track 8 xbrl: solving real world problems -- crossing the chasm glen l. gray june 23, 2008
TRANSCRIPT
Track 8 XBRL: Solving Real World Problems --
Crossing the Chasm Glen L. GrayJune 23, 2008
Introduction History from Al Gore to Charlie Hoffman Revised technology adoption life cycle Research method Internal auditor/controller issues How XBRL can address those issues Conclusion & Questions
2G.L. Gray
Research project funded by The IIA Research Foundation
1969: Al Gore invents the Internet 1994: Commercialization of the Internet 1996: Debreceny & Gray start exploring the uncharted Internet
financial reporting world 1999: FASB and IASC each publish reports on financial reporting
on the Internet◦ Most large companies are including financial reporting information on
their Web sites◦ No consistency in terms of content, format, and navigation◦ Probably violating reporting regulations! (Still true?)◦ Automated searches almost impossible
April 1999: In email to SEC, Gray recommends XML October 1999: First XBRL meeting with Charles Hoffman and 12
steering committee members 2009: The XBRL consortium has over 500 members
3G.L. Gray
Which technology grew the fastest AFTER mandated by the government?A. IBM PC?B. Microsoft Windows?C. Apple iPod?D. Apple iPhone?E. XBRL?
4G.L. Gray
8,200 U.S. banks now have experience with XBRL because of FDIC-mandated filings. What percentage saw the value of XBRL and joined the SEC VFP?A. 50%B. 10%C. 1%D. 0.02%
5G.L. Gray
Now that the FDIC mandates XBRL, if you are keeping score, is that…A. 1 win?B. 5 wins?C. 8,200 wins?
6G.L. Gray
7G.L. Gray
Early Markets Innovators: The Technology Enthusiasts◦ Appreciate technology for its own sake◦Gatekeepers for new technologies◦Not price sensitive
Early Adopters: The Visionaries◦Want breakthrough, not just improvement◦ Easy to sell to, but hard to please◦ Project oriented and in a hurry, as such, sellers
must manage expectations
G.L. Gray 8
Mainstream Markets Early Majority: The Pragmatists◦ Leading edge = bleeding edge◦Not looking for breakthrough—looking for
improvement◦ “Risk” is a negative word, not a challenge◦Who they are buying from is critical—want both
proven market leader & competition ◦ Seller must be conversant with issues that
dominate the customers’ particular business
G.L. Gray 9
Mainstream Markets Late Majority: The Conservatives
Against discontinuous innovations Very risk adverse—like the trailing edge
of technology (e.g., still use aol.com) Want whole solutions--high-tech products
should be like refrigerators Laggards: The Skeptics
Skeptic says it all—they block purchases
Conduct 4 focus groups w/
internal auditors
Send comments to XBRL community
Synthesize responses
Structure and aggregate information
Feedback
11G.L. Gray
The free-form discussions fell into the following topic categories:◦ Sarbanes-Oxley and Internal Controls◦ Fear of Proliferation of Spreadsheets◦Retrieving and Consolidating Accounting
Information◦ Audit Tools
12G.L. Gray
Non-standardization of controls Continuation of the controls after testing Segregation of duties Management overrides Lack of formal training regarding policies and
procedures Fraud detection is time consuming, as such,
materiality set too high, and samples too small Lack of transparency of transaction changes People who understood legacy systems are retiring Keeping up with technology changes Dynamic aspects of businesses
13G.L. Gray
XBRL tools: XBRL instance document must be syntactically and semantically correct
Data Layer Validation instead of at the application layer (Significant contributor to FFIEC’s productivity increases)
XBRL taxonomies explicitly include business rules Linkbases can move validation to the earlier stages
of information supply chain. Supports Continuous Auditing (CA). ◦ Particularly, at XBRL GL level◦ Embedded audit modules (EAMs) can also be
standardized
14G.L. Gray
Spreadsheets can be very complex and, generally, are not designed to share data, leading to frequent manual data reentry
External auditors are not improving management's comfort level with spreadsheets
Spreadsheets are an integral part of the accounting and financial reporting systems--but do not include design or operating documentation
How to validate spreadsheets and the source data? False sense of security that the data collection is
being performed properly because the transfer process has been automated or built into the application
Little or no testing after changes are implemented into a spreadsheet?
15G.L. Gray
Frequent cutting-and-pasting and manual data reentry introduce new errors.
No live links from the spreadsheets to source data, so the applicable spreadsheets are not automatically updated.
Different people extracting the same data, but at different times creates version control problems.
Data validation—both on incoming source data and outgoing spreadsheets—is probably incomplete, undocumented, and performed manually.
Business rules and formulas are captured in the spreadsheet cells and macros, but different individuals are creating their own representations without collaboration.
16G.L. Gray
Spreadsheets are rarely self-documented. ◦ A cell might include “=(C17/C28)” and C17
includes “=SUM(A6:A10),” and so on. ◦Macro are full of cell references with no names or
comments. Is creating and maintaining spreadsheets the best
use of a person’s time? Redundancies of individuals independently creating
essentially the same spreadsheet. The shear number of spreadsheets that exists in
organizations means that they are many spreadsheets that never going to be fully audited. Many of those could be part of the SOX Sections 302 and 404 ICFR domain.
17G.L. Gray
Spreadsheets will NOT disappear because of XBRL. XBRL has superior functionality to as intermediary
between disparate applications. XBRL taxonomies move business rules from the
application layer to the data layer. Spreadsheets to manipulate the XBRL instance
documents will still be needed, but the rules will be standardized and external to the applications, thereby, greatly reducing version control problems and redundancy.
XBRL documents and their taxonomies provides strong error checking and persistent connectivity, which can mean an unbroken audit trail
18G.L. Gray
Exchanges between packages under different platforms are problematic.
Proprietary file formats of the third-party packages also a problem.
Some applications are so dissimilar that the data can be exchanged only through manual activities.
Every-changing systems: after data exchanges procedures are in place, one or more of the systems will change.
Regulators and taxing authorities can have different reporting periods and different definitions for line items.
Mis-posting of accounting transactions Disparate systems, dissimilar platforms, and software
applications that must share, exchange, and transfer data contribute heavily to data integrity concerns.
19G.L. Gray
Different GAAPs in different countries = consolidation problem.
Decentralization of the organization.
Highly competitive global marketplace makes long-range planning very difficult.
More integrated business relationships with trading partners and supply chain participants to interact and exchange data with.
Budget limitations prevent replacing or upgrading old systems.
20G.L. Gray
XBRL supports map-once-use-many exchange of data between disparate internal systems, third-party systems, trading partners, and banks.
Once mapped an XBRL instance document becomes the uniform interface to exchange data with the world outside that system.
Concept is similar to the traditional EDI, but XBRL is much more robust.
21G.L. Gray
Each audit tool has its own learning.
Extracting data is a challenge: hundreds of data fields distributed among hundreds of database tables located on different computers.
False positives can be an issue with in very large databases.
In some organizations, auditors are not allowed to do their own data extractions. IT department does queries because they worried that the auditor would make mistakes and use excessive computer resources and slow down other processes.
In large organizations, the sheer volume of data is a problem.
22G.L. Gray
XBRL standardizes data and its map-once-use-many improves exchange between applications.
Auditing tools, such as IDEA and ACL, work with XBRL data. Determining the appropriate fields and tables will still have to be addressed, but once mapped, the XBRL instance document will be the ongoing interface to that data.
As XBRL moves up stream to XBRL GL, XBRL will allow for the finest granularity for analysis.
23G.L. Gray
Where IT prevents auditors from running their own queries, auditors could work with IT to create the mapping between current systems and desired XBRL instance documents to automate data links.
Over time, the XBRL instance documents could become more comprehensive and sophisticated.
24G.L. Gray
25G.L. Gray