital Age
To this point, auditors have looked askance on the use of digital data. Many in the profession think that automated audit procedures require a large upfront investment and are more expensive than manually performed audit procedures. Senior audit professionals who share this view have never been exposed to the capabilities and ease of data flow that information technology offers their profession. And judging from debating this same topic with the accounting faculty at the University of Connecticut, many in the next generation of auditors share this misperception.
Being ill at ease with digital data in general, auditors using Computer-Assisted Audit Techniques (CAATs) find it difficult to seek the cooperation they need from their IT departments. Many IT professionals are from the traditional school of thought where database administrators were expected to defend and protect access to corporate systems. Most auditors rely on their IT departments to access the data in their financial or enterprise resource planning (ERP) systems. If the IT department balks, many auditors lack the understanding to explain to an IT professional how feasible and secure read access to source systems can be or how feasible it is to generate an XML or XBRL file.
There's another digital hurdle auditors have failed to clear so far. Even if they use digital data from financial statements, it's of limited use because it often is aggregated, so the native hierarchical format and relational data structure are lost when using ASCII files unless they are first restored in the new environment. To perform substantive analytical procedures, auditors need the underlying, disaggregated data stored in an issuer's financial system or ERP system. Also, to conduct tests of transactions and tests of details of account balances to detect material misstatements, auditors are required to examine data residing in the general ledger or subledgers. Misstatements in a financial statement are difficult to detect when analyzing data at aggregated levels. Testing the operation of internal controls based on digital data, as well as conducting substantive procedures, requires disaggregated financial data.
If auditors would first restore the native hierarchical format and relational data structure, a character-delimited ASCII file would allow them to mine enterprises' accounting records at the underlying disaggregated data level. But they haven't seized this opportunity yet.
Beyond Sample Testing
The result is that the audit profession accepts statistical and nonstatistical sample testing for financial and compliance audits, making it a given that auditors end up with detection risk because of sample testing. This increased detection risk leads to increased audit risk. And we all know where increased audit risk can lead.
The solution is already on the scene. As noted before, XBRL, required for SEC financial statements, can be used for compliance and financial audits to streamline the entire procedure. Standard XBRL tags also work for disaggregated financial data if the XBRL format is integrated into the financial process as opposed to a bolt-on approach where only the financial statements are converted to XBRL at the aggregated level. Since the computer executes an automated test procedure over the entire population as easily as over a random sample, there's no need for sample testing.
As management accountants, we need to step up and ensure our companies' financial or ERP systems can provide accounting data in XBRL format, and we need to be ready and able to explain to external auditors how the systems work. It remains to be seen if auditors are willing to improve their skill set and seize this opportunity to minimize detection risk and audit risk, thus adding to the value of audit opinion.
As an internal auditor, when you succeed in lowering audit risk, you can reduce the scope of an external audit and thus reduce external audit fees. Automated procedures test 100% of a population and don't rely on manual sample testing. This reduces detection risk and consequently audit risk.
Any well-respected CAAT solution can use XML to interchange data, and XBRL stands head and shoulders above its brethren. While other XML formats allow authors to define their own tags and document structure, XBRL, as we have seen, provides standardized tags for each individual item of data.
XBRL builds on the advantages a CAAT already offers. Performing a CAAT audit leads to a consistent quality of working-paper documentation because automated procedures eliminate the difference in the work of different auditors. This is important when external auditors weigh the work done by internal auditors. They can use advanced CAAT to conduct audit procedures over multiple units of a company, regardless of location. Auditors don't have to visit multiple facilities, and continuous monitoring is relatively easy to establish. Because using this computerized approach only requires access to a company's intranet, an audit of a multinational firm can be conducted from just one facility. Staff time at the company's other properties is no longer consumed by visiting auditors who need to learn about and check accounting procedures, then look at data on printouts.
Auditors now using CAAT have to customize audit procedures for a specific company since naming conventions and other metadata are often unique to one company's financial and ERP systems. Even if company A and company B use financial and ERP systems from the same vendor, they are likely to have unique configurations, making it problematic to reuse a single programmed audit procedure for different companies. XBRL's drive toward standardization has the potential to change this.
For example, after acquiring several enterprises, a public company questioned the benefits of CAAT for its compliance and financial audits. The corporate additions had a variety of financial systems, each from a different vendor. Wouldn't the cost-savings benefits of a computerassisted audit be eaten up by the cost of customizing and programming to manage the difference in systems?
With XBRL standardization, there would be no difference. The same XBRL tag definitions would apply to data from all the different financial systems, regardless of vendor. This obviously simplifies writing automated audit procedures covering multiple financial systems.
In the final analysis, XBRL adds up as a tool for governance, risk management, and compliance that should be used by management accountants--and even auditors. SF
John Chironna is chairman of e-Biz Technologies in Norwalk, Conn., and is a member of IMA's Westchester Gateway Chapter. You can reach him at email@example.com.
Ernst Zwikker is a senior member of e-Biz Technologies responsible for the group's GRC solutions using information technology. You can reach him at firstname.lastname@example.org.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||XBRL; eXtensible business reporting language; United States. Securities and Exchange Commission|
|Author:||John Chironna; Zwikker, Ernst|
|Date:||Mar 1, 2011|
|Previous Article:||The master budget project: Data Entry.|
|Next Article:||Cropmark Bluetooth Keypad.|