xbrl audit issues extensible audits presenter john ryan available at

XBRL Audit Issues

eXtensible Audits

Presenter John Ryan

Available at http://www.ryannetworks.com

Topic OutlineXBRL OverviewEasing Financial ReportingRed Flags for Accountants and

InvestorsAuditor’s New RolesSarbanes-Oxley 404 issues

XBRL OverviewHistoryGoalsOutlookLooking DeeperExamples

HistoryStarted as AICPA projectAdopted by w3cCreation of XBRL.orgAccepted by Microsoft, SEC

GoalsCommon LanguageTo reduce filing burdensNapster for accountantsLower the cost of finance depts.

The XBRL GL was created to meet these goals:

Multi-GAAP, drill-up to multi-XBRL reporting taxonomies.

Standard format for 3rd-party software to create journal entries to pull into client GL system.

Standard format to move unposted and posted GL information back and forth from branch offices to consolidating systems, budgeting and forecasting tools, reporting tools.

Goals Cont. Standard format to upload general ledger

information as well as payables and receivables master files and open balances in migrating from one system to another or moving information to or from an Internet Application Service Provider (ASP).

Standard format to move information from client systems to CPA/CA.

Standard format to move information from one CPA/CA system (e.g., write-up) to another (e.g., tax) in an international context.

Goals Cont… Standard format to represent open receivables, open

payables, inventory balances, and other asset-based measures for sharing with banks.

Tool for representing detail drill-down for performance measurement reporting items.

Extensible for any type of mandatory audit trail. Extensible for meeting any "sub-ledger" need. Designed as XBRL spec-compliant but for easy

translation to other uses; cannot assume that XBRL period, entity, unit and other context (numeric, nonnumeric) will automatically be there.

OutlookAdoption by Microsoft, and the SEC

(Edgar Online)Adoption by 100% of major accounting

packages, Oracle, Peoplesoft, SAS…Still Immature (SEC XBRL filings are

hidden inside .gif files to avoid rejection)Thousands of Dollars problem

Instance Document Creation Blast Radius (XMetal) CaseWare International Creative Solutions Fujitsu Hitachi Systems and Services Microsoft Business Solutions Semansys Technologies Ubmatrix

Taxonomy CreationFujitsu Hitachi Systems and Services SemansysUbmatrix

XBRL ValidationDecisionSoftJ2RFujitsu Semansys Technologies UBmatrix

Easing Financial ReportingAgreement on TermsCreate One Data Set

Distribute multiple forms

Agreeing On Terms – Context

Word Context Meaning

Mercury Astronomy Planet

Mercury Greek God

Mercury Chemistry Element

Mercury Music Company

Mercury Auto Car

Mercury Aerospace Rocket

XBRL is XML – The Absolute Beginners Guide to XML

<!-- The original html recipe -->

<HTML>

<HEAD>

<TITLE>Lime Jello Marshmallow Cottage Cheese Surprise</TITLE>

</HEAD>

<BODY>

<H3>Lime Jello Marshmallow Cottage Cheese Surprise</H3>

My grandma's favorite (may she rest in peace).

<H4>Ingredients</H4>

<TABLE BORDER="1">

<TR BGCOLOR="#308030"><TH>Qty</TH><TH>Units</TH><TH>Item</TH></TR>

<TR><TD>1</TD><TD>box</TD><TD>lime gelatin</TD></TR>

<TR><TD>500</TD><TD>g</TD><TD>multicolored tiny marshmallows</TD></TR>

<TR><TD>500</TD><TD>ml</TD><TD>cottage cheese</TD></TR>

<TR><TD></TD><TD>dash</TD><TD>Tabasco sauce (optional)</TD></TR>

</TABLE>

<P>

<H4>Instructions</H4>

<OL>

<LI>Prepare lime gelatin according to package instructions...</LI>

<!-- and so on -->

</BODY>

</HTML>

Now in XML<?xml version="1.0"?>

<Recipe>

<Name>Lime Jello Marshmallow Cottage Cheese Surprise</Name>

<Description>

My grandma's favorite (may she rest in peace).

</Description>

<Ingredients>

<Ingredient>

<Qty unit="box">1</Qty>

<Item>lime gelatin</Item>

</Ingredient>

<Ingredient>

<Qty unit="g">500</Qty>

<Item>multicolored tiny marshmallows</Item>

</Ingredient>

<Ingredient>

<Qty unit="ml">500</Qty>

<Item>Cottage cheese</Item>

</Ingredient>

<Ingredient>

<Qty unit="dash"/>

<Item optional="1">Tabasco sauce</Item>

</Ingredient>

</Ingredients>

<Instructions>

<Step>

Prepare lime gelatin according to package instructions

</Step>

<!-- And so on... -->

</Instructions>

</Recipe>

A Markup

<!-- This is the example DTD for the example XML -->

<!ELEMENT Recipe (Name, Description?, Ingredients?, Instructions?)>

<!ELEMENT Name (#PCDATA)>

<!ELEMENT Description (#PCDATA)>

<!ELEMENT Ingredients (Ingredient)*>

<!ELEMENT Ingredient (Qty, Item)>

<!ELEMENT Qty (#PCDATA)>

<!ATTLIST Qty unit CDATA #REQUIRED>

<!ELEMENT Item (#PCDATA)>

<!ATTLIST Item optional CDATA "0"

isVegetarian CDATA "true">

<!ELEMENT Instructions (Step)+>

XSL

<?xml version="1.0"?>

<xsl:stylesheet xmlns:xsl="http://www.w3.org/TR/WD-xsl">

<xsl:template match="/Recipe">

<HTML>

<HEAD>

<TITLE>

<xsl:value-of select="Name"/>

</TITLE>

</HEAD>

<BODY>

<H3>

<xsl:value-of select="Name"/>

</H3>

<STRONG>

<xsl:value-of select="Description"/>

</STRONG>

<xsl:apply-templates/>

</BODY>

</HTML>

</xsl:template>

XBRL Concept There are two components that we can consider: an XBRL instance and its associated taxonomy set. While the XBRL instance contains the concrete facts (e.g., the value of the business concept "sales_per_share") being reported, the

taxonomy contains descriptions of the business concepts (e.g., the description of the business concept "sales_per_ share", what its syntax is, how it is calculated, etc.) that are being reported.

Example XBRL

<ifrs-gp:AssetsHeldSale contextRef=“Current_AsOf”

unitRef=“U-Euros” Decimals=“0”> 100000 </ifrs-gp:AssetsHeldSale>

TaxonomiesApproved Taxonomies comply with

official guidelines for the taxonomy and with the XBRL Specification

Acknowledged Taxonomies meet the XBRL Specification only

Private Taxonomies have no requirements

Link Base – Five Links in Three Categories

Label links (labelLink) Reference links (referenceLink) Relation links (calculationLink,

definitionLink, presentationLink)

Label And Ref LinksLabel and reference links relate business concepts to metadata. For instance, label links can associate concepts with text strings that can be used to label (or otherwise document) the concept in a report

(e.g., the label "Revenues in most recent quarter" for the item revenueMRQ defined in the taxonomy). Multiple labels can be defined for a single business concept in different languages. The XBRL instance author can decide which labels to use for that particular instance.

Labels used for Authority

Similarly, reference links can associate references to authoritative literature in the business domain. The mechanism used is similar to the label links in that you define a reference link with a locator for the business concept, one or more references to documentation, and a referenceArc defining the association between the locator and the reference(s).

Links For Calculations

In contrast to label and reference links that relate business concepts to metadata, relation links relate business concepts to other business concepts. For example, calculation links define how a given concept figures in the calculation of another business concept. For example, the concept "profitAfterTax" is calculated from the concepts "profitBeforeTax" and "taxPaid" by subtracting one from the other.

profitAfterTax = weight(1) * profitBeforeTax + weight(-1)*taxPaid

More About LinksThe relationship between these three business concepts is captured in the calculationLink in Figure 3.

Definition links describe several types of relationships among business concepts, such as generalization-specialization

relationships (e.g., "postalCode" is a generalization of "zipCode") among others. Presentation links, as the name implies, define the relationships between concepts from a presentation perspective (e.g., in the presentation of the report, a parent/child relationship should be shown between "sales" and "printerSales").

Sample XBRL Application

Index of TaxonomiesJurisdiction Taxonomy Spec Level Status

Australia GAAP Commercial and Industrial 2.0 - -

Canada GAAP Primary Financial Statements

2.0 Ack Draft

Germany AP Commercial and Industrial 2.0 Ack Draft

IASB IFRS General Purpose 2.1 Ack Draft

Korea GAAP Primary Financial Statements

2.0 Ack Draft

New Zealand GAAP Commercial and Industrial 2.1 Ack Draft

UK GAAP Commercial and Industrial 2.1 Ack Draft

Inland Revenue – Corporation Tax 2.1 - -

US US FR Taxonomy Framework 2.1 Ack Draft

GAAP Commercial and Industrial 2.0 Ack Draft

GAAP – Banking and Savings Institutions

2.0

Red FlagsEasy shifting of data between

accounting modelsQuick and Dirty Ratio TestingNon-Audit Fees and Bond Rating

Effects of Financial Leverage on ROEAssume cost of debt is 8% and total

assets = $100EBIT = earnings before interest and

taxesEBT = earnings before taxesROE =

return on equityTax Rate = 50%. Assume losses result

in tax credit

Panel A 0% Leverage

Rates of return on assets 0% 4% 8% 12% 16%

EBIT $0.00 $4.00 $8.00 $12.00 $16.00

Interest Expense 0 0 0 0 0

EBT $0.00 $4.00 $8.00 $12.00 $16.00 Taxes 0 2 4 6 8

Earnings avail com eq $0.00 $2.00 $4.00 $6.00 $8.00

ROE 0.00% 2.00% 4.00% 6.00% 8.00%

Panel B 25% Leverage

ROA 0% 4% 8% 12% 16%

EBIT $0.00 $4.00 $8.00 $12.00 $16.00

Interest Expense -2 -2 -2 -2 -2

EBT ($2.00) $2.00 $6.00 $10.00 $14.00

Taxes -1 1 3 5 7Earnings avail com eq ($1.00) $1.00 $3.00 $5.00 $7.00

ROE -1.30% 1.30% 4.00% 6.70% 9.30%

Panel C 50% Leverage

ROA 0% 4% 8% 12% 16%

EBIT $0.00 $4.00 $8.00 $12.00 $16.00

Interest Expense -4 -4 4 4 4

EBT ($4.00) $0.00 $12.00 $16.00 $20.00

Taxes -2 0 6 8 10

Earnings avail com eq ($2.00) $0.00 $6.00 $8.00 $10.00

ROE -2.00% 0.00% 4.00% 8.00% 12.00%

Panel D 75% Leverage

ROA 0% 4% 8% 12% 16%

EBIT $0.00 $4.00 $8.00 $12.00 $16.00

Interest Expense -6 -6 -6 -6 -6

EBT ($6.00) ($2.00) $2.00 $6.00 $10.00

Taxes -3 -1 1 3 5

Earnings avail com eq ($3.00) ($1.00) $1.00 $3.00 $5.00

ROE -12.00% -4.00% 4.00% 12.00% 20.00%

Risk

Capital Markets

Expected Returns

E(Risk)Ris(free)

Sigma

Security Markets

Expected Returns

E(Risk)Ris(free)

Beta

Horrigan Bond Rating Model Z=(1.197 x X0) + (.034 x X1) + (.272 x X2) –

(.501 x X3) + (4.519 x X4) – (.203 x X5) X0 1 or (0) if the bond is un-subordinated

(subordinated) X1 = Total Assets X2 = Common equities / total debt X3 = Working capital /sales X4 = Operating profit / sales X5 = Sales / stockholders’ equity

RatingsAAA 2.855 < ZAA 2.094 < Z < 2.855A 1.062 < Z < 2.094BBB 0.838 < Z < 1.062BB 0.360 < Z < 0.838B or Lower Z < 0.360

Non-Audit Fees and Bond Rating – AaronCrabtreePresentation at www.bus.lsu.edu

Recent accounting scandals and perceived audit failures have resulted in excessive criticism of the accounting and auditing professions. […] Our research investigates one aspect of this situation by exploring the effects that non-audit services performed by a firm s external auditors have on perceived auditor independence in the bond market. Specifically, we analyze the effects that the magnitude and relative degree of non-audit services have on the bond rating process. Regression results indicate that the amount of non-audit services provided by a firm s external auditors is negatively associated with that client s bond rating. […] provide empirical evidence regarding the role that audit and non-audit service fees play in establishing a firm s bond rating.

Trouncing the DOW Pension Fund (by Kenneth Lee)Uses Ratios do determine Buy and Sell

PointsGood Track Record based on ROE vs

price movements (28% avg annual return from 1973-1996.)

In 2001 Buys Coca-Cola because ROE is up 50% but price is not

Coke Misbehaves

Stephen Taub, CFO.com - January 16, 2004

The Coca-Cola Co. announced that the Securities and Exchange Commission has launched a formal investigation of the soft-drink giant.

The probe stems from allegations made by former finance manager and whistle-blower Matthew Whitley, who sought a $44.4 million settlement from the company on the grounds that he had been fired in retaliation for raising concerns about accounting fraud….

Coke Admits Misbehavior

Atlanta Journal 6/18/03

Coca-Cola admitted Tuesday that a high-level employee faked […] a written apology from Coke's president and chief operating officer.

The extraordinary exchange highlighted a day in which Coke admitted to some -- but not all -- of the allegations raised by a former employee, Matthew Whitley. […] wasn't told about the deception when Coke discovered it in 2001. Fisher was fined, but he kept his job and even was promoted. He no longer works for Coke.

The Cause ?

Coke's largest shareholder, Warren Buffett, has argued that the existence of stock options has induced many executives to doctor financial reports in order to inflate the price of company shares. Enron executives, for example, received tens of millions of dollars by cashing in stock options while their company's financial statements showed false information.

"I think accounting generally, in recent years, has deteriorated and it's done so with the help of management," said Mr. Buffett, who is a member of the boards of directors of Coca-Cola and The Washington Post.

My Investment went Ouch! – The CureSarbanes-OxleyContinuous, timely auditingTransparencySeparation of Auditors & ConsultantsXBRLCould XBRL help predict this?

MINI – Minority Interest Net Income

Coke (Parent)Bottlers (Subsidiary)

Conslidated Entity

Net Operating Revenues 20,092.00 15,700.00 30,663.00Cost of Goods Sold (6,044.00) (9,740.00) (11,078.00)Gros Profit 14,048.00 5,960.00 19,585.00SG&A Expenses (8,696.00) (5,359.00) (13,632.00)Operating Income 5,352.00 601.00 5,953.00Interest Income 325.00 0.00 325.00Interest Expense (289.00) (753.00) (1,042.00)Investment Income 152.00 0.00 275.00Other Income 130.00 2.00 132.00Minority Interest Net Icome 0.00 0.00 198.00Income Before Taxes 5,670.00 (150.00) 5,841.00Income Taxes (1,691.00) 131.00 (1,560.00)Net Income before Accounting Change 3,979.00 (19.00) 4,281.00Cummulative Effect of Accounting Change (10.00) (302.00) (312.00)

Net Income 3,969.00 (321.00) 3,969.00

Exibit 1 Financial Statement of CocaCoal (CCE - in Millions of DollarsPanel A: Income Statement for the Year ending December 31 2001

MINI is computed as the shareholders interest in the subsidiary’s income. All other Items are simply added. Note that the Parent Income and the consolidated income are equal. Note that while Coke (parent) is bigger CCE’s interest expense is greater. Suggesting Coke is parking liabilities.

Consolidated Ratios

Financial ratios show the discrepancy between the equity method and the consolidated method. All ratios are negatively impacted. Financial leverage is the hardest hit. Debt to equity Doubles, while debt to tangible equity goes negative. Return metrics are also negatively impacted

Financial Ratios of CocaCola Equity Method vs Consolidation

  2001 2000  

Financial RatiosEquity

Consolidated Equity Consolidated

Current Ration 0.85 0.77 0.71 0.74  

Debt to Equity 0.97 2.39 1.24 2.80  

Debt to Tangible Equity 1.26 (8.21) 1.56 (7.29)  

Debt to Assets 0.49 0.70 0.55 0.74  

Debt to Tangible Assets 0.56 1.14 0.61 1.16  

Gross Profit 0.70 0.64 0.69 0.63  

Return On Sales 0.20 0.13 0.11 0.07  

Return On Assets 0.18 0.09 0.10 0.05  

Return on Tangb Assets 0.20 0.14 0.12 0.08  

Return on Equity 0.35 0.30 0.23 0.20  

Return on Tangb Equity 0.45 (1.04) 0.29 (0.52)  

Times Interest Earned 20.62 6.61 8.60 3.82  

Inventory Turnover 5.73 6.45 5.82 6.55  

Receivables Turnover 10.90 9.06 11.32 9.73  

LTD to Equity 0.11 0.88 0.09 1.02  

LTD to Assets 0.05 0.26 0.04 0.27  

Other Bad Actors using Equity MethodEnronBoston ChickenElanWorldCom/Embratel…

Other Methods of Debt Hiding Lease Accounting

Lease Trouble at Delta and others Banks get preferred Airplane lease rates Recalculate Airline Debt using lease payments

and work backwards Pension Accounting

Pension troubles at AMR, Delta, Avaya, Goodyear, GM, Delphi, Navistar, and Ford

Restate the Pension debt at realistic interest rates Debt matters including Pension Debt

University of Illinois – XBRL Kirkwood Credit Analyzer

Ratio Cmpq Dell HP IBM

AssetTurnover 1.53 2.75 1.26 1.01

CurrentRatio 1.17 1.48 1.51 1.09

DaysCOGSInventory 24.24 5.96 57.91 32.58

[…]

Earnings Manipulation Probablity: 0.38% 0.36% 0.17% 0.80%

Issues for XBRLTaxonomy Selection Issues

Select One or More Taxonomies Implementation Issues

Must Map Data Elements to LabelsPoor Flexibility

XBRL is FlatNo Security

Auditor’s New RolesXBRL ValidationRound TrippingSource verification Instance verificationCompleteness verification

XBRL Validation Roundtripping Two Validation Levels

Level I – Well Formed – valid XML Level II – Valid – tests the schema for this (XBRL

document

Still need to test for application conformance XSLT generation from multiple Instances

Round Tripping

Roundtripping takes a document from its original form (e.g. XHTML) then translates it to another form (e.g. XBRL), and returns it to its original form.

Often this simple test will expose many flaws in an XBRL implementation and is a quick auditor trick to validate the XBRL generation process.

Source VerificationWorkflow

Control PointsSecurity

Horizontal Vertical

Integrity, Authentication, Authority

Security

"The use of vertical XML standards in financial services is on the rise. However, for XML standards such as MDDL, XBRL, RIXML to achieve widespread adoption, robust security for privacy, non-repudiation, trust and message integrity will be critical," said Mary Knox, principle analyst, Financial Services at Gartner. "Horizontal Web services standards like WS-Security, XML Encryption, XML Digital Signatures and SAML are all key enablers to the increased use of XML in financial services."

Supplementing with XML Security

XML Security Suite is a tool that provides security features such as digital signature, encryption, and access control for XML documents. These features are beyond the capability of transport-level security protocols such as Secure Sockets Layer (SSL). The goals in creating this technology were to contribute to standards development by providing sample implementations and to supply advanced technologies to partners and developers and to gather their input.

How it Works/Where to Get – Commercial Software

Digital signature implementation based on "XML-Signature Syntax and Processing" by W3C/IETF

XML encryption implementation based on "XML Encryption Syntax and Processing" by W3C

XML Access Control Language and implementation

http://alphaworks.ibm.com/nav/security?open&c=security+-+Utilities

Keel Public Domain Model: Service for interacting with application or

business logic. Persistence: Service for managing storing and

retrieving object states and data. Security: Service for managing security of

application, including authentication and authorization.

Scheduling: Service for scheduling the execution of the application's various functionalities.

Crypto: Service for encryption of transmitted application data.

Instance VerificationJust because it is valid XBRL does not

mean The calculations follow GAAP That the data is valid That you have access to the data That the Instance can be parsed by your

parser

Completeness VerificationJust because it is XBRL does not mean

that all required fields are reported to the correct agency

That all financial data made it into the Instance

ConsistencyJust because it is XBRL doesn’t mean

that Labels aren’t overwritten in new an

incorrect ways That the data was transmitted correctly That a filter along the way did not remove

key data

Sarbanes-Oxley Requirement

Most public companies registered with the Securities and Exchange Commission (SEC) will soon be subject to internal controls reporting similar to the requirement imposed on the large U.S. banks and other insured depository institutions more than 10 years ago. Under Section 404 of the Sarbanes-Oxley Act, most SEC registrants (other than registered investment companies) must report annually on the effectiveness of their internal controls, and their independent auditors must attest to management?s conclusions

SOX section 404

Sarbanes-Oxley 404 issues More and Faster Reporting More Internal Controls, More blackout

periods, more separation of duties etc. IT departments responsible for security Unprepared IT departments Standard controls not defined for workflow

model Workflow’s are not organizationally

understood

Example 404 Checklists

Checklist Cont.

Checklist Cont.

Checklist Cont.

Using Keel to Develop ControlsWeb Based Control ChecklistApp to implement, Test and Report

WorkFlow Design Field level Encryption Signed wrappers

Keel Environment

Keel is ready made server side infrastructure. Keel incorporates multiple open source projects to provide you with a best of breed framework that works right out of the box.

* Security layer

* Database abstraction layer

* Messaging layer

* Business logic layer

* User Interface layer

* Struts

* Cocoon

* Velocity

* Eclipse

Eclipse & Java

XBRL Audit Issues Summary XBRL is XML with all that entails XBRL can save your investments XBRL is a powerful tool to allow auditors to

quickly perform audits A lot of work needs to be done before these

systems are mature Sarbanes-Oxley will further burden Auditors

with its IT knowledge requirements