This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Currently, the New York Stock Exchang is the largest worldwide, and requires the use of Extensible Business Reporting Language for reporting. In addition, in 2000, the Securities Exchange Commission (SEC) issued a new mandate regarding financial reporting (Fang, 2010). This mandate requires all publicly traded companies in the United States to begin filing their financial statements using XBRL. This mandate requires current accounting firms and business entities to expend significant resources in order to comply. Despite this large initial outlay, there are a variety of benefits to be gained by these organizations, which we will outline in the following pages and present why they are worth the expense.
The goal was to have large accelerated filers using Generally Accepted Accounting Principles (GAAP) to begin reporting with XBRL by the end of 2009, with the remaining companies reporting with it by 2011. The switch to XBRL is proposed as a means of making the reporting process more efficient and providing cost savings for companies. Currently, billions of dollars are wasted on reporting financial documents in Hypertext Markup Language (HTML) and Portable Document Format (PDF) (Farewell, 2005). The increased adoption of XBRL is expected to enhance financial reporting and result in significant efficiencies and cost savings. Hence, XBRL is supported by many corporations, the Big Four accounting firms, and a numerous of software companies.
Once companies have become compliant with this ruling, the SEC plans to implement the system Interactive Data Electronic Applications (IDEA) and phase out "EDGAR" the Electronic Data Gathering, Analysis, and Retrieval system (Fang, 2000). The SEC allocated 54 million dollars in 2006 to upgrades relating to the public company disclosure system (Filipek, 2007). Switching from EDGAR to XBRL will prove to be advantageous for gathering information on trends and other financial information. The main benefit is that since IDEA uses XBRL all the financial data is recorded at the data element level which makes importing and rearranging data more efficient.
We begin our study by explaining the basic fundamental principles that support XBRL. Next, we will describe the IT audit implications of using XBRL and the related benefits to auditors. Finally, we will detail the process used in implementing XBRL within organizations.
XBRL is an Extensible Markup Language (XML) based representation of accounting information. Through the use of this XML, accounting information is provided in a manner that presents better overall financial reporting. More specifically, with the implementation of XBRL, companies can apply multiple accounting standards through a tagging process (Bizarro & Garcia, 2010). With a more developed tagging scheme, XBRL Global Ledger (GL), accounting information is tagged in a standardized format that improves comparability and consistency internally, as well as across firms.
In beginning to enhance the financial reporting function with XBRL, companies must follow a very distinct set of steps to integrate accounting information with the XBRL tagging process. First, the financial statements of the firm must be mapped to a standard set of classifications that fall under an internally generated taxonomy. Their own internally created taxonomy must match the applicable standards they apply such as US GAAP or International Accounting Standards (IAS). The next step is to enhance the taxonomy to better match the accounting concepts and relationships that are unique to the firm. This process is called forming the discovery taxonomy set (DTS). The last step related to mapping accounting information for the financial reporting process is to create XBRL instance documents where the financial data may be stored (Bizarro & Garcia, 2010).
At a more detailed level, tagging data requires individual journal entries to be tagged based on the DTS created. For example, with a basic invoice generated within the accounting information system, to represent the fact that the invoice is stated in US Dollars, the tag "unitRef = usd" would be attached to the data. This process of tagging all relevant data about specific journal entries is followed throughout transaction processing. With a complete set of relevant data for each transaction, firms and external parties may easily review, compare, or dig into the inherent details of each transaction.
However, the tagging process must also be validated for error checking, and according to XBRL-Beyond the Basics, the following steps must be followed for proper validation (Bizarro & Garcia, 2010). First, the DTS created when first mapping must be used to verify that the XML format used is valid and well-formed. Next, tags implemented for the accounting data are matched to the DTS. In the last step of this process, the XBRL accounting data is checked for overall validation according to consistency rules established by XBRL specifications that are predetermined before implementation.
The overall structure and implementation of XBRL may appear daunting to many accounting professionals; however, XBRL may be implemented by accountants without direct knowledge about coding because XBRL implementation software may be used to begin the XBRL translation process (Wenger, Elam, & Williams, 2011).
With this established foundation of understanding of how the XBRL implementation process is completed, we must begin to describe why we should go through the trouble of further expanding XBRL to XBRL GL. Originally, XBRL was sought only for financial reporting, but with increased recognition of internally generated benefits that could be provided by XBRL, XBRL GL came into development. With XBRL GL, a new system was created that can store not only financial data, but also nonfinancial data throughout the transaction input process. Standardization at the transaction level has led to a more developed process of exchanging, storing, and even creating accounting databases internally. Further, XBRL GL may be implemented as an independent system, or the firm taxonomies can be expanded with add-on taxonomies for the firm's unique transaction needs (Bizarro & Garcia, 2010). Based on these added benefits, XBRL GL should be sought by firms; this position will be further defended with the following audit implications and overall benefits of XBRL and XBRL GL implementation.
IT Audit Implications
While XBRL has been required within financial reporting, there are still concerns. The new technology will require time before the majority of auditors feel comfortable using it. According to the Institute of Internal Auditors (IIA) in 2008, approximately 51%, a majority, didn't feel as though they have a thorough understanding of XBRL (Filipek, 2008). Since this is a tool that will be used within auditing, this creates various concerns. One of the most prominent is the concern regarding security.
Using XBRL can create additional security concerns for an entity. For the majority of firms there will be a need for additional controls along with and enhancement existing controls. "XBRL Beyond the Basics" outlines two types of controls that will need to be implemented, including general and application controls (Bizzaro & Garcia, 2011). For applications, this includes input, error, correction, and output controls that relate to the XBRL data. Also, any changes that are made to taxonomies should be tracked. This ensures data integrity. Generally, the secured network will require improvement. This entails improving firewalls, patches in operating systems, and any other possible vulnerability (Bazarro & Garcia, 2011). Anyone with knowledge of the XBRL tags could make unauthorized changes to the financial data. That makes the general security even more important than before.
There are four types of risks in implementing XBRL (Gray, 2007). The first is technology risk and involves the taxonomies used. If these taxonomies are either designed or implemented incorrectly, this could create problems with the data being pulled. The same is true of mapping errors. This requires an auditor to check the validity in tags and their corresponding data. According to the source, fraud risk is the third category. With no paper trail, XBRL can allow employees to collude to misrepresent the financial statements (Gray, 2007). Finally, there are external risks. This corresponds with the requirement previously mentioned about preventing outsider access. Again, this is to prevent outsiders from accessing and changing the information without authorization to do so.
Depending on the timing of the use of XBRL, there are additional issues. There is an approach referred to as the "Manual Last Mile Approach" in which XBRL is used at the end of an accounting cycle (Wenger, 2011). If not allocating enough time, there might not be sufficient time to test the controls over XBRL. That means that the auditors could be putting too much trust in a technology that requires additional consideration for security.
In addition, some software that implements XBRL also requires third party security (Wenger, 2011). The third party then has access to logs or even the data. These parties should be evaluated to ensure that they are independent third parties with no malicious intentions (Wenger, 2011). This is something that should be done with all third party security, but is especially true with such a new technology.
Benefits for Auditing
While there are various concerns surrounding XBRL technology, it will still provide tremendous benefits for auditors. These range from providing comprehensive information to creating a more standard audit. Overall, with proper implementation XBRL can not only make the audit more effective but less costly.
One of the major benefits of XBRL is the streamlined process of gathering information. Not only is it easier to gather information from one source but also multiple sources. This will be beneficial for parent subsidiary relationships (Gray, 2007). The XBRL tags can pull information from both the parent and subsidiary more accurately for consolidations. This enables auditors to work from one location (Filipek, 2008). Due to the fact that auditors have to spend less time gathering information, more time can be allocated to higher level analysis. This will significantly reduce the time and cost of an audit and make the overall audit more effective.
Financial information is more easily accessed by auditors through the use of XBRL. As a result, the client and auditors won't need to re-enter the financial information multiple times with various excel sheets and PDFs. This improves internal controls by maintaining data integrity when transferring financial data within firms and to auditors (Gray, 2007). This assumes however that the information was correct when entered and could cause a security concern if financial data was fraudulently entered and passed along.
One goal that should be established with XBRL implementation is that is should be incorporated not only in parents and subsidiaries, but also throughout the entire supply chain. In doing so, this creates an automated audit trail (Gray, 2007). As a result of this, employees and auditors are held more accountable for their changes and work with respect to their associated firms. With more comprehensive information, auditors should also be able to make more informed decisions. For example, with increased access to information, auditors will be able to better perform risk assessment through greater understanding of their client's related suppliers and distributors. It is believed that the risk assessment will also be more accurate due to increases in the amount of information and timeliness of the information provided (Gray, 2007).
Most of this information however may be available before the client presents documents. XBRL presents the potential for a more continuous auditing environment (Filipek, 2008). In continuous audits, the analysis is based on more timely information which is more reliable information (Bizarro & Garcia, 2011). With continuous auditing under XBRL, it is also cheaper to test items with low materiality. This enables the auditor to gather more evidence and establish more support for their opinion on the financial statements.
The XBRL technology however is not a stand-alone process. Multiple audit software applications, such as audit command language (ACL) and IDEA, incorporate XBRL (Bizarro & Garcia, 2011). This will enable auditors to make even more efficient and effective use of their time. Not only is the information gathered more seamlessly, but with these various applications, an auditor can better analyze the financial information.
While XBRL can be customized to various companies or industries, there are also standard implementations available. XBRL GL supports standard tags that aid communication between auditors and client employees (Bizarro & Garcia, 2011). These tags can also be applied to various engagements. The additional work put into developing XBRL technology can then be applied to multiple clients. This too makes XBRL more cost effective in the audit process.
Overall, XBRL does inherently have various security concerns but offers many advantages to auditing. When considering the implementation of XBRL in auditing, one should be sure to consider all potential impacts on the organization. Two key points however must also be kept in mind when deciding to expand upon implementation. The increased security cost can easily be offset by a more efficient and cost effective audit. The XBRL technology stands to significantly improve the audit process.
When faced with the task of implementing XBRL, companies can elect to outsource the project or develop the system in-house (Implementing XBRL). Factors that influence the decision to outsource or develop in-house include client-vendor relationship, capacity, cost, intellectual property, communication, customization, complexity, and expertise (Sledgianowski, 2010). Outsourcing the project would involve a third party developing an XBRL system for the company. The third party would have to obtain an understanding of the company and its operations in order to formulate a system with proper functionalities. This could be a long process, but the developer has the technical expertise to provide a functioning XBRL system. However, outsourcing to a third party could sacrifice customization. The developer might propose a "cookie-cutter" solution which is mass produced and not unique to the company.
Alternatively, the decision could be made to implement XBRL in-house. This presents a challenge because the company must first have the technical expertise to take on such a project. Those trying to implement XBRL must have a knowledgeable employee who can properly tag, ensure tags are applied to the correct data elements, and ensure the consistency of the tags as they apply to the taxonomy (Gray, 2007). There should be strong importance placed on the accuracy of tagging. When developing the XBRL system, the developer must choose the data elements that are mapped to each tag. Improper tags can impede the accuracy and completeness of the data requested. Accurate tagging helps to ensure the correct retrieval of requested information. Proper tagging can be achieved if the employee who produces reports is involved in the process (Gray, 2007). Together, the developer and staff employee can develop a taxonomy that is accurate, effective, and efficient. The involvement of staff will ensure that tags are created that will facilitate the performance of their jobs. Tags will be developed through the advice of the employee that will help users as they create financial statements. Tagging data accurately becomes even more important when the data can be updated in real-time (Gray, 2007). For example, if data mapped to a particular tag experiences unauthorized changes, the chance for errors increases. Data integrity and accuracy would be jeopardized due to a deficiency in internal controls. Enhanced network security and internal controls will be required, especially in a real-time environment. This will protect against unauthorized changes to data, which in turn increases data integrity (Gray, 2007).
Another process that affects both outsourcing and in-house development of XBRL systems is training. Whether an organization decides to outsource or develop the system in-house, the company's employees are still going to need training; therefore, training is not a decision criterion when considering outsourcing. XBRL will be new to the firm's employees and challenging to learn and use; therefore, the company should offer adequate training. The company should also schedule workshops and seminars that incorporate a hands-on environment with the new XBRL system; employee attendance would be mandatory. Upon completion of the seminars, a test should be administered to ensure all employees are proficient XBRL users.
An auditor should be brought in to assess the functionality and appropriateness of the XBRL system. The taxonomy needs to be examined to conclude if it reflects and supports the company's business operations (Gray, 2007). Auditors must also ensure the completeness and accuracy of the tagging process. The use of various validation tools is encouraged in order to determine the quality of XBRL data (Gray, 2007). Auditors should be wary of relying only on the company's validation tools because data quality may not be held to that high of a standard. According to Glen Gary's article Using XBRL - Audit and Control Implications, "This second opinion can flush out any issues concerning the improper use of tags, conflicting contexts, improper extension of base taxonomies, or just missing information" (Gray, 2007).
When implemented properly, XBRL can serve to improve the audit process. One advantage is that the information will be more readily accessible, accurate, and have more integrity overall. However, to ensure these characteristics are met, it is necessary to implement additional controls. The auditor should be prepared to better understand procedures and controls relating to the implementation of XBRL.
Overall, we have found that although it will consume a substantial amount of time and money, the benefits experienced from using XBRL are well worth it. We speculate that in the future XBRL will be widely accepted and will be applauded for its efficiencies and cost savings related to financial reporting. This is supported by the fact it has become a requirement for various financial reporting regulators.
Bizarro, Pascal A. and Andy Garcia. "Using XBRL Global Ledger to Enhance the Audit Trail and Internal Control." The CPA Journal (2011): 64-71. The CPA Journal. The New York State Society of CPAs, May 2011. Web. 02 Feb. 2013. <http://viewer.zmags.com/publication/d8af8eee#/d8af8eee/66>.
Bizarro, Pascal A. and Andy Garcia. "XBRL -Beyond the Basis: Benefits for Financial Reporting and Auditing." The CPA Journal (2011): 62-71. The CPA Journal. The New York State Society of CPAs, May 2010. Web. 02 Feb. 2013. <http://viewer.zmags.com/publication/3d5e33a6#/3d5e33a6/64>.
Fang, Jianing. "How CPAs Can Master XBRL." The CPA Journal (2011): 70-71. The CPA Journal. The New York State Society of CPAs, May 2000. Web. 02 Feb. 2013. < http://viewer.zmags.com/publication/9dd3d6ae#/9dd3d6ae/72>.
Farewell, Stephanie and Robert Pinsker. "XBRL and Financial Information Assurance Services." The CPA Journal. New York State Society of CPAs, May 2005. Web. 02 Feb. 2013. <http://www.nysscpa.org/cpajournal/2005/505/essentials/p68.htm>.
Filipek, R. Got XBRL?. Internal Auditor, . Retrieved , from http://www.theiia.org/intAuditor/itaudit/archives/2007/june/got-xbrl/
Gray, Glen, PH. D., CPA. "Using XBRL - Audit and Control Implications." Institute of Internal Auditors. 10 8 2007: n. page. Web. 8 Apr. 2013. <http://www.theiia.org/ITAuditArchive/index.cfm?catid=21&iid=552>.
"Implementing XBRL." Merrill Corporation. N.p.. Web. 08 Apr 2013. <http://www.merrillcorp.com/implementing-xbrl.htm>.
Pasmooij, Jan. "XBRL and Stock Exchanges." XBRL Around the World. Proc. of World Congress of Accountants 2010. N.p.: n.p., n.d. 10. Print.
Sledgianowski, Deb, Robert Fonfeder, and Nathan S. Slavin. "Implementing XBRL Reporting: Options and Issues to Consider." The CPA Journal (2011): 68-72. The CPA Journal. The New York State Society of CPAs, Aug. 2010. Web. 02 Feb. 2013. <http://viewer.zmags.com/publication/0fb1996c#/0fb1996c/74>.
Wenger, Mitchell R., RIck Elam, and Kelly Williams. "Global Ledger: The Next Step for XBRL." The CPA Journal LXXXI.9 (2011): n. pag. CPAJournal.com. NYSSCPA, Sept. 2013. Web. Jan.-Feb. 2013.