XBRL Kansas Elsas
-
Upload
philip-elsas -
Category
Economy & Finance
-
view
1.419 -
download
0
Transcript of XBRL Kansas Elsas
Enterprise-level Process Documentation incorporating Automatic Audit Analytics
On Positioning
XBRL Assurance Business Rules
in a Computational Infrastructure
for Modern Auditing
Philip Elsas
ComputationalAuditing.com
Lawrence, Kansas April 24-25, 2009
2009 Annual University of Kansas
International Conference on XBRL
A Practical View of XBRL in the 21st Century
Introduction
Since 2003: Company - Canada, Netherlands
1988-2003: Deloitte.
with intermezzo at Bakkenist Management Consultants, sold to
Deloitte.
1990- 1996: PhD Computational Auditing
- Principal, Chief Architect & inventor of Smart Audit
Support
- Smart Audit Support is since 1994 key in Deloittes
worldwide
audit practice. Currently integrated in The Deloitte Audit
- System blueprint in Chapter 5 of
- PhD in Mathematics & Computing Science on Financial
Auditing
- Parallel to Smart Audit project, in part-time at Vrije
Universiteit
- Directly after appearance awarded with the biennial
Alfred Coini Prize for the best publication in Auditing
Offering software and consultancy services to
audit practices and audit software firms
1
The Dutch Tax Office used Computational Auditing in 2001-2003 as Frame of Reference to compare Big 4 firms planning and decision-support models and systems to investigate how to improve audit productivity (57 page report); considers Smart Audit Support leader of the pack.
Smart Audit Support - Build & Apply - Industry Templates - for the Audit Planning Process. International & National - Build is done by auditors only - no ITers involved.Dutch Tax Office, Center for Process & Product Development, report Optimizing Audit Decisions in fiscal audit; an approach relying on audit documentation; relevant for audit oversight approaches.Personally at Deloitte - first half: Internal Audit Staff - second half: External Management ConsultantIntermezzo late nineties at Bakkenist Management Consultants as consultant & shareholder - sold to Deloitte
Agenda
On Positioning XBRL Assurance Business Rules
in a Computational Infrastructure for Modern Auditing
How XBRL Works, by Charles Hoffman
Charles Smart XBRL App & Deloittes Smart Audit Support
Killer App for XBRL Assurance:
Early Warning System for Systemic Risk
2
XBRL Assurance, Business Rules and XBRL Formula
Looking into Builder-Based XBRL Assurance Apps
Killer App (Wikipedia): any computer program that is so
necessary or desirable that it proves the core value of some larger
technology, such as computer hardware like a gaming console,
operating system or other software.
A killer app can substantially increase sales of the platform that
it runs on.
How XBRL Works
by Charles Hoffman, CPA
Source at http://www.youtube.com/watch?v=nATJBPOiTxM
3
Unstructured Text
Inventory
Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456, respectively.
Source: Charles Hoffman
4
Structured Text
Inventory
Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456, respectively.
Source: Charles Hoffman
5
Structured for Presentation
Inventory
Inventory consists of produce purchased for resale and supplies
and are stated at the lower of cost or market using the first-in,
first-out (FIFO) method. Inventory as of December 31, 2006 and 2005
amounted to $45,594 and
$34,456 , respectively.
Inventory
Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456, respectively.
Source: Charles Hoffman
6
Structured for Meaning
produce purchased for resale and supplies
lower of cost or market
FIFO
$45,594
$34,456
Inventory
Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456, respectively.
Source: Charles Hoffman
7
Structured for Meaning, Global Standard
produce purchased for resale and supplies
lower of cost or market
FIFO
45594
$34,456
Inventory
Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456, respectively.
Source: Charles Hoffman
8
9
This isnt your Daddys Financial Reporting Application!
Current approach, type this into Word:
Inventory
Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456, respectively.
Smart XBRL Application:
Or:
Put a grid (neutral format table) here
Inventory
Source: Charles Hoffman
Agenda
On Positioning XBRL Assurance Business Rules
in a Computational Infrastructure for Modern Auditing
How XBRL Works, by Charles Hoffman
Charles Smart XBRL App & Deloittes Smart Audit Support
Killer App for XBRL Assurance:
Early Warning System for Systemic Risk
10
XBRL Assurance, Business Rules and XBRL Formula
Looking into Builder-Based XBRL Assurance Apps
XBRL Assurance
11
IFAC and other accounting organizations are discussing the topic to decide on a common approach and XBRL auditing standards. The auditor may give assurance to an XBRL financial statement, an XBRL business report and XBRL real-time reporting (often referred to as continuous reporting). The short term focus is on XBRL financial statements and regulatory reports, while the future focus is expected to be more on real-time reporting.
The XBRL standard has the ability to define business rules. These business rules can be found in different places (i.e. datatypes or linkbases) in the XBRL taxonomy. Application of these business rules will contribute to the reliability of the XBRL report. The business rules can be used by the reporting company (preparer), the taxonomy author (i.e. regulator) or the auditor.
Source: Marc van Hilvoorde, 2008, http://en.wikipedia.org/wiki/XBRL_assurance
XBRL assurance is the auditors opinion on whether a financial statement or other business report published in XBRL, is relevant, accurate, complete, and fairly presented. An XBRL report is an electronic file and called instance in XBRL terminology.
How to articulate, validate and execute a specification of an XBRL assurance process?
12
In XBRL Assurance we are particularly interested in articulating a methodology-based audit approach, or audit process, that guides how to achieve assurance
Isnt it too low?
Isnt it too high?
For example: Charles Smart XBRL Application
Inventory(Inflow:Purchase) + Inventory(Begin) Inventory(End) Inventory(Outflow:Resale,Suppliers) in products or money (gross profit)
1st interpretation: Bold font = Completeness Regular font = Correctness
2nd interpretation: Bold font = Correctness Regular font = Completeness
Example audit equation
13
declare function my:withinTolerance( $x as
xdt:anyAtomicType,
$y as xdt:anyAtomicType ) as xdt:boolean* { fn:abs( $x - $y) lt 500
}
tax:withinTolerance ($Assets,($CurrentAssets + $FixedAssets))
sec:withinTolerance ($Equity,$EquityPrev + $Earnings)
withinTolerance ($Assets,$Liabilities + $Equity)
if () then else if () then else
Source: Charles Hoffman, 2009, http://xbrl.squarespace.com/journal/2009/1/11/things-generally-missed-about-business-rules-validation.html
Source: XBRL Formula Requirements by Hamscher, Shuetrim and Vun
Kannon, 2005,
http://www.xbrl.org/technical/requirements/Formula-Req-CR-2005-06-21.htm
In articulating an XBRL assurance process,
a central role is considered for Business Rules using XBRL
Formula
For example, fragments from corresponding XBRL Formula
Assets = Liabilities + Equity (i.e. the balance sheet balances)
The invoice total equals to the sum of the invoice line item amounts
If you report Property, Plant and Equipment on your balance
sheet, you
need to provide specific policies and disclosures relating to that
line item
For example, Business Rules
14
Having a computer-interpretable articulation of business rules
offers main advantages:1. automatic validation, and2. automatic
execution, like workflow software apps for
document transformations (BPEL, XPDL, YAWL, Wf-XML)
And, as a consequence of having one standard language to specify
assurance business rules, users have extra advantages:
A global standard way to express business rules
A global standard way of exchanging such rules between applications
Business rules are separate from, instead of integrated in, applications
XBRL engines support a large user base, reducing cost per user
You can apply your own XBRL rules on incoming XBRL information
Source: Charles Hoffman, 2009, http://xbrl.squarespace.com/journal/2009/1/11/things-generally-missed-about-business-rules-validation.html [with point #2 extended]
Advantages
15
avoids handcrafting XBRL Formula expressions
Being focused on capturing audit methodology
in Business Rules expressed in XBRL Formula,
lets now look into an approach that:
2. by using a tailored website builder
and generates these expressions behind the screens for
validation and executable code-generation purposes
applicable to XBRL reports as Cascading Style Sheets
inside scripting (inside the audit team):
data analysis tasks, with form-driven configuration and
methodologically embedded in an audit planning context:
When to do which task? and What to do with results?
client-side scripting and
server-side scripting (e.g. JSP Standard Tag Library),
technically embedding executable scripts, via 3-way scripting:
automatically generating XML, XBRL and XBRL Formulas
publish/upload these smart forms as dynamic web pages
by specifying smart, interactive document/form templates
to articulate guidance on how to achieve XBRL assurance:
What keeps Audit Leaders up at night?, ACL, 2008
16
Why is it worthwhile to look into such a
builder approach? To gain extra advantages
Since a dedicated builder for XBRL Assurance is easy to use, it enables autonomous use by auditors, to prepare methodological guidance for auditors, without content intermediaries: quality & speed
An executable specification of an audit methodology supports driving integral planning, execution and documentation of each audit instance
Choosing document templates as embedders of the audit methodology enables levels of documentation, both prescribing (setting standards) & describing (client instance)
If its Not Documented,
its Not Audited
Evidence Acquisition Strategy thats Executable
Agenda
On Positioning XBRL Assurance Business Rules
in a Computational Infrastructure for Modern Auditing
How XBRL Works, by Charles Hoffman
Charles Smart XBRL App & Deloittes Smart Audit Support
Killer App for XBRL Assurance:
Early Warning System for Systemic Risk
17
XBRL Assurance, Business Rules and XBRL Formula
Looking into Builder-Based XBRL Assurance Apps
18
Charles Smart XBRL Application: Built in Yahoo! SiteBuilderPlayed in an arbitrary browser
Player
Builder
p.334
19
p.337
Builder
Player
Audit methodology
specification drives integral
planning, execution and documentation
Illustrative case:
Classification of the Clients Use of Computers
Proven Architecture for Interactive Audit Documentation and Guidance
Conditional relevancy:
An outgoing arrow labeled with choice specifies an activation
dependency to a question, section, table, form, task, etc.
Effective: dont miss relevant issue
Efficient: less relevant issue is not accessible
Mitigation of litigation risk
Correctness by Construction
Deloittes Smart Audit Support: Interactive Audit Documentation
published in Word and browsers
Worlds strongest audit support
Smart Audit SupportsDocument Index related toDeloittes International Audit Approach(1990s)
p.336
20
p.62
All planning docs
are smart forms
All planning docs
are smart forms
All planning docs
are smart forms
All planning docs
are smart forms
All planning docs
are smart forms
All planning docs
are smart forms
Audit pack is a bundle of forms
Deloittes Audit Methodology
Why builder-based approach?
extra benefits to gain for XBRL Assurance
21
The main challenge in specifying an executable assurance
methodology:
preserve operational integrity and consistency
Thats where science steps in: mathematical proofs that show how each rewriting step in the executable methodology specification preserves integrity and consistency
E.g. the processing structure of all connected questions, tables, etc. is guarded to be a Directed Acyclic Graph
a specification huge in size, complex in structure, globally distributed, regionally refined, daily used by many, in groupware, and, as wanted and encouraged, regularly updated
Assurance expert makes own application & uploads it (business model)
Jumpstart: only a few hours learning curve on how to use builder tool
Comfortable: builder prevents classes of technical errors, no debugging
No need for cumbersome knowledge elicitation from expert to engineer
No need to transfer knowledge engineer specs to XBRL Formula expert
No need for the expert to verify the app made by XBRL Formula expert
Since a dedicated tool to build assurance guidance is easy to understand and use, assurance experts are enabled to autonomously construct executable guidance material, leading to extra benefits:
Correctness by Construction in Domain-Specific Language (DSL)
Agenda
On Positioning XBRL Assurance Business Rules
in a Computational Infrastructure for Modern Auditing
How XBRL Works, by Charles Hoffman
Charles Smart XBRL App & Deloittes Smart Audit Support
Killer App for XBRL Assurance:
Early Warning System for Systemic Risk
22
XBRL Assurance, Business Rules and XBRL Formula
Looking into Builder-Based XBRL Assurance Apps
23
Case I: Charles Smart XBRL App: extended for assurance
Lower of Cost or Market (LCM) is an approach to valuing and reporting inventory. Normally ending inventory is stated at historical cost (what was paid to obtain it) but there are times when the original cost of the ending inventory is greater than the cost of replacement thus the inventory has lost value. If the inventory has decreased in value below historical cost then its carrying value is reduced and reported on the balance sheet. The criterion for reporting this is the lesser of the value of the original cost or the market value. Any loss resulting from the decline in the value of inventory is charged to Cost of Goods Sold (COGS) if non-material, or Loss on the reduction of inventory to LCM if material. http://en.wikipedia.org/wiki/Lower_of_Cost_or_Market
Builder
Player
Functionality looked for by DecisionSoft, 2003
Available in Deloittes Smart Audit Support
Standard lib
24
Case I: Charles Smart XBRL App: getting Formula in Form
Builder
Player
Inventory(Inflow:Purchase) + Inventory(Begin) Inventory(End) Inventory(Outflow:Resale,Suppliers) in products or money (gross profit)
Example audit equation
Excel library with XBRL functions
The Formula in Form is automatically generated by an off-the-shelf spreadsheet add-on
Sector packs of prefab sheets
25
Case II: Raj Srivastavas Information Security Assessment
Based on:
Sun,
Srivastava
and Mock,
2006
An Informa-tion Systems
Security Risk
Assessment Model under Dempster-Shafer Theory,
pp.43-48
Player
Fully Automatic
Semi
Manual
Automatic
dual-thumb sliders with range highlights
26
Case II: Rajs Information Security Assessment
Builder
This can almost be expressed, in a slightly different way, in Deloittes Smart Audit Support
M: Majority Owner-Manager
S: Sales departmentB: Buy/Purchase department
F: Financial departmentT: IT departmentW: Warehouse manager
L: Labor/salary accounts
P: Planning department
C: Creditor accounts
D: Debtor accountsA: Application
Agent Legend
C b f t
F m d
D s t
A t
L f t
P t
P t
W t
A t
A t
S
A
A
L F
L F
L F
M
M
D F
D
C
B F
B F
W
P
P
P
P
W
A
A
A
A
C m
D f t
S t
A t
F t
B f t
B f t
P t
W t
L f
225
25
200
225
500
25
25
1,000
400
400
100
20
20
20
20
500
400
Agents access is associated to:1. Transactions2. States3. Flows
A capital letter is authorized, legitimate accessA small letter is illegitimate access, arising mainly as consequence of being authorized
Quantitatively motivated process decomposition
27
Case III: EYs & Hans Smart Flowchart Pilot Study
Output in XML, XBRL and scripts:
1. Audit equations
2. Segregation of
Duties analysis
Case by Hans Verkruijsse & EY team
Enterprise-level Process Documentation incorporating Automatic Audit Analytics
Approach: Powerful and easy system to support practice, founded in theory
The worlds strongest process-oriented Auditing Theory: classical Dutch Auditing Theory (80+ yrs)
& its best-fitting rigorous Process Theory:
Petri nets tailored to the Auditing Domain
Dynamic: Transaction
Profit & Loss Item
T
Static: State Balance Item
S
Systematic framework guides input preparation process
Input: diagram
Top-level is Supercycle. Overview connecting traditional cycles. Clarifying. Refreshing.
Case used in Efrim Boritz CAATs class
Fit recognized by Jagdish Gangolly
28
Case IV: Conceptual Positioning &
Computational Infrastructure
Executable External Controls, or audit tests, to test Ist ICs to
Soll ICs;
external auditor, to identify and, if possible, mitigate weaknesses
in
clients Internal Controls (ICs)
Normative Internal Controls in Soll, To Be modality; external auditor
Executable Internal Controls in Ist, As Is modality; internal auditor
XBRL Assurance Business Rules as:
Methodological context for data analysis tasks, answering: When
to do
which test ? and What to do with the test results ? (ACL
AuditExchange)
Standard setters develop high-level guidance packs, and strict
forms
la tax, as basis to be refined, but not overruled, by other pack
builders
External auditors develop sector or client packs for internal
auditors,
strengthening client relationship (source trade, vendor lock-in
& open)
Uploading by fee-earning experts. Downloading and applying by
fee-
paying engagement teams. With a broker fee for the platform
provider
By auditors, for auditors - no content mediators, only platform provider
Audit Pack Platform, Business Model:
Source: Rick Bookstab(b)er at
http://rick.bookstaber.com/2009/02/markup-languages-and-mapping-market.html,
speaker at the XBRL Risk Governance Forum, hosted by the
IBM Data Governance Council, February 2009 [emphasis added]:
Within the work of this Forum are the seeds of reducing the risk of
future market crisis. Indeed, it could be the foundation for a
quantum leap in risk management.
29
Case V: Rick Bookstabers proposal to set up an early
warning system to identify build-up of systemic risk +
mitigation
Having the proper tags the proper bar code, if you will for financial products, ranging from bonds and equities to structured products and swaps will allow us to understand the potential for crisis events and system risk. It will help us anticipate the course of a systemic shock. It will identify cases where many investors might be acting prudently, but where their aggregate positions lead to a level of risk which they on their own cannot see. It also will give us the means to evaluate crises after the fact.
Why not have the external auditors do the first data aggregation ? They already visit all the major companies, know about auditing risks and know how to aggregate data to relevant, accurate, complete and fairly presented information on the business level. They only have to bundle and aggregate this individual business information to sector information. Furthermore, they are also familiar with all confidentiality issues involved. The audit firms submit their audited sector information to a central governmental agency, who is responsible for the new anticipation tasks.
Comment posted by Philip Elsas on Ricks blog
Agenda
On Positioning XBRL Assurance Business Rules
in a Computational Infrastructure for Modern Auditing
How XBRL Works, by Charles Hoffman
Charles Smart XBRL App & Deloittes Smart Audit Support
Killer App for XBRL Assurance:
Early Warning System for Systemic Risk
30
XBRL Assurance, Business Rules and XBRL Formula
Looking into Builder-Based XBRL Assurance Apps
Killer App (Wikipedia): any computer program that is so
necessary or desirable that it proves the core value of some larger
technology, such as computer hardware like a gaming console,
operating system or other software.
A killer app can substantially increase sales of the platform that
it runs on.
First release: matter of weeks or months, not years
The audit firms, as first aggregators of systemic risk indicators, connect micro to macro in XBRL (i.e. who is leveraged, what do they own and what do they owe to whom?), and submit their audited sector indicators to a government agency responsible for the new anticipation and mitigation tasks
How far away?
31
Priority for Urgency:
Early Warning System as Killer App for XBRL Assurance,
speeding up getting XBRLs Place & Future into Here &
Now
For computational functionality: stop expecting more from
XML,
start expecting more from the builder-based approach
An off-the-shelf system for bar-code tracking and tracing and configured for XBRL tag-coded financial products
Proposed Solution
Risks to be identified: crowding in markets, hot spots of high leverage, linkages in event of crisis based on investor positions
Jumpstart by co-operation of top-specialists Rick Bookstaber,
Raj Srivastava
and Charles Hoffman, and preferably in co-operation with a Big 4
audit firm
Small step for XBRL,
quantum leap for financial world
XBRL Assurance is closer than ever
Limperg described the essence of the Theory of Inspired
Confidence as follows: The normative core of the Theory of Inspired
Confidence is therefore this:
the [auditor] is obliged to carry out his work in such a way that
he does not
betray the expectations which he evokes in the sensible layman
and;
conversely, the [auditor] may not arouse greater expectations than
can be
justified by the work done. [1932, 1933]
This takes the principles-based approach to its logical extreme. At
this extreme, there are no definite rules for what procedures an
auditor must perform in a particular case, but the general
principle that guides the auditor is to perform enough work to meet
the expectations the auditor has aroused in society. Thus, the most
important factor is societys needs, and the related factor that
interacts with it is the ability of auditing methods to meet
societys needs. However, societys needs are not fixed and change
over time. Also, auditing methods can change and improve over
time.
32
Why the audit profession welcomes increase of their
usefulness by being pivotal in systemic early warning
The dynamic theory [of inspired confidence] that connects
societys need for reliable financial information to the ability of
auditing methods to meet this need is the essence of the process
that the PCAOB must follow.
The PCAOBs process must be directed by what is necessary to protect
investors and further the public interest.
Source of quotes: Douglas R. Carmichael, first PCAOB Chief Auditor, 2004, http://aaahq.org/audit/midyear/04midyear/papers/Carmichael%20Speech.doc
The PCAOB and the Social Responsibility of the Independent Auditor
Limperg Institute Symposium, the Netherlands, June 10, 2009, organized by Hans Blokdijk & Ruud Veenstra, with contribution of ComputationalAuditing.com
[emphasis added]