Transcript XBRL and Continuous Auditing

XBRL and Continuous Auditing/Assurance
The Third Continuous Reporting and Auditing
Conference
Eric E. Cohen, CPA
PricewaterhouseCoopers
LLP.
1 June 2001, Newark, New Jersey, USA
Requirements for CA
Automated
Audit
Procedures
Reliable
Systems
Auditor
Proficiency
Reliable
Communication
Links
Subject Matter
Timely Audit
Reports
CICA /AICPA Research Study on Continuous Auditing
Nature of Reliable Systems
Reliable systems
provide ths subject
matter
<sales>1000</sales>
Automated link
Manual compilation of data
Reliable systems
provide ths subject
matter
Accounting
System
Entry into systems
Manual documents require
coding decisions or defaults
driven by information from
master files; by customer, by
vendor, by item, sales
person, product line, or
combination of items.
Edocuments rely on
mapping and setup files for
interpretation and entry;
users generally can
manually override
distributions as necessary.
Coded
for entry
Paper documents,
mail, fax, verbal
Electronic
documents:
EDI, XML
User Discovers Information
Subject matter has
suitable
characteristics
User finds XBRL information on the
w eb in HTML or XML format. Is the
information usable and reliable?
<sales>1,000,000</
sales>
Is Information In Context?
Subject matter has
suitable
characteristics
User finds XBRL information on the
w eb in HTML or XML format. Is the
information usable and reliable?
<sales>1,000,000</
sales>
Reporting entity, reporting period, source of assurance,
w ork performed, qualified? Is tag know n, appropriate to
industry, company?
Discover item
Is all of the accompanying
contextual information
available? Is other information
directly related to this face
available?
Is Context Derivable?
Subject matter has
suitable
characteristics
<sales>1,000,000</
sales>
Reporting entity, reporting period, source of assurance,
w ork performed, qualified? Is tag know n, appropriate to
industry, company?
Discover item
Is all of the accompanying
contextual information
available? Is other information
directly related to this face
available?
Yes
Is the number or fact traceable
to/ actually that represented/
reported by the company?
No
Can context be derived
accurately from surrounding
information or be obtained
through alternate resources?
Is Original Company the Source?
Highly automated
audit procedures
can provide most of
the audit evidence
Is all of the accompanying
contextual information
available? Is other information
directly related to this face
available?
No
Can context be derived
accurately from surrounding
information or be obtained
through alternate resources?
No
Yes
Yes
Method: repository look-up? Need to
understand level of assurance or
risk attached to using information
from this repository.
Is the number or fact traceable
to/ actually that represented/
reported by the company?
Proceed at ow n risk?
Reconciliation and Assurance
High degree of
auditor proficiency
in IT & audited
subject matter
e.g., analyst may make adjustments
so data is expressed more consistent
Method: repository look-up? Need to
understand level of assurance or
risk attached to using information
from this repository.
Is the number or fact traceable
to/ actually that represented/
reported by the company?
Are differences due to
explainable adjustments by
reliable third party?
No
Yes
Yes
Method: digital signatures,
reliable third party lookup
Is third party assurance given
on this collection of facts
(document) and this particular
fact (data)?
No
Proceed at ow n risk?
Resolution and Determination of Risk
Proceed at ow n risk?
High degree of
auditor proficiency
in IT & audited
subject matter
Method: digital signatures,
reliable third party lookup
Is third party assurance given
on this collection of facts
(document) and this particular
fact (data)?
how does this data assurance
relate to the assurance on the
overall company position?
No
No
Is some other independent, third
party proof available?
No
No
Source of attestation not a trusted party
or considered "as reliable" as others,
qualified opinions, discovery of auditor
change during process, level/degree/
amount of assurance
Are there issues w ith the third
party assurance?
Yes
Yes
No
Use information w ith good idea of
risk involved.
Are they
resolvable?
Yes
XBRL: Facilitator for CA
•Value of a standard
•Built into applications for
better integration
•Built into audit tools for
testing and communications
•Setup, changeovers eased
•(Human) communications
and expectation setter
Reliable systems
provide ths subject
matter
Highly automated
audit procedures
can provide most of
the audit evidence
Subject matter has
suitable
characteristics
High degree of
auditor proficiency
in IT & audited
subject matter
Timely availability of
and control over
auditor's reports
Reliable means of
obtaining results of
audit procedures on
a timely basis
Business Facts and Accounting
•
•
Business events (sale, cash receipt)
ebXML space
– Interpretation of events (mapping to accounts)
– Accomplished now through Setup or Master files
• Results of interpretation (entry of accountoriented info)
• XBRL GL space
– Summarization of events (detail to summary)
– XBRL for XYZ reporting space
» Presentation of interpretation of
events (print/view/export summary)
» XBRL for XYZ reporting space
Foundation Facts
• Facts enter financial systems through journal entries or
postings from subsidiary journals
– Account, amount, date = Atomic entry
– Related atomic entries match a journal header
– Related journal headers match a source wrapper
• Relationship to reporting
– bottom up (atom relates to taxonomies and elements) or
– top down (this report uses these atomic classifications)
• XBRL GL
– Reporting neutral
– “Fact gatherer”
Groupings of journal details
Journal Header
Journal Detail
Information about
related journal
headers
(e)Business and Accounting
Mirror
Image
VENDOR
Pre-sale
Offer
BUYER
Request for quotations Pre-purchase
Quotation
Sale &
delivery
Billing
Payment
Transfer
of funds
Control
Order
AR of order
Books
Delivery
Books
Books
Inventory
Books
Invoice
Books
Invoice
Books
Payment document
Books
Bank deposit
Books
Credit note
Books
Circularization
Control
Books
Financial statements
Source - Michel Lesourd - UN-EWG Paris - 03-00
Billing
Payment document
Books
Payment
Debit note
Books
Transfer
of funds
Circularization
Control
Books
Financial statements
archiving
Purchase
& delivery
Control
General Ledger
•
•
•
•
Bridge between EDI and XBRL Reporting
Foundational repository for Foundational Facts
Hub between Financial reporting, Tax and all others
Enabler of outsourcing/ASP
– Provides means to extract or download GL information from
outsource ASP in reusable, standardized format
– Insurance for ASP failure, problems, dissatisfaction
– Information available at any time, from anywhere, for
anyone responsible with rights to access it
– Facilitates
• Consolidations and other interoperability issues
• Migration between systems
Chart of Accounts
Accounting
Periods
Source
journals
Budgets
Mappings
versions years
Comparatives
years
Journal Entries
Standard, repeating,
recurring journals
T
O
Ledger
Mask
Standard
Reports
TB, Source
E
X
P
O
R
T
Custom
Reports, exports
X
M
L
I
M
P
O
R
T
Chart of Accounts
Accounting
Periods
Source
journals
Budgets
Mappings
versions years
Comparatives
years
Journal Entries
Standard, repeating,
recurring journals
F
R
O
M
Ledger
Mask
X
M
L
Standard
Reports
TB, Source
Custom
Reports, exports
Account
Amount
Date
EDIFICAS derived after-thefact GL-AR-APIM-PR-XX
One File, Three Levels
Accounting Entries
Entry Header
Entry Line
Chart of Accounts
Includes
Accounts
General Ledger details
Include primary postings
And customers, vendors
Departmental
allocations
Customer, vendor open
items
“General Ledger” Holds More
Cost or Analytical Accounting …
“General Ledger” Holds More
Legal issues
• Sequential logging and governmental audits
Book to Tax
Differences
Book =
Governmental Reporting
Software Developers
•
Pros
•
– Easier coupling, interface
• Less development required
to interface with third
party products
–
–
–
–
ASP
Add-ons
Financial reporters
Budgeting
– Specialization OK
• Users can use best
software for their own use
and use XBRL to
consolidate rather than
one package throughout
Cons
– Switching costs
• Easier for users to buy
complimentary products
outside of the vendor’s
family
–
–
Plug-and-play
Modular
• Easier for users to leave
product
–
Data migration path
End Result
data
Assurance Today
• No piece-meal opinions
• As a whole
• Relies on
– Materiality
– Subsequent events
• Documents on the Net are representations of paper
document; reusability limited
– HTML
– PDF
– Java(script)
• Questions surrounding where assurance ends
– Links off-site
– Management comment
data
Demands for Data Level Assurance
• Data level assurance is …
• Assurance on the data?
• Assurance on the processes, per se? … (necessary for)
• Assurance on the tags / “classifications”?
• Data level assurance
– Are the tags assigned correctly?
– Was it posted to the right account / bucket /
classification?
• Supplemental assurance
– Linkage to “taken as a whole”
• Presentation a non-issue
data
XBRL
• Tags assigned to data
• Data items can be presented
– As single fact
– Collectively as extract
– As entire financial statement
• Information reusable
• Tools exist to show what is covered under assurance
– This is where we need to go
data
XBRL
Promises to make financial information more discoverable
Enables integrated reporting, from point of entry to reporting
Will ride along on XML-related technologies
Move from presentation of data to data-centric model
Raise the bar on expectations
Partial: receivables and inventory information to bank
New: Performance metrics offered to shareholders
Continuous: Sales figure constantly updated on web site
Continuous audit
XBRL
Does not create the data level assurance need
Is a facilitator and catalyst
Can be part of the solution
data
XBRL
Is a CPA firm that creates an XBRL file doing a
compilation?
Does it need an accountant’s letter for the XBRL file itself
if the CPA firm creates it?
Can only the firm’s personnel assign tags to the file?
If the wrong tag but correct label are provided, what are
the repercussions?
What happens if only a partial financial statement is
represented with XBRL?
What about adding information not normally included?
data
How Can We Cope?
Technology to tie Company authorization and CPA assurance
To eDocument
To eData …
Must be
Transparent to non-technical users
Much simpler than assurance seals
Nearly impossible to counterfeit
coping
Selective Unfolding: Tax XML
TAX AUTHORITY
TAXPAYER
AGENT 1
Page 2
Tax information:
Page 1: General info
Page 2: Sales tax
Page 3: Motor fuels
Page 4: Corporate
Page 1 to
everyone
Page 3
AGENT 2
Page 4
Sees only cyphertext
AGENT 3
Hacker
coping
Selective Unfolding: Order XML
Page 2
Web buyer
AR
Web order
Page 1: General info
Page 2: credit info
Page 3: purchase info
Page 1 to
everyone
Page 3
Sees only cyphertext
Hacker
Shipping
coping
Why Does This Affect XBRL?
• XBRL for Financial Statements – today’s publicly
disclosed financial reporting information … right?
•Investors
•Creditors
•Managers
•Trading partners
•CPA
Publicly
Disclosed
Today’s F/R and
F/R Data
tomorrow’s business
metrics – publicly
disclosed.
Accounting and
Prediscloure
business reporting
data
data.
•Banks
•Consolidation
Traditional financial reporting – the tip of the iceberg?
coping
The User Matters …
Internet
live connection to netw ork
Here is the
login:
data
you are
password:
allowed
to see
Rights
check
Accounting Data Warehouse
User
•Need live
connection to
network
•Rights determine
access
coping
The User Matters …
D
I
S
C
O
N
N
E
C
T
Create
file
Accounting Data Warehouse
<?xml version="1.0"?>
<signed data key1 cyphertext
<signed
data key2 cyphertext
Internet
xml stored, mailed, etc.
Here is
the
Open
file
data
More
you
please?
My key
…are
Key
allowed
request
toto
see
see
now
User
•XML file archived
•Or email
•Or ftp
•User accesses XML
•Based on keys, sees
certain information
•More needed?
• Key request
•More information
opens
coping
Selective Unfolding: XBRL GL
Level 1
Bank
Level 3, filter by division
Investor relations
Divisional Manager
XBRL FR and GL
Top level: Public disclosure
Level 1: Segmental breakdown
Level 2: AR, AP, cash flow
Level 3: Full GL detail
Sees only Top level
Hacker
Level 2
Treasury Management
Public
Call to action
Key Considerations
• Data Level Assurance
– Tag
• Was tag applied to right number
– Data Fairly Presented In Context Of Overall Financials
• Item in context of the rest of the financials
• More than just numbers … links info (like going concern status) to
numbers
– Data Fairly Presented
• Item on its own
Call to action
Key Considerations
• Data Level Assurance Issues Is it possible?
–
–
–
–
Materiality in a data age
Assurance to numbers or to processes
Classification (is the tag right) or data (is the number right)
What is the investor's expectations of what this means?
Academic/Industry Relations
• "the most persistent observation . . . is that researchers
and users belong to .. separate communities with very
different values and ideologies and that these
differences impede utilization."
Beyer, J.M. & Trice, H.M. 1982. The utilization
process: A conceptual framework and synthesis
of empirical findings. Administrative Science
Quarterly, 27: 591-622.
Academic Involvement
•
So far
– Business Reporting on the Internet authors
• Lymer, Debreceny, Gray (and Rahman)
• LDB involved in development
– Bryant College
• Symposium and administrate the
– XBRL Academic Competition
• Students particpate in research, applications, taxonomy
– University of Kansas
• Helping Edgar Online with XBRLization of SEC filings
– Rutgers
• Awareness and considerations
– Seattle Pacific
•
• Working with vendor XBRL Solutions to create training materials
To come
– AAA Stovepipes coming together
Opportunities for Research and Teaching
•
Audit ramifications of XML
–
•
Development of performance
measurements items
–
•
XML changes roles
What is obsolete, new?
•
•
•
•
Financial reporting systems
–
•
•
GRI, Sustainability
Accounting and organizational
behavior
–
–
•
XML Audit and Control
•
What can happen?
Objective evaluations of value
What are keys to acceptance
and implementation
•
•
Digital signatures and
encryption
How does this serve the public
interest
Need the discipline of being
model oriented
How will this affect policy
making?
How do we best
–
–
Bring together communities
Provide rigor
– Encouraage future thought
What is the downside?
Data trust - how to live without
materiality and subsequent
events?
Questions?
•
Eric E. Cohen, CPA
– PricewaterhouseCoopers LLP
• 117 Rossiter Road, Rochester NY 14620-4127 USA
• 716.271.4070
• Internet
– [email protected]
pwc