|
Internal auditors should play a key role in evaluating ntrols for the XBRL reporting process.
Approximately 9,000U.S.mpanies have submitted more than 50,000filings in Extensible Business Reporting Language (XBRL)since the beginning of a three-year rollout that was mpleted in June 2012.All U.S.publicly listed mpanies now must make XBRL filings at the same time as traditional filings to the U.S.Securities and Exchange mission (SEC).Although the SEC expects these filings to be nsistent,that is not always the case for many mpanies.This is hardly surprising given the steep learning curve for filers,the size and mplexity of the “digital dictionary”they have to work with,and the fact that the full rollout of XBRL only recently has been mpleted.
XBRL filing is management’s responsibility and not the responsibility of the mpany’s filing agent or external nsultant;the SEC views the XBRL filing as subject to disclosure ntrols and procres.Yet often mpanies rely on these third parties not only to prepare the filings but also to check and review them,thereby abdicating their responsibility,but not their acuntability.Mistakes made in the XBRL formatting process can result in nonmpliance (i.e.,XBRL submission rejected from the EDGAR database of U.S.mpany reports),or more mmonly,can result in inaurate information in the XBRL document and data that is innsistent with the mpany’s traditional HTML filing.
Developing an XBRL-formatted financial statement requires knowledge of the financial statements,acunting,and XBRL.This is where the internal auditor can provide vital assistance in determining whether the mpany has a sound financial reporting process and established ntrols in place over the XBRL financial reporting process.Specifically,auditors can help assess whether the mpany is following steps needed to ensure the auracy of its XBRL filings,including having an independent internal review process in place,adequately trained personnel to review the XBRL data,and appropriate tools to facilitate the review process.
FILING REQUIREMENTSBefore beginning their work,internal auditors need to understand the SEC’s requirements for XBRL filings.The SEC will aept only valid XBRL filings that mply with the XBRL global specification,a technical specification that is maintained by XBRL International,a nsortium of mpanies,ernments,and individuals dedicated to XBRL adoption.Also,the XBRL documents submitted to the SEC must mply with the EDGAR Filing Manual (EFM),which lists rules to which mpanies need to nform.The intent of the EFM is to nstrain the XBRL document so that the information can be analyzed nsistently by users of the data.The EFM applies to all filings made in XBRL,be it a 10-K,10-Q,risk return prospectus for a mutual fund,or reporting payments for resource extraction.
Lastly,the filing should be nsistent with the HTML filing,which is the traditional public mpany submission to the EDGAR system that ntinues to be required along with the XBRL filing.This is where it is imperative that the mpany has adequate ntrols over the translation process.Without these procres in place to implement the principles and criteria,many problems can our as part of the tagging process (see “mon XBRL Filing Problems”below).These include:
Positive values are entered as negative amounts and vice versa.
Values are entered inappropriately into XBRL tables.
Values that should match in the financial statement and notes are not the same.
Inappropriate tags are used to tag financial line items.
Items are entered with an inrrect scale (e.g.,the mpany’s public float of US $500million is entered as US $5,000or alternatively,assets of US $5million are entered as US $5billion).
panies create new tag extensions for tags that already exist in the list of tags (U.S.Generally Aepted Acunting Principles (GAAP)taxonomy)published by the Financial Acunting Standards Board or the SEC-published ncepts vering document entity information and untry and state listings.
panies neglect to report calculation relationships representing totals among financial line items reported.
Required disclosures are absent from the XBRL filing.
Values in the XBRL filing are not updated from filing to filing.This is particularly prevalent when reporting the financial year-end.
Values are transposed from the original HTML filing.
AUDIT STEPSWhen reviewing the anization’s financial reporting processes and ntrols,internal auditors should ensure that XBRL reporting is included within the spe of the review.XBRL typically has been viewed as the realm of the IT auditor.Although XBRL preparation and nsumption relies heavily on IT processes,there are some manual review steps that must be performed.In addition to having a good understanding of financial reporting disclosure ntrols and procres,members of the audit team should understand how XBRL works,so they can identify ntrol deficiencies in the anization’s XBRL preparation process quickly and effectively.To prepare for this work,auditors can nsult two publications from the American Institute of Certified Public Acuntants’(AICPA’s)XBRL Assurance Task Force:Performing Agreed-upon Procres Engagements That Address the pleteness,Auracy,or nsistency of XBRL-tagged Data (SOP 09-1)and the recently released Principles and Criteria for XBRL-formatted Information,which details the procres and broad categories of review that should be vered as part of preparing an XBRL filing.Taking the following steps will give internal auditors the information they need to evaluate the risks posed by the XBRL process within their anization and advise the mpany about the steps needed to mitigate those risks.
Review the Process
The internal auditor needs to review the process by which XBRL filings are prepared.Principles and Criteria for XBRL-formatted Information gives preparers,reviewers,practitioners,and users of XBRL-formatted information a basis to evaluate those files.The document details four principles that can be used to evaluate the quality of XBRL-formatted information:
pleteness of XBRL files.
Mapping of source information.
nsistency of XBRL files with the source information.
Structure of XBRL files.
These principles should be applied in acrdance with the requirements of the anization’s reporting environment.Questions the internal auditor should pose to the external reporting staff include:Is the mpany’s XBRL filing nsistent with the data reporting in the traditional HTML filing?Does it ver all financial statement captions included in the traditional filing,not including management discussion and analysis?Will the data produced be nsistent with other mpanies’XBRL filings within the same industry?Is the XBRL document structurally and technically sound such that it will be aepted by EDGAR and be useable by XBRL software?Will the data produced be aurate and nvey what was intended by the external reporting team?
Review Experience
Internal auditors should assess the financial reporting staff’s XBRL knowledge and experience.To assess whether the staff has the appropriate level of experience,the internal auditor should ask:Has the staff had the appropriate training?Have staff members attended sufficient training urses that focus on the U.S.GAAP Taxonomy and the underlying XBRL process,rather than how to use their anization’s XBRL creation software?Do they have ntinuing professional cation hours in XBRL creation,or have they obtained a certificate demonstrating their XBRL knowledge?The AICPA in njunction with XBRL US,the nonprofit nsortium for XBRL reporting in the United States,is developing the XBRL US GAAP Certificate program to address the varied XBRL experience across reporting anizations.The certification is expected to launch in mid-2013.
Review XBRL Tools
Due to the size and mplexity of XBRL filings,the anization needs to have automated tools in place to nfirm that the filing is XBRL valid,mplies with the EFM,and is nsistent with the U.S.GAAP Taxonomy.Internal auditors should nfirm with their external reporting team that these tools are in place.Most software used for XBRL preparation inrporates XBRL specification validation and EFM validation.There are several automated steps that also should be deployed to determine whether the filing is nsistent with the U.S.GAAP Taxonomy and the HTML filing.At a minimum,the filer should render the document using the SEC rendering engine,a previewer tool on the SEC’s web that enables users to test how an XBRL filing will appear on the when it is submitted through EDGAR.Once a mpany mpletes its interactive data submission via EDGAR,the results of the rendering engine will be presented with the official filing on the SEC’s web.
In addition to mparing the filing for mpleteness,the filer should check its filings automatically against peers and previous filings.Internal auditors should nfrm that the external reporting team has the appropriate tools in place to perform this assessment.XBRL US provides automated tools to facilitate this process;the anization’s nsistency Checks tool has more than 13,000rules that check for nsistency in the filings and identify problems.
Review Taxonomy Updates
Internal auditors need to determine whether the anization is using an approved XBRL taxonomy,which is a list of tags that the filer must use when filing with the SEC.These tags are updated and published every year.This means that a filer needs to update the taxonomy it uses at least once every two years.While the FASB publishes new taxonomy releases every year,the SEC currently allows filers to ntinue using the previous taxonomy release for a specified time.Effectively,this means that two releases of the taxonomy are always available to filers.New taxonomy releases represent a ntrol risk to the anization as new tags beme available and existing tags are removed.Auditors need to ensure the mpany has adequate ntrols in place to update the filing to the new taxonomy,as well as check that elements removed from the taxonomy are replaced in the mpany filing and that new ncepts are evaluated to determine whether extension elements should be replaced.
INCREASINGLY GLOBAL RISKSXBRL reporting is quickly expanding globally as a standardized method for reporting to regulators and investors.In Australia for example,mpanies are required to report to all regulatory agencies in XBRL;this approach,called Standard Business Reporting,is designed to rce the regulatory burden on mpanies of reporting multiple times to multiple agencies.In the United States,XBRL is required for filings submitted to the Federal Deposit Insurance rp.,in addition to the SEC.
As with the SEC,the transfer of mpany information to regulatory bodies throughout the world is expected to be mplete,aurate,and reliable.Inaurate reporting of XBRL-formatted information represents a risk to the anization that is likely to increase over time.Internal audit departments should be aware of these risks and develop audit procres to determine whether existing ntrols are appropriate,clearly managed,function as designed,and are mmunicated throughout their anization.
中文新闻:http://www.xbrl-/2013/0730/92732.shtml |
