xbrl audit issues extensible audits presenter john ryan available at
Post on 19-Dec-2015
220 views
TRANSCRIPT
XBRL Audit Issues
eXtensible Audits
Presenter John Ryan
Available at http://www.ryannetworks.com
Topic OutlineXBRL OverviewEasing Financial ReportingRed Flags for Accountants and
InvestorsAuditor’s New RolesSarbanes-Oxley 404 issues
XBRL OverviewHistoryGoalsOutlookLooking DeeperExamples
HistoryStarted as AICPA projectAdopted by w3cCreation of XBRL.orgAccepted by Microsoft, SEC
GoalsCommon LanguageTo reduce filing burdensNapster for accountantsLower the cost of finance depts.
The XBRL GL was created to meet these goals:
Multi-GAAP, drill-up to multi-XBRL reporting taxonomies.
Standard format for 3rd-party software to create journal entries to pull into client GL system.
Standard format to move unposted and posted GL information back and forth from branch offices to consolidating systems, budgeting and forecasting tools, reporting tools.
Goals Cont. Standard format to upload general ledger
information as well as payables and receivables master files and open balances in migrating from one system to another or moving information to or from an Internet Application Service Provider (ASP).
Standard format to move information from client systems to CPA/CA.
Standard format to move information from one CPA/CA system (e.g., write-up) to another (e.g., tax) in an international context.
Goals Cont… Standard format to represent open receivables, open
payables, inventory balances, and other asset-based measures for sharing with banks.
Tool for representing detail drill-down for performance measurement reporting items.
Extensible for any type of mandatory audit trail. Extensible for meeting any "sub-ledger" need. Designed as XBRL spec-compliant but for easy
translation to other uses; cannot assume that XBRL period, entity, unit and other context (numeric, nonnumeric) will automatically be there.
OutlookAdoption by Microsoft, and the SEC
(Edgar Online)Adoption by 100% of major accounting
packages, Oracle, Peoplesoft, SAS…Still Immature (SEC XBRL filings are
hidden inside .gif files to avoid rejection)Thousands of Dollars problem
Instance Document Creation Blast Radius (XMetal) CaseWare International Creative Solutions Fujitsu Hitachi Systems and Services Microsoft Business Solutions Semansys Technologies Ubmatrix
Taxonomy CreationFujitsu Hitachi Systems and Services SemansysUbmatrix
XBRL ValidationDecisionSoftJ2RFujitsu Semansys Technologies UBmatrix
Easing Financial ReportingAgreement on TermsCreate One Data Set
Distribute multiple forms
Agreeing On Terms – Context
Word Context Meaning
Mercury Astronomy Planet
Mercury Greek God
Mercury Chemistry Element
Mercury Music Company
Mercury Auto Car
Mercury Aerospace Rocket
XBRL is XML – The Absolute Beginners Guide to XML
<!-- The original html recipe -->
<HTML>
<HEAD>
<TITLE>Lime Jello Marshmallow Cottage Cheese Surprise</TITLE>
</HEAD>
<BODY>
<H3>Lime Jello Marshmallow Cottage Cheese Surprise</H3>
My grandma's favorite (may she rest in peace).
<H4>Ingredients</H4>
<TABLE BORDER="1">
<TR BGCOLOR="#308030"><TH>Qty</TH><TH>Units</TH><TH>Item</TH></TR>
<TR><TD>1</TD><TD>box</TD><TD>lime gelatin</TD></TR>
<TR><TD>500</TD><TD>g</TD><TD>multicolored tiny marshmallows</TD></TR>
<TR><TD>500</TD><TD>ml</TD><TD>cottage cheese</TD></TR>
<TR><TD></TD><TD>dash</TD><TD>Tabasco sauce (optional)</TD></TR>
</TABLE>
<P>
<H4>Instructions</H4>
<OL>
<LI>Prepare lime gelatin according to package instructions...</LI>
<!-- and so on -->
</BODY>
</HTML>
Now in XML<?xml version="1.0"?>
<Recipe>
<Name>Lime Jello Marshmallow Cottage Cheese Surprise</Name>
<Description>
My grandma's favorite (may she rest in peace).
</Description>
<Ingredients>
<Ingredient>
<Qty unit="box">1</Qty>
<Item>lime gelatin</Item>
</Ingredient>
<Ingredient>
<Qty unit="g">500</Qty>
<Item>multicolored tiny marshmallows</Item>
</Ingredient>
<Ingredient>
<Qty unit="ml">500</Qty>
<Item>Cottage cheese</Item>
</Ingredient>
<Ingredient>
<Qty unit="dash"/>
<Item optional="1">Tabasco sauce</Item>
</Ingredient>
</Ingredients>
<Instructions>
<Step>
Prepare lime gelatin according to package instructions
</Step>
<!-- And so on... -->
</Instructions>
</Recipe>
A Markup
<!-- This is the example DTD for the example XML -->
<!ELEMENT Recipe (Name, Description?, Ingredients?, Instructions?)>
<!ELEMENT Name (#PCDATA)>
<!ELEMENT Description (#PCDATA)>
<!ELEMENT Ingredients (Ingredient)*>
<!ELEMENT Ingredient (Qty, Item)>
<!ELEMENT Qty (#PCDATA)>
<!ATTLIST Qty unit CDATA #REQUIRED>
<!ELEMENT Item (#PCDATA)>
<!ATTLIST Item optional CDATA "0"
isVegetarian CDATA "true">
<!ELEMENT Instructions (Step)+>
XSL
<?xml version="1.0"?>
<xsl:stylesheet xmlns:xsl="http://www.w3.org/TR/WD-xsl">
<xsl:template match="/Recipe">
<HTML>
<HEAD>
<TITLE>
<xsl:value-of select="Name"/>
</TITLE>
</HEAD>
<BODY>
<H3>
<xsl:value-of select="Name"/>
</H3>
<STRONG>
<xsl:value-of select="Description"/>
</STRONG>
<xsl:apply-templates/>
</BODY>
</HTML>
</xsl:template>
XBRL Concept There are two components that we can consider: an XBRL instance and its associated taxonomy set. While the XBRL instance contains the concrete facts (e.g., the value of the business concept "sales_per_share") being reported, the
taxonomy contains descriptions of the business concepts (e.g., the description of the business concept "sales_per_ share", what its syntax is, how it is calculated, etc.) that are being reported.
Example XBRL
<ifrs-gp:AssetsHeldSale contextRef=“Current_AsOf”
unitRef=“U-Euros” Decimals=“0”> 100000 </ifrs-gp:AssetsHeldSale>
TaxonomiesApproved Taxonomies comply with
official guidelines for the taxonomy and with the XBRL Specification
Acknowledged Taxonomies meet the XBRL Specification only
Private Taxonomies have no requirements
Link Base – Five Links in Three Categories
Label links (labelLink) Reference links (referenceLink) Relation links (calculationLink,
definitionLink, presentationLink)
Label And Ref LinksLabel and reference links relate business concepts to metadata. For instance, label links can associate concepts with text strings that can be used to label (or otherwise document) the concept in a report
(e.g., the label "Revenues in most recent quarter" for the item revenueMRQ defined in the taxonomy). Multiple labels can be defined for a single business concept in different languages. The XBRL instance author can decide which labels to use for that particular instance.
Labels used for Authority
Similarly, reference links can associate references to authoritative literature in the business domain. The mechanism used is similar to the label links in that you define a reference link with a locator for the business concept, one or more references to documentation, and a referenceArc defining the association between the locator and the reference(s).
Links For Calculations
In contrast to label and reference links that relate business concepts to metadata, relation links relate business concepts to other business concepts. For example, calculation links define how a given concept figures in the calculation of another business concept. For example, the concept "profitAfterTax" is calculated from the concepts "profitBeforeTax" and "taxPaid" by subtracting one from the other.
profitAfterTax = weight(1) * profitBeforeTax + weight(-1)*taxPaid
More About LinksThe relationship between these three business concepts is captured in the calculationLink in Figure 3.
Definition links describe several types of relationships among business concepts, such as generalization-specialization
relationships (e.g., "postalCode" is a generalization of "zipCode") among others. Presentation links, as the name implies, define the relationships between concepts from a presentation perspective (e.g., in the presentation of the report, a parent/child relationship should be shown between "sales" and "printerSales").
Sample XBRL Application
Index of TaxonomiesJurisdiction Taxonomy Spec Level Status
Australia GAAP Commercial and Industrial 2.0 - -
Canada GAAP Primary Financial Statements
2.0 Ack Draft
Germany AP Commercial and Industrial 2.0 Ack Draft
IASB IFRS General Purpose 2.1 Ack Draft
Korea GAAP Primary Financial Statements
2.0 Ack Draft
New Zealand GAAP Commercial and Industrial 2.1 Ack Draft
UK GAAP Commercial and Industrial 2.1 Ack Draft
Inland Revenue – Corporation Tax 2.1 - -
US US FR Taxonomy Framework 2.1 Ack Draft
GAAP Commercial and Industrial 2.0 Ack Draft
GAAP – Banking and Savings Institutions
2.0
Red FlagsEasy shifting of data between
accounting modelsQuick and Dirty Ratio TestingNon-Audit Fees and Bond Rating
Effects of Financial Leverage on ROEAssume cost of debt is 8% and total
assets = $100EBIT = earnings before interest and
taxesEBT = earnings before taxesROE =
return on equityTax Rate = 50%. Assume losses result
in tax credit
Panel A 0% Leverage
Rates of return on assets 0% 4% 8% 12% 16%
EBIT $0.00 $4.00 $8.00 $12.00 $16.00
Interest Expense 0 0 0 0 0
EBT $0.00 $4.00 $8.00 $12.00 $16.00 Taxes 0 2 4 6 8
Earnings avail com eq $0.00 $2.00 $4.00 $6.00 $8.00
ROE 0.00% 2.00% 4.00% 6.00% 8.00%
Panel B 25% Leverage
ROA 0% 4% 8% 12% 16%
EBIT $0.00 $4.00 $8.00 $12.00 $16.00
Interest Expense -2 -2 -2 -2 -2
EBT ($2.00) $2.00 $6.00 $10.00 $14.00
Taxes -1 1 3 5 7Earnings avail com eq ($1.00) $1.00 $3.00 $5.00 $7.00
ROE -1.30% 1.30% 4.00% 6.70% 9.30%
Panel C 50% Leverage
ROA 0% 4% 8% 12% 16%
EBIT $0.00 $4.00 $8.00 $12.00 $16.00
Interest Expense -4 -4 4 4 4
EBT ($4.00) $0.00 $12.00 $16.00 $20.00
Taxes -2 0 6 8 10
Earnings avail com eq ($2.00) $0.00 $6.00 $8.00 $10.00
ROE -2.00% 0.00% 4.00% 8.00% 12.00%
Panel D 75% Leverage
ROA 0% 4% 8% 12% 16%
EBIT $0.00 $4.00 $8.00 $12.00 $16.00
Interest Expense -6 -6 -6 -6 -6
EBT ($6.00) ($2.00) $2.00 $6.00 $10.00
Taxes -3 -1 1 3 5
Earnings avail com eq ($3.00) ($1.00) $1.00 $3.00 $5.00
ROE -12.00% -4.00% 4.00% 12.00% 20.00%
Risk
Capital Markets
Expected Returns
E(Risk)Ris(free)
Sigma
Security Markets
Expected Returns
E(Risk)Ris(free)
Beta
Horrigan Bond Rating Model Z=(1.197 x X0) + (.034 x X1) + (.272 x X2) –
(.501 x X3) + (4.519 x X4) – (.203 x X5) X0 1 or (0) if the bond is un-subordinated
(subordinated) X1 = Total Assets X2 = Common equities / total debt X3 = Working capital /sales X4 = Operating profit / sales X5 = Sales / stockholders’ equity
RatingsAAA 2.855 < ZAA 2.094 < Z < 2.855A 1.062 < Z < 2.094BBB 0.838 < Z < 1.062BB 0.360 < Z < 0.838B or Lower Z < 0.360
Non-Audit Fees and Bond Rating – AaronCrabtreePresentation at www.bus.lsu.edu
Recent accounting scandals and perceived audit failures have resulted in excessive criticism of the accounting and auditing professions. […] Our research investigates one aspect of this situation by exploring the effects that non-audit services performed by a firm s external auditors have on perceived auditor independence in the bond market. Specifically, we analyze the effects that the magnitude and relative degree of non-audit services have on the bond rating process. Regression results indicate that the amount of non-audit services provided by a firm s external auditors is negatively associated with that client s bond rating. […] provide empirical evidence regarding the role that audit and non-audit service fees play in establishing a firm s bond rating.
Trouncing the DOW Pension Fund (by Kenneth Lee)Uses Ratios do determine Buy and Sell
PointsGood Track Record based on ROE vs
price movements (28% avg annual return from 1973-1996.)
In 2001 Buys Coca-Cola because ROE is up 50% but price is not
Coke Misbehaves
Stephen Taub, CFO.com - January 16, 2004
The Coca-Cola Co. announced that the Securities and Exchange Commission has launched a formal investigation of the soft-drink giant.
The probe stems from allegations made by former finance manager and whistle-blower Matthew Whitley, who sought a $44.4 million settlement from the company on the grounds that he had been fired in retaliation for raising concerns about accounting fraud….
Coke Admits Misbehavior
Atlanta Journal 6/18/03
Coca-Cola admitted Tuesday that a high-level employee faked […] a written apology from Coke's president and chief operating officer.
The extraordinary exchange highlighted a day in which Coke admitted to some -- but not all -- of the allegations raised by a former employee, Matthew Whitley. […] wasn't told about the deception when Coke discovered it in 2001. Fisher was fined, but he kept his job and even was promoted. He no longer works for Coke.
The Cause ?
Coke's largest shareholder, Warren Buffett, has argued that the existence of stock options has induced many executives to doctor financial reports in order to inflate the price of company shares. Enron executives, for example, received tens of millions of dollars by cashing in stock options while their company's financial statements showed false information.
"I think accounting generally, in recent years, has deteriorated and it's done so with the help of management," said Mr. Buffett, who is a member of the boards of directors of Coca-Cola and The Washington Post.
My Investment went Ouch! – The CureSarbanes-OxleyContinuous, timely auditingTransparencySeparation of Auditors & ConsultantsXBRLCould XBRL help predict this?
MINI – Minority Interest Net Income
Coke (Parent)Bottlers (Subsidiary)
Conslidated Entity
Net Operating Revenues 20,092.00 15,700.00 30,663.00Cost of Goods Sold (6,044.00) (9,740.00) (11,078.00)Gros Profit 14,048.00 5,960.00 19,585.00SG&A Expenses (8,696.00) (5,359.00) (13,632.00)Operating Income 5,352.00 601.00 5,953.00Interest Income 325.00 0.00 325.00Interest Expense (289.00) (753.00) (1,042.00)Investment Income 152.00 0.00 275.00Other Income 130.00 2.00 132.00Minority Interest Net Icome 0.00 0.00 198.00Income Before Taxes 5,670.00 (150.00) 5,841.00Income Taxes (1,691.00) 131.00 (1,560.00)Net Income before Accounting Change 3,979.00 (19.00) 4,281.00Cummulative Effect of Accounting Change (10.00) (302.00) (312.00)
Net Income 3,969.00 (321.00) 3,969.00
Exibit 1 Financial Statement of CocaCoal (CCE - in Millions of DollarsPanel A: Income Statement for the Year ending December 31 2001
MINI is computed as the shareholders interest in the subsidiary’s income. All other Items are simply added. Note that the Parent Income and the consolidated income are equal. Note that while Coke (parent) is bigger CCE’s interest expense is greater. Suggesting Coke is parking liabilities.
Consolidated Ratios
Financial ratios show the discrepancy between the equity method and the consolidated method. All ratios are negatively impacted. Financial leverage is the hardest hit. Debt to equity Doubles, while debt to tangible equity goes negative. Return metrics are also negatively impacted
Financial Ratios of CocaCola Equity Method vs Consolidation
2001 2000
Financial RatiosEquity
Consolidated Equity Consolidated
Current Ration 0.85 0.77 0.71 0.74
Debt to Equity 0.97 2.39 1.24 2.80
Debt to Tangible Equity 1.26 (8.21) 1.56 (7.29)
Debt to Assets 0.49 0.70 0.55 0.74
Debt to Tangible Assets 0.56 1.14 0.61 1.16
Gross Profit 0.70 0.64 0.69 0.63
Return On Sales 0.20 0.13 0.11 0.07
Return On Assets 0.18 0.09 0.10 0.05
Return on Tangb Assets 0.20 0.14 0.12 0.08
Return on Equity 0.35 0.30 0.23 0.20
Return on Tangb Equity 0.45 (1.04) 0.29 (0.52)
Times Interest Earned 20.62 6.61 8.60 3.82
Inventory Turnover 5.73 6.45 5.82 6.55
Receivables Turnover 10.90 9.06 11.32 9.73
LTD to Equity 0.11 0.88 0.09 1.02
LTD to Assets 0.05 0.26 0.04 0.27
Other Bad Actors using Equity MethodEnronBoston ChickenElanWorldCom/Embratel…
Other Methods of Debt Hiding Lease Accounting
Lease Trouble at Delta and others Banks get preferred Airplane lease rates Recalculate Airline Debt using lease payments
and work backwards Pension Accounting
Pension troubles at AMR, Delta, Avaya, Goodyear, GM, Delphi, Navistar, and Ford
Restate the Pension debt at realistic interest rates Debt matters including Pension Debt
University of Illinois – XBRL Kirkwood Credit Analyzer
Ratio Cmpq Dell HP IBM
AssetTurnover 1.53 2.75 1.26 1.01
CurrentRatio 1.17 1.48 1.51 1.09
DaysCOGSInventory 24.24 5.96 57.91 32.58
[…]
Earnings Manipulation Probablity: 0.38% 0.36% 0.17% 0.80%
Issues for XBRLTaxonomy Selection Issues
Select One or More Taxonomies Implementation Issues
Must Map Data Elements to LabelsPoor Flexibility
XBRL is FlatNo Security
Auditor’s New RolesXBRL ValidationRound TrippingSource verification Instance verificationCompleteness verification
XBRL Validation Roundtripping Two Validation Levels
Level I – Well Formed – valid XML Level II – Valid – tests the schema for this (XBRL
document
Still need to test for application conformance XSLT generation from multiple Instances
Round Tripping
Roundtripping takes a document from its original form (e.g. XHTML) then translates it to another form (e.g. XBRL), and returns it to its original form.
Often this simple test will expose many flaws in an XBRL implementation and is a quick auditor trick to validate the XBRL generation process.
Source VerificationWorkflow
Control PointsSecurity
Horizontal Vertical
Integrity, Authentication, Authority
Security
"The use of vertical XML standards in financial services is on the rise. However, for XML standards such as MDDL, XBRL, RIXML to achieve widespread adoption, robust security for privacy, non-repudiation, trust and message integrity will be critical," said Mary Knox, principle analyst, Financial Services at Gartner. "Horizontal Web services standards like WS-Security, XML Encryption, XML Digital Signatures and SAML are all key enablers to the increased use of XML in financial services."
Supplementing with XML Security
XML Security Suite is a tool that provides security features such as digital signature, encryption, and access control for XML documents. These features are beyond the capability of transport-level security protocols such as Secure Sockets Layer (SSL). The goals in creating this technology were to contribute to standards development by providing sample implementations and to supply advanced technologies to partners and developers and to gather their input.
How it Works/Where to Get – Commercial Software
Digital signature implementation based on "XML-Signature Syntax and Processing" by W3C/IETF
XML encryption implementation based on "XML Encryption Syntax and Processing" by W3C
XML Access Control Language and implementation
http://alphaworks.ibm.com/nav/security?open&c=security+-+Utilities
Keel Public Domain Model: Service for interacting with application or
business logic. Persistence: Service for managing storing and
retrieving object states and data. Security: Service for managing security of
application, including authentication and authorization.
Scheduling: Service for scheduling the execution of the application's various functionalities.
Crypto: Service for encryption of transmitted application data.
Instance VerificationJust because it is valid XBRL does not
mean The calculations follow GAAP That the data is valid That you have access to the data That the Instance can be parsed by your
parser
Completeness VerificationJust because it is XBRL does not mean
that all required fields are reported to the correct agency
That all financial data made it into the Instance
ConsistencyJust because it is XBRL doesn’t mean
that Labels aren’t overwritten in new an
incorrect ways That the data was transmitted correctly That a filter along the way did not remove
key data
Sarbanes-Oxley Requirement
Most public companies registered with the Securities and Exchange Commission (SEC) will soon be subject to internal controls reporting similar to the requirement imposed on the large U.S. banks and other insured depository institutions more than 10 years ago. Under Section 404 of the Sarbanes-Oxley Act, most SEC registrants (other than registered investment companies) must report annually on the effectiveness of their internal controls, and their independent auditors must attest to management?s conclusions
SOX section 404
Sarbanes-Oxley 404 issues More and Faster Reporting More Internal Controls, More blackout
periods, more separation of duties etc. IT departments responsible for security Unprepared IT departments Standard controls not defined for workflow
model Workflow’s are not organizationally
understood
Example 404 Checklists
Checklist Cont.
Checklist Cont.
Checklist Cont.
Using Keel to Develop ControlsWeb Based Control ChecklistApp to implement, Test and Report
WorkFlow Design Field level Encryption Signed wrappers
Keel Environment
Keel is ready made server side infrastructure. Keel incorporates multiple open source projects to provide you with a best of breed framework that works right out of the box.
* Security layer
* Database abstraction layer
* Messaging layer
* Business logic layer
* User Interface layer
* Struts
* Cocoon
* Velocity
* Eclipse
Eclipse & Java
XBRL Audit Issues Summary XBRL is XML with all that entails XBRL can save your investments XBRL is a powerful tool to allow auditors to
quickly perform audits A lot of work needs to be done before these
systems are mature Sarbanes-Oxley will further burden Auditors
with its IT knowledge requirements