XBRL News and Commentary from the Hitachi XBRL Business Unit
0

XBRL: The Power of Coordinating Financial and Controls Reporting

Written by Bob Schneider
Posted on February 27, 2007 Comments
February 27, 2007 | General | Bob Schneider

Written by David vun Kannon      Published February 27, 2007

In my previous post, I showed how XBRL could be used to document the controls framework of a business. Starting from organizational units, XBRL taxonomies were used to capture the business processes, objectives, risks, and controls in use at an entity.

This form of documentation is critical to SOX and other internal control work. In this entry, I'd like to show how to make it even more useful.

To date, I've avoided discussing the most common use of XBRL, financial reporting. But now is a good time to bring in the topic, because it is the coordination of financial and controls reporting that is so powerful.

A fully developed controls hierarchy for a large company would contain thousands of controls. Is it important to test all of them for SOX purposes? No, there are two important ideas that help cut down the task to manageable size.

The first idea is that some controls are key controls. The hierarchy only needs to contain these key controls. The other idea is that the testing strategy should be driven by a concept called materiality. Materiality is a test of how important something is to the financial condition of a company.

A common test of materiality is whether a number is more than 5% of sales. For example, if human resources expenses were 6% of sales at a company, they would be material by that rule. On the other hand, losses due to shrinkage of less than 4% would not be material.

The effect of this materiality rule is that we need to know the relationship between business activities and reported financial results in order to drive our controls testing. As with key controls, testing can be focused on controls over material business activities. If the business activity does not pass the chosen materiality threshold, the controls can be given a lower priority.

This is where there is a big payoff from using the same technology for the controls hierarchy and for the financial reporting hierarchy. Since both hierarchies are represented as XBRL taxonomies, it is easy to link the two together.

To do this, I'll create a custom arc role process-financial that can be used in the definition and presentation linkbases. Adding it to the presentation linkbase lets us create special renderings based on these relationships. Here is an example:

Definition linkbase
op:Cash Operations -- ( process-financial ) fin:Cash and Cash Equivalents

In contrast to the examples in my previous post, this example specifies that it is a definition linkbase, and provides namespaces for the concepts. op and fin remind the reader that these concepts are from two different taxonomies.

Because it is linking together concepts from two distinct taxonomies, this linkbase doesn't really belong to either one. It is a standalone linkbase. It is only needed when a report joins together financial and controls data.

Keeping this linkbase separate will help avoid some problems for applications that don't need both taxonomies. By the rules of DTS discovery, including this linkbase in the DTS will force both the financial and operational taxonomies to be brought into the DTS. That is a lot of extra baggage for an application that doesn't need one or the other taxonomy.

But for the application that does need both taxonomies, this linkbase is just the right solution. There are several uses for this kind of linkbase beyond SOX. However, this does show that delaying investigation of XBRL because SOX is more important right now� may be missing a powerful way of addressing those very same SOX headaches.

1

XBRL: Short-Term Costs Will Yield Long-Term Benefits – Part II

Written by Bob Schneider
Posted on February 23, 2007 Comments
February 23, 2007 | General | Bob Schneider

Written by Bob Schneider     Posted February 23, 2007

Last week I discussed how the outlays companies made for Y2K and SOX yielded benefits they had not anticipated. Should there be an SEC mandate for XBRL financial reporting, I believe complying companies will enjoy similar, unexpected returns because (a) XBRL is gaining wider acceptance at the Federal level, and (b) governments and agencies overseas are increasingly adopting XBRL for reporting purposes.

Interactive Data Is Gaining at the Federal Level XBRL has friends in high places in the government. I have previously noted the enthusiasm of SEC Chairman Christopher Cox; but interactive data has boosters throughout the Federal system, including the Treasury and Labor departments. In an interview with GCN published this week, Richard Campbell, enterprise architect at the FDIC, cited both HUD and Interior as departments currently using XBRL. Mr. Campbell's own agency has been at the forefront of interactive data adoption: the FDIC's adoption of interactive data for banks' Call Reports has been widely heralded as a major achievement.

Critics may say that the FDIC experience often cited by XBRL proponents remains an isolated victory. But as XBRL adoption moves forward, more success stories will emerge. Just this month, Chairman Cox described how interactive data was instrumental in helping his agency uncover the backdating of stock options for which dozens of companies are now being investigated.

As described at Law.com, the SEC recently required Form 4 the form companies use to report exercises of stock options to be in interactive format. At the same time, the Commission issued new rules that required option rewards to be reported within two days of the grant. Chairman Cox stated: "Once real-time disclosure was combined with interactive data...we began to find clues that had previously gone undetected. That led directly to the discovery of what we now know were billions of dollars of backdated stock option awards."

As such success stories multiply, the reputation of interactive data for transparency and efficient analysis grows, and more Federal bodies will require that their reports be submitted in XBRL. Thus companies' initial investment in interactive data can be spread over more projects. The marginal cost of new mandates will continue to decline, as companies acquire the experience, employees, and tools to fulfill XBRL reporting requirements.

XBRL Is Making Headway Internationally Even though it began in the U.S., XBRL is not in any way considered an instrument of American financial imperialism. Indeed, the U.S. has been behind other nations in adopting it. XBRL is a truly international standard that is being implemented on six continents. The AccMan blog of Dennis Howlett recently cited an analysis by Jay Hammond that says the leading adopters of XBRL include Japan, China, India, Spain, and the Netherlands.

Spain is perhaps the most surprising name among the group. Howlett concludes that "Spain aspires to become the benchmark nation for the Spanish speaking Latin American world Spain is perceived as a technology laggard. Yet here we have a country not just leading the way, but opening up all sorts of opportunities for itself as a technology leader." Citing Hammond, Howlett writes that Spain's centralized XBRL taxonomy project "...aspires to include environmental and social performance as well as economic performance."

I am not asking readers to become gooey-eyed at the prospect of XBRL saving the whales. What I am suggesting is that the breadth of XBRL adoption promises to be extremely wide, both geographically and functionally. As US companies seek to comply with the information needs of overseas taxing authorities, financial agencies, interior ministries, stock exchanges indeed, the whole host of international regulatory bodies it will be more likely they will be making those filings in XBRL. Once again, their inaugural XBRL investment for training, software, staff, etc. will yield benefits down the road as they comply with regulations mandated overseas.

All of this discussion ignores the non-regulatory benefits XBRL is likely to produce for communicating with customers and suppliers, improving operational efficiency, and facilitating M&A. But if we just consider the regulatory arena alone, the cost/return equation on the initial XBRL investment from an SEC mandate for financial reporting will likely be better than it now appears.

0

XBRL and Mutual Funds Compliance

Written by Bob Schneider
Posted on February 20, 2007 Comments
February 20, 2007 | General | Bob Schneider

Written by Max Rottersman     Posted on February 20, 2007

Max Rottersman has been a consultant in the mutual funds industry since 1989. He publishes a blog about fund data analysis at www.fundr2.com

No one should underestimate the amount of sacrifice and hardship that XBRL would require from the mutual fund community.

As a mutual fund chief compliance officer between 2003 and 2004, I never found a regulatory problem that XBRL would have fixed. This isn't to say XBRL is not worth doing, or can't deliver improvements for regulators and investors alike. But XBRL has a better chance of succeeding if its proponents understand the challenges facing real-life compliance professionals.

Fund compliance starts with seven Congressional acts: The Securities Act of 1933; the Securities Exchange Act of 1934; the Public Utility Holding Company Act of 1935; the Trust Indenture Act of 1939; the Investment Company Act of 1940; the Investment Advisers Act of 1940; and the Sarbanes-Oxley Act of 2002. These laws run over a thousand pages; the SEC maintains thousands more in complex rules. In addition, there are requirements from the NASD, states, case law, and more.

These regulations, which are continually changing, cover distribution, custody, board responsibilities, voting procedures, fees, contracts, and so forth. How intricate is all this? Imagine trying to learn C++, Java, Basic, COBOL, Assembly Language, Perl, etc. so that you never made a serious mistake in any of those domains. It's not possible. Similarly, each area of compliance is handled by a specialist with years of experience.

XBRL promises efficiency and accuracy, but getting the numbers right is not a major problem in compliance. The priorities are:

1. Making sure the fund is operating legally (with SEC enforcement and class action lawyers hovering about, even innocent technicalities are no laughing matter).
2. Making sure the shareholders understand what the fund is doing on their behalf (and that the fund is actually doing it).
3. Making sure the fund has properly disclosed third-party service provider arrangements and that there is no conflict of interest.

I've witnessed millions of dollars and careers that have been ruined from incorrect or cavalier interpretations of the rules. I've never heard of someone losing their job over bad data. Therefore, XBRL will have a hard time selling itself to the fund community based on arguments for efficiency and data integrity. These promises are out-of-touch, if not irrelevant.

For XBRL to succeed in the fund industry it needs to think small and find an area that benefits both the shareholder and fund.  It needs to prove that the trade-off in learning XBRL for the fund professional is worth the benefits.

One possibility is that XBRL can deliver create-your-own prospectuses. If so, the SEC might change the rules so that fund companies can legally provide short-form prospectuses and annual reports (an idea the SEC developed before the Internet was mature).

The Investment Company Institute (ICI) and SEC have given XBRL some nice PR. But only with realism and focus will the fund industry ever adopt it.

0

XBRL: Short-Term Costs Will Yield Long-Term Benefits – Part I

Written by Bob Schneider
Posted on February 16, 2007 Comments
February 16, 2007 | General | Bob Schneider

Written by Bob Schneider      Posted February 16, 2007

Events this decade have been so dramatic that it's hard to recall it began with prospects of a Y2K meltdown. Billions of dollars were poured into correcting the ancient code that expressed years in overly economical double-digits. The Y2K effort was naturally focused on avoiding catastrophe and not on any ancillary benefits. But after January 1, 2000, came and went without major incident some charging the fears had been overblown, others that the huge Y2K investment had saved the day technology officers began to contemplate the resulting gains.

Inventory-taking of software and systems that was once done haphazardly, if at all, was standardized. Systems for communicating software issues, both within the organization and to customers and suppliers, were upgraded. Formal software audit policies were introduced. Rules for contingency and disaster planning were detailed and prescribed.

The return on Y2K investment grew dramatically in the wake of 9/11. When the terrorists attacked, the redundancy built into information systems in the event of a Y2K meltdown proved highly advantageous. The global banks headquartered in lower Manhattan were able to shift with relative ease to the backup systems that had been enhanced through Y2K outlays. The Northeast Blackout of 2003 provided additional evidence of the efficacy of Y2K expenditures, with the relatively rapid restoration of power in many areas because of Y2K capital investment.

Just as the country was recovering from 9/11, the series of business scandals symbolized by Enron came to the forefront. In the wake of corporate deceit, the Sarbanes-Oxley Act (SOX) was passed in 2002. In my post XBRL Dovetails Nicely with SOX's Surprising Benefits, I discussed the Harvard Business Review article that enumerated the unexpected gains from the law. These included strengthening the overall internal control environment and exploiting convergence opportunities from other regulatory requirements. Although I wouldn't declare that the view of SOX in Corporate America is now widely positive, I think it's fair to say that many organizations have become resigned to the law and are now focusing on ways to leverage their SOX investment.

Now CFOs may face another significant challenge: a mandate by the SEC that public companies file their financial reports in XBRL. Such a requirement would be far different in both scope and character than either Y2K or SOX. It would not be a response to an imminent threat of systems meltdown or to a loss of confidence due to corporate chicanery. Rather, it would be an effort to improve upon existing methods of financial reporting that, all things considered, have worked fairly well. And the resources expended would be far below those for Y2K and SOX.

Nevertheless, since more than a few firms will view the cost/benefit equation from an XBRL mandate to be mostly cost and little benefit, it's important to consider whether there are likely to be longer-term positives from their outlays for XBRL. In other words, do public firms have reason to believe that, like Y2K and SOX, they will be able to leverage their XBRL investment?

In the second part of this post, scheduled for publication on February 23, I will discuss why I think the return on complying with an SEC mandate for XBRL financial reporting may be better than many companies now believe.

0

In Pursuit of Process

Written by Bob Schneider
Posted on February 13, 2007 Comments
February 13, 2007 | General | Bob Schneider

Written by David vun Kannon    Posted February 13, 2007

David vun Kannon was one of the first Co-Chairs of the XBRL Specification Working Group and has been an Editor of every version of the XBRL Specification. He is a Director for PricewaterhouseCoopers, LLP.

In my previous post, I talked about using XBRL linkbases to represent the many kinds of relationships found in segmental reporting. In this entry, I'd like to take that idea in another direction namely, business modeling.

Typical segment reporting might look at the performance of a business unit from just a few common points of view, such as a geographic or product breakdown. But if we try to analyze a business at fine levels of detail, we eventually have to leave behind a view based on organizational units, and begin to look at the business processes taking place within an organizational unit. This is especially true if we want to understand the business at the level of what parts of the business contribute to the values reported on financial statements.

As an example, consider a large bank. You might find that a bank holding company (in the US) owns several bank operating companies. Each bank operating company might have branches spread across several states. So far, this is just a description at the classic unit and geographic levels.

If we look within one of the branches, we see a variety of business processes. For example, tellers and ATMs interact with customers, collecting and receiving cash. Loan officers discuss loans and approve funding. Each of these processes has a different effect on the financial statements of a company, whether those statements are summarized at a level for external reporting, or at the granularity of management reporting.

There are several high level models of the processes of a business. One is the Process Classification Framework available from http://www.globalbestpractices.com/ (Global Best Practices is a trademark of PricewaterhouseCoopers, LLP, my employer). Another such framework is available as part of the COSO materials. COSO, which stands for Committee of Sponsoring Organizations (of the Treadway Commission), is an organization which has developed a set of materials to help businesses understand and control their processes more effectively.

The COSO framework for internal control has become very well known in recent years. The passage of the Sarbanes-Oxley legislation in the US required companies to report on the quality of their internal control environment, and identify the framework the company is using to organize their documentation of internal control. Many companies have chosen the COSO framework for that purpose.

It is, of course, possible to extend the high level COSO process hierarchy with more company specific subprocesses. This process hierarchy is easy to map into the form of an XBRL taxonomy, just as the other hierarchies we have already seen.

A possible objection to using XBRL in this way is that there are other XML vocabularies that have been developed specifically for the purpose of business process modeling. These vocabularies include XPDL, BPML, and BPEL.

Indeed, if I were trying to document a business process at a very operational level of detail, one or another of these languages would probably be much more appropriate to use than XBRL! However, our purpose here is just to name the processes and show their general relations, not dive into the details of each process. In fact, it would be appropriate to link the process elements in the taxonomy to process descriptions in one of these vocabularies, if they were available.

Another reason to continue in XBRL is that there is so much more to add to a business process model that is not covered by the BPM specific languages. COSO and other frameworks attach nonprocess concepts to process descriptions, concepts such as objective, risk, and control. While there is no obvious way to model or document a business risk in a process modeling language, we can easily extend our hierarchy in XBRL with more abstract elements that represent the objectives of a process, the risks that may prevent those objectives from being achieved, and the controls that are put in place to mitigate the identified risks.

Here is an abbreviated example hierarchy, showing how different kinds of abstract objects are related to each other:

Bank Holding Company
--(owns)  Bank Operating Company A
--(owns)  Bank Operating Company B

Bank Operating Company B
--(operates)  Branch 1
--(operates)  Branch 2

Branch 2
--(performs)  Cash Operations
--(performs)  Loan Operations

Cash Operations
--(composed-of)  Collect Cash Deposits
--(composed-of)  Disburse Cash

Collect Cash Deposits
--(achieves)  Available for Use
--(achieves)  Safeguard Customer Funds

Available for Use
--(imperiled-by)  Employee Theft

Employee Theft
--(mitigated-by)  Videotape of Workplace
--(mitigated-by)  Working in Pairs
--(mitigated-by)  Hiring Practices

That's enough for this post. What we've shown is that it is possible to use XBRL to develop a unified set of hierarchies that allow us to drill down into a business from the highest level to very granular descriptions of its processes. While this amount of detail is becoming familiar to American business, most companies have not yet moved to holding it in a neutral, flexible format like XBRL. It is at best scattered across the organization, and locked up in several incompatible formats.

0

XBRL and the Telegraph Code Book

Written by Bob Schneider
Posted on February 9, 2007 Comments
February 9, 2007 | General | Bob Schneider

Written by Bob Schneider     Posted February 9, 2007

The laying of transatlantic cable in the second half of the 19th century revolutionized communications between the US and Europe. But the resulting telegraphy could hardly be described as instant messaging. It was not until the 20th century that speeds reached even 120 words a minute. Moreover, cabling was extremely expensive. It cost a quarter to send a single word from New York to London in 1900, a lot of money back then.

To pack more information into a message, senders and receivers employed code dictionaries of phrases and other expressions. The sender would find a phrase with his intended meaning and include the accompanying code in his message. (For example, in one code book, caninero stood for "have ceased selling" one word standing for three.) The code message would be transmitted by the telegraph or cable company. The recipient would look up the code words in another copy of the same book or follow other procedures to find their meaning.

Thousands of code books were created. The most popular was the all-purpose ABC Code (which went through seven editions between 1873 and 1936). There were also books for specific industries and segments, with terms useful for a particular trade. Some books were sold to the general public; others were developed by individual firms for their own use and remained proprietary. The codes particularly the specialized codes arranged their phrases by topic, sometimes in tables, to save space and facilitate message coding. (If you'd like to know more about the code books, take a look at Jim Reeds's fine introduction, or at the material and extracts assembled by my friend John McVey at his site.)

I'm hesitant to compare 21st century XBRL with a 19th century technology. Still, I do see direct parallels. The code books are analogous to XBRL taxonomies, the vocabularies or dictionaries that provide the foundation for information exchange. The telegraph transmission can be compared to the instance document, a file that contains content structured in the XBRL language. Whoever deciphers the cable's meaning does the work of the XBRL reader, which can access, view, and analyze an instance document.

The levels of specificity reflected in code books from all-purpose ABC Code to, say, Acme Inc. Code also yield rough equivalents in the taxonomy hierarchy. If we consider XBRL for financial reporting alone, ABC Code corresponds to the Commercial and Industrial taxonomy for US GAAP. Industry code books are aligned with industry taxonomies, eg, that for oil and gas. The 19th century firm had its own company code book; the 21st century firm has its own company XBRL taxonomy.

Then as now, competition for "standards" existed. As John writes: "The codes competed on various mixes of convenience, depth and/or breadth, error-resistance, reputation of compiler, novel system, even naturalness of their expressions (for the so-called "verbatim" codes)." Old books and systems were discarded as better ones were created, while others remained to complement the new works. Today we see XBRL competing with other XML-based standards (RIXML, FIX, MDDL, etc.) for broad-based recognition and acceptance, but also at times working in collaboration.

I don't pretend that there are any great lessons in comparing highly elaborate XBRL with the relatively straightforward telegraph code book, which in the end are dissimilar communication tools, introduced in business and regulatory environments separated by 150 years. But I do think it helps to put the challenges XBRL faces in perspective. It informs us, once again, that technology adoption is a process, where competition and collaboration work in tandem to respond to user needs.

2

A Memo to XBRL-US

Written by Bob Schneider
Posted on February 6, 2007 Comments
February 6, 2007 | General | Bob Schneider

Written by Christopher Whalen     Posted February 6, 2007

Richard Christopher Whalen is Senior Vice President and a Managing Director of Institutional Risk Analytics (IRA) with responsibility for sales, marketing and business development. Chris is a general securities principal and has worked as an investment banker, research analyst, and journalist for more than two decades.

We are frequently asked why we take a contrarian, sometimes critical view on XBRL, yet remain committed to making this standard for business reporting a reality. The answer is very simple: we can see the value of XBRL in many aspects of data collection, transmission, and delivery, but not all of these business cases have the same strength or urgency.

When we look at the question of achieving the universal adoption of XBRL, we are reminded of a saying in the technology world: The task is possible, but very difficult. This is particularly the case when a well-intentioned group of technologists, who are mostly driven by a transformational vision of how the future of business reporting could or even should look, attempts to impose sudden, comprehensive change on the business professionals who are responsible for the day-to-day workings of the commercial data world.

From a purely theoretical perspective, XBRL makes enormous sense. For example, XBRL organizes and characterizes data, and makes it interoperable. Yet each of these benefits is not necessarily as strong as the other, especially when viewed from the perspective of the business case needs of a decision maker whose main criteria for selecting one technology over another is short-term cost.

In order for XBRL to win broad adoption in the marketplace, we believe that the proponents and vendors alike need to ask themselves some basic questions. The answers to these queries, when applied to the business case needs of real live customers, will help those leading the effort at XBRL-US make efficient choices about where to deploy scarce resources.

First, if you observe the data pipeline and divide the steps that data must travel between the point of creation and end-user consumption, it quickly becomes clear that some parts of the XBRL business case are more compelling than others.

In the case of the FDIC, for example, the data collection and validation tasks are clearly a big winner and have saved that agency enormous amounts of money and man hours in terms of collecting financial statement data from US banks. The accuracy of the data and the reduced time and personnel resources needed to collect and validate it are business case wins that make their own arguments.

Yet in conversations with regulators at the FDIC and other agencies, we find little enthusiasm for pushing the XBRL model down through the entire data delivery pipeline to end users. In fact, most federal regulators seem satisfied with the cost savings and data accuracy wins achieved by using XBRL at the top of the data pipeline.

When asked whether they intend to store or distribute the data in XBRL, the answer is no; the data will be decomposed into its constituent parts, processed and stored using legacy database systems, distributed to examiners and analysts via these same legacy systems, and consumed using existing tools such as Microsoft Excel. Much the same response comes from end users in the investment world who are aware of the XBRL adoption effort.

Indeed, as XBRL-US moves forward with its adoption activities, we predict that the powerful business case arguments in favor of the technology at the start of the data pipeline -- namely, organization, collection, and validation -- will become more and more prominent in discussions, while the end-use rationales so popular with many downstream vendors will fade. This is not because there are no downstream benefits to XBRL, but because these business case arguments, in relative terms, are not yet mature enough and powerful enough to withstand the critical scrutiny of business case needs.

In fact, if you leave aside the unique example of the SEC's voluntary filer program and look instead to the numerous potential opportunities for adoption by other public sector entities, the importance of the upstream benefits of XBRL becomes even more pronounced. Thinking about examples like automating financial reporting between the various federal agencies or between Washington and state and local agencies, there are a plentitude of obvious areas where XBRL could be employed to great benefit.

But again, the sales process by proponents of XBRL adoption need go no farther than organizing, collecting, and validating the data. These benefits are very powerful and are more than sufficient to win over those public sector constituencies that XBRL-US needs to convert into soldiers in the campaign for adoption. If XBRL-US takes this lesson and focuses on winning the adoption battle step by step, with the most compelling applications first, then the XBRL adoption process will result in success.

0

XBRL Can Reduce the Fraud “Expectations Gap”

Written by Bob Schneider
Posted on February 2, 2007 Comments
February 2, 2007 | Financial Reporting | Bob Schneider

Written by Bob Schneider      Posted February 2, 2007

My favorite line of comedian Fran Leibowitz is "You know you're an adult when the phone rings and you hope it isn't for you."

Here's another telltale sign of adulthood: You realize the job you do isn't anything like what people think it is or what you yourself thought it would be.

Auditing is a prime example. Most first-year accounting majors would be surprised to learn that their first job out of school would be to help assure that financial statements are presented fairly. To the extent they know they'll have to work a while as auditors to get their CPAs, they probably figure they'll be looking to see if anybody has been stealing money from their clients. In other words, they'll be looking for fraud, which defined more precisely includes both the deliberate misrepresentation of financial statements as well as the improper use of company resources.

But for auditors, far from being their raison d'etre, fraud is a pain in the butt. Doctors don't like disease, and exterminators don't like vermin. But both recognize that they'd be out of a job if their respective nemeses were extinguished. Not so for auditors and fraud. With the exception of forensic auditing specialists, the external auditor would exist happily indeed, much more happily if fraud simply didn't exist.

Uncovering fraud while performing all the tasks of a financial audit -- including big-time frauds where management is on the swindle is really hard. At the same time, fraud creates enormous legal exposure for auditors. If even accounting majors think the independent auditor exists to find fraud, just imagine what the average juror believes. When the prosecutor asks "Where were the auditors?", their response that "Uncovering fraud is not our primary objective" is greeted with much skepticism.

The heads of the big audit networks addressed these concerns in their recent essay on their vision for the audit profession:

"There are limits to what auditors can reasonably uncover, given the limits inherent in today's audits. Specifically, unless companies or investors are willing to pay auditors to police all of a company's transactions, auditors are limited to using indirect means to ascertain whether fraud has occurred.These methods clearly are useful, indeed essential, to preventing and discovering fraud. But they are not foolproof, nor can they be expected to be. Hence, [an] expectations gap arises because many investors, policy makers and the media believe that the auditor's main function is to detect all fraud, and thus, where it materializes and auditors have failed to find it, the auditors are often presumed to be at fault. Given the inherent limitations of any outside party to discover the presence of fraud, the restrictions governing the methods auditors are allowed to use, and the cost constraints of the audit itself, this presumption is not aligned with the current auditing standards."

How XBRL Can Help
There is no way to eliminate entirely that "expectations gap." But I do think the widespread adoption of XBRL can go a long way to reducing it.

In his speech at the recent XBRL conference in Philadelphia, Ian Ball, CEO of the International Federation of Accountants, stated one of the direct benefits of XBRL for auditors: "Simple balance sheet statistical sampling efforts can be replaced by 100% validation routines or by deeper analysis of ledger-level data." If realized, this could be enormously important to auditors in both discovering fraud and ensuring external audiences they have done everything possible to uncover it.

Statistical sampling is essential to an auditing process that emphasizes gaining reasonable assurance at reasonable cost. But by necessity, only a small portion of all transactions are selected and reviewed, and so the possibility of fraud still looms. From a litigation standpoint, convincing jurors that auditors did their job when fraud existed but relatively few transactions were tested is a tough sell. Even if 100% validation is not achieved, expanding sample sizes and lowering materiality levels increases the chances that fraud will be discovered in the financial audit. To the extent 100% validation is possible, it will be a boon to the auditing profession.

"Deeper analysis of ledger-level data" would also yield huge benefits. The search for fraud is a hunt for the exceptional, and not in the good sense. It's finding some piece of evidence somewhere that something isn't kosher. Numbers and ratios that look fine for the entire company for the full year often compiled from disparate accounting systems, with manual data re-entry and sometimes poorly controlled spreadsheets -- can mask inconsistencies in the bowels of the organization for shorter periods of time. The introduction of XBRL as a single data standard for the firm enables the analysis of large data pools from deeply drilled levels at low cost, making the search for anomalies much more efficient.

The best solution to fraud, of course, is to make it hard to pull off. XBRL has substantial potential to improve internal control and thereby reduce fraud risk. The seamlessness of XBRL affords full-scale integration of company data with limited human intervention. Business rules both from the perspective of regulating the activities of employees as well as the constraints on the information entered into database systems can be more easily adopted and enforced. Because tagged data allows searches to be done much more quickly, control procedures that were formerly onerous can be instituted and performed without significant cost to the organization.

Finally, I think the benefits of XBRL-GL as a business reporting language as opposed to a mere financial reporting language (as discussed by David vun Kannon in his recent post on this blog) will be significant. Non-financial data -- such as whether and when an employee has taken vacation -- can be crucial in both detecting and preventing fraud. If this information can be easily expressed and manipulated with the financial data, analysis of employee activities will be enhanced, and discrepancies will be more visible. These advantages will be even more prominent if XBRL adoption becomes worldwide throughout industry, so that combined companies that formerly faced long lag times in merging data systems quickly integrate their data in the XBRL-GL standard.