XBRL: The Frontier of Financial Reporting

The theme of this article is straight-

forward, but its application in practice is

a bit more complicated: Enterprise Risk

Management (ERM) is becoming increas-

ingly valued as a core business process

within organizations, yet research direct-

ed to CEOs, CFOs, and boards of direc-

tors indicates that effective adoption is

slow and arduous. XBRL (eXtensible Busi-

ness Reporting Language), as you know

from this column, is an open standard

focused primarily on external financial

reporting that is increasingly being

turned “inward” to improve organiza-

tional effectiveness in risk management,

internal controls, operational reporting,

sustainability reporting, business intelli-

gence, and more.

Let’s start at the beginning. What is

ERM? The Committee of Sponsoring

Organizations of the Treadway Commis-

sion (COSO) defines ERM as: “A process,

effected by an entity’s board of directors,

management and other personnel,

applied in strategy setting and across the

enterprise, designed to identify potential

events that may affect the entity, and

manage risk to be within its risk appetite,

to provide reasonable assurance regard-

ing the achievement of entity objectives.”

ERM generally encompasses a strate-

gic and systematic approach to manag-

ing risks across the organization that

includes a process for identifying and

managing risks, the people involved in

the process, and supporting technology

for monitoring and managing risks.

And what about ERM’s value for our

profession? For some insights there, we

turn to Robert Kaplan, one of the lumi-

naries in our profession and a member

of IMA®:

“Quantifying financial, operating,

technological, and strategic risk is far

from trivial, and much needs to be

learned to make ERM more effective.

Also, risk management requires effective

systems for internal control and gover-

nance. Management accountants can

play a leadership role in the design and

effective implementation of these risk

management systems. This area would

be my highest priority for where in-

creases in knowledge and professional

expertise could add substantial value to

an organization.“ Strategic Finance,

March 2008.

IMA is a founding member of COSO,

a committee of five accounting associa-

tions and a thought leader in delivering

guidance, thought leadership, and

research in the areas of internal controls,

risk management, and fraud prevention.

COSO’s 2010 Report on ERM: Current

State of Enterprise Risk Oversight and

Market Perceptions of COSO’s ERM

Framework says: “The state of ERM

appears to be relatively immature. Only

28 percent of respondents describe their

current state of ERM implementation as

systematic, robust and repeatable with

regular reporting to the board. Almost 60

percent of respondents say their risk

tracking is mostly informal and ad hoc or

only tracked within individual silos or cat-

egories as opposed to enterprise-wide.“

And a COSO-sponsored study by Pro-

tiviti, Board Risk Oversight: Where

Boards of Directors Currently Stand in

Executing Their Risk Oversight Responsi-

bilities (December 2010), states: “We

found there are mixed signals about the

effectiveness of board risk oversight

across organizations…A strong majority

indicate that their boards are not for-

mally executing mature and robust risk

oversight processes.”

If ERM is viewed as important—

especially in the wake of financial frauds

and the recent global financial crises—

6 4 S T R AT E G IC F I N A N C E I M a y 2 0 1 1

TECHNOLOGY

XBRLXBRL and ERM: IncreasingOrganizational Effectiveness

By Jeffrey C. Thomson, CMA, and Uma Iyer

M a y 2 0 1 1 I S T R AT E G IC F I N A N C E 6 5

then what is the problem? Put simply,

recognizing ERM as a critical business

process with longer-term, sometimes

intangible benefits isn’t the same as inte-

grating it as a critical business process. Is

this a systematic and comprehensive

process by which enterprise risk is identi-

fied? How do we determine that risks

aren’t buried in silos? How do we deter-

mine that management and boards have

frequent discussions on the top risks fac-

ing the enterprise—and whether they

are being mitigated or managed to an

acceptable level relative to objectives?

How do we determine that risks identi-

fied in one part of the organization are

rationalized with risks identified in

another part of the organization (in

some cases, the individual risks may not

be material or probable, but, when

“interacted” together, they may become

material and/or probable)?

Part of the integration challenge—and

hence overall effectiveness of ERM—can

be solved with enabling technology, such

as the open standard XBRL. As indicated

earlier, XBRL has been focused primarily

on external financial reporting, but users

are increasingly looking for opportunities

to leverage XBRL for other purposes.

Investor demand for more trans-

parency into corporate financials and the

desire to accelerate the financial infor-

mation supply chain are driving the need

for faster, high-integrity reporting of

financial results to multiple stakeholders.

XBRL allows for increased transparency

of financial information and easier access

to financial and business data to meet

such demands. The extensibility and flex-

ibility that XBRL offers provides the

potential for it to be adapted to a wide

variety of applications and requirements,

including ERM.

The key issue that organizations face

with ERM is the need to source and

manage data from multiple disparate

systems and to manage multiple compli-

ance management frameworks. Financial

data generally resides in ERP or other

accounting systems, while risk and con-

trol frameworks are either stored in

spreadsheets or disparate point solu-

tions. This leads to a manual process for

compilation of data from financial and

compliance management systems. So

how does XBRL help with this issue?

An XBRL-based solution makes it pos-

sible to extract and manipulate data

from multiple sources and combine or

consolidate such data to create data

views and reports that can be repur-

posed for a variety of uses and/or users.

In the context of ERM, XBRL can be

deployed to support each of the key

phases of the ERM process—from risk

identification to risk reporting and

management.

One of the key challenges of ERM is

inconsistent understanding and interpre-

tation of risks across the organization. At

the risk identification and assessment

phases, XBRL can facilitate the develop-

ment of an inventory of risks relevant to

an organization. These risks, along with

relevant controls, can be structured into

an XBRL-based risk and controls taxon-

omy comprising processes, subprocesses,

control objectives, risks, and controls

defined and structured in a standard tax-

onomy format. This provides a standard

definition and approach for classifying

risks and controls and facilitates consis-

tent interpretation through the

organization.

With the ability to run an XBRL report

or create an instance document at any

time, XBRL also facilitates monitoring

and management of risks, controls, and

control activities, allowing organizations

to proactively monitor and address com-

pliance issues. Understanding which con-

trol activities are used to address risks

and control objectives also assists organi-

zations in evaluating the effectiveness of

controls and identifying and leveraging

leading practices for control activities

across various business units.

The XBRL Global Ledger (GL) is a stan-

dard that allows for the extraction or

representation of financial as well as

nonfinancial data found in enterprise

source systems. The combination of the

existing XBRL GL Taxonomy and a poten-

tial XBRL risk and controls taxonomy

would allow for the integration of finan-

cial statement, global ledger, and compli-

ance reporting to enable drilldown on

financial statement items for specific risk

or controls activities. The ability to drill

into Internal Control details tied to

Financial Statement accounts using

XBRL, without the need for manual data

compilation, is potentially a significant

benefit of using an XBRL-based solution

for ERM.

XBRL is already being used in parts of

the world for Basel II reporting of risks

for credit institutions and investment

firms. Financial regulators are also look-

ing at XBRL for solvency reporting. A

report published by Gartner in July 2010,

Hype Cycle for Governance, Risk and

Compliance Technologies, 2010, identi-

fies financial reporting with XBRL as one

of the emerging technologies and gives

it a high benefit rating as a governance,

risk, and compliance solution.

To effectively use XBRL for ERM, there

needs to be a shift in focus from using

XBRL purely for external reporting to

deploying XBRL capabilities for internal

reporting and decision making. But XBRL

technology alone isn’t a silver bullet.

Developing a sustainable long-term solu-

tion for ERM requires a focus on estab-

lishing a defined and concrete ERM

cont inued on page 69

process and leveraging XBRL-based

solutions to support the process. SF

Jeffrey C. Thomson, CMA, is the IMA

President and CEO. You can contact Jeff

at jthomson@imanet.org.

Uma Iyer is a Senior Manager at Deloitte &

Touche, LLP and a member of IMA’s XBRL

Standing Advisory Committee. You can

contact Uma at uiyer@deloitte.com.

About Deloitte—Deloitte refers to one or

more of Deloitte Touche Tohmatsu Limited,

a U.K. private company limited by guaran-

tee, and its network of member firms, each

of which is a legally separate and indepen-

dent entity. Please see www.deloitte.com/

about for a detailed description of the

legal structure of Deloitte Touche Tohmatsu

Limited and its member firms. Please see

www.deloitte.com/us/about for a detailed

description of the legal structure of

Deloitte LLP and its subsidiaries.

M a y 2 0 1 1 I S T R AT E G IC F I N A N C E 6 9

XBRLcont inued f rom page 65

In 2009, the U.S. Securities & Exchange

Commission (SEC) issued a mandate

requiring that U.S. public companies

submit their 10-K, 10-Q, and 8-K filings

using eXtensible Business Reporting Lan-

guage (XBRL). The final of the three

phases of this mandate became effective

for smaller filers with year-ends after

June 15, 2011—approximately 5,000

companies. Now all U.S. public compa-

nies are required to use the U.S. Gener-

ally Accepted Accounting Principles

(GAAP) Financial Reporting Taxonomy

(UGT) to meet this requirement. Compli-

ance requires tagging these financial fil-

ings with XBRL tags for each account

(element) on a company’s financial state-

ments. The requirement also applies to

footnote disclosures.

The mandate has provided more trans-

parency in corporate reporting but at a

cost to the companies trying to map their

accounts to XBRL while trying to achieve

full financial disclosure. Some of the

problems the SEC identified were the cre-

ation of extension elements when exist-

ing elements existed, using the wrong

element, and the need to add an exten-

sion element because an element neces-

sary for disclosure didn’t exist. For exam-

ple, in 2009, United Airlines needed to

disclose high fuel costs, but the UGT

didn’t have a term for it. To satisfy the

disclosure, the company needed to add

an extension for fuel costs. In response to

the weaknesses of the 2009 UGT, the

Financial Accounting Foundation (FAF),

parent of the Financial Accounting Stan-

dards Board (FASB), released the 2011

UGT in February 2011. It includes more

than 4,000 changes to address account-

ing standards changes and 1,900 new

elements, which increases the number of

elements to more than 15,000. While the

improvements to the UGT will help U.S.

filers improve the quality of their filings,

the scope of this requirement continues

to challenge those working to accurately

map their accounts to XBRL. Some filers,

such as Microsoft, have adopted XBRL

peer review to help them make informed

tagging choices. Let’s take a look at how

Microsoft uses the peer review process

and Rivet Pivot software to do this.

Peer ReviewCompanies are beginning to perform a

review of their industry peers to compare

tagging choices in their XBRL filings. This

simply means comparing a company’s

financial statement tagging elements to

those selected by the company’s industry

peers as well as all filers. Microsoft has

taken the lead in peer review and uses a

report designed by Rivet Software, Rivet

Pivot, to automate this process. Because

SEC financial filings are public records, all

that a company needs to do is choose

the peer company filings and dates and

download them from the SEC website.

According to Paige Hamack, Micro-

soft’s SEC Reporting Group accounting

manager: “An integral part of our XBRL

reporting process at Microsoft is a quar-

terly analysis of the XBRL tags used by

an alternating group of peer companies.

This peer review helps us ensure that our

XBRL reporting is complete and accurate

and meets one of the most important

5 6 S T R AT E G IC F I N A N C E I J u l y 2 0 1 1

TECHNOLOGY

XBRLPeer Review: An Internal Control for the XBRL SEC Tagging Mandate

By Kristine Brands, CMA, CPA

IMAG

E CO

UR

TESY

: IC

LIPA

RT.

COM

/MIC

RO

SOFT

J u l y 2 0 1 1 I S T R AT E G IC F I N A N C E 5 7

objectives of XBRL, which is comparabili-

ty of similar information across compa-

nies. To perform this review, we use a

custom report created by Rivet.” Each

quarter they perform the XBRL peer

review to review the tags used by their

peers but not used by them and vice

versa, and to review reporting disclosures

they make annually but that their peer

group makes quarterly and vice versa.

The key differences of the peer review

are summarized and presented to senior

management for review.

Benefits of peer review analysis include

having meaningful conversations with

their peers about XBRL tag usage,

explaining and defining XBRL judgment

areas to senior management for review,

and improving the quality of tagging,

which will reduce questions from XBRL

data users. While many companies have

chosen to outsource their XBRL tagging

to third-party providers, that doesn’t

excuse a company from accurately tag-

ging the data. Peer review is an impor-

tant internal control to review the accura-

cy of XBRL tagging. Although there’s a

two-year limited liability for XBRL filings

after a company complies with the SEC

mandate, it’s always in a company’s best

interests to create high-quality filings to

reduce the number of questions asked by

stakeholders: analysts, the SEC, investors,

and the Internal Revenue Service (IRS).

Ted Stavropoulos, director of business

development at Rivet Software, believes

that the early benefits of XBRL SEC fil-

ings are enabling the SEC to analyze the

filings by using decision rules to analyze

the data to generate reports that identify

outlier information. In the past, there

was too much data to allow comprehen-

sive analysis of inbound reporting by the

SEC. Now that barrier has been

removed, and the SEC can use a risk-

based approach to analyze the XBRL

data to quickly identify companies that

report outlier data. Think about the SEC

using this data as the basis for additional

questions in comment letters.

Peer review provides you with valu-

able insight into your filings because you

can compare your data to your peer

group’s data. Regardless of whether you

use a software tool like Rivet Pivot or

download your company’s peer group

from the SEC to an Excel spreadsheet

and perform your own review, peer

review will help your company improve

the quality of SEC XBRL filings. SF

Kristine Brands, CMA, CPA, is an assis-

tant professor at Regis University in Col-

orado Springs, Colo., and is a member

of IMA’s Pikes Peak Chapter. You can

reach her at kmbrands@yahoo.com.

RIVET PIVOT PEER REVIEW TAGGING EXAMPLE, COURTESY OF RIVET SOFTWARE

The power of eXtensible Business

Reporting Language (XBRL) is the trans-

parency that it provides financial report-

ing. It allows financial statement users to

analyze and compare their financial

statements with those of other compa-

nies using XBRL-formatted statements. A

key factor for achieving financial report-

ing transparency is the existence of a

comprehensive and robust XBRL taxono-

my because the taxonomy serves as a

dictionary to define the accounting

terms and standards that are used to tag

the information in the financial state-

ments. As a result, financial information

can be searched electronically, allowing

users to prepare, analyze, and process

the data for their reporting needs. More

robust taxonomies will improve the com-

parability of the XBRL filings.

The U.S. Securities & Exchange Com-

mission (SEC) recognized the importance

of XBRL financial reporting when it

issued a rule in 2009 mandating XBRL

filings for companies listed on U.S. stock

exchanges. Compliance with the rule

was phased in over a three-year period.

The final phase of the rule became effec-

tive June 15, 2011, requiring small-cap

and Foreign Private Issuers (FPIs) to sub-

mit XBRL filings for their financial reports

to comply with the mandate. Because of

the widespread global adoption of Inter-

national Financial Reporting Standards

(IFRS), many FPIs use IFRS for financial

reporting. But because of issues with the

IFRS XBRL (xIFRs) taxonomy, FPIs have

been unable to comply.

Catch-22The status of FPIs’ compliance with the

SEC mandate is in a Catch-22. Although

global adoption of IFRS for financial

reporting has swept the globe, the xIFRS

taxonomy’s development has met several

challenges. The first xIFRS taxonomy was

issued in late March 2011, barely a quar-

ter before the FPIs’ filing requirement

date. This release was two years after

the first U.S. Generally Accepted

Accounting Principles (GAAP) Financial

Reporting Taxonomy (UGT) for the SEC

mandate was released in 2009. The SEC

and the Center for Audit Quality raised

concerns that the SEC didn’t have

enough time to review and approve the

xIFRS taxonomy, a step required by the

mandate. They also noted that the num-

ber of concepts (the actual financial

reporting elements) was inadequate and

didn’t address common IFRS financial

reporting practice concepts such as sales

and aggregated sales and marketing

expense. These concerns led the SEC to

issue a No Action letter in early April

2011 stating that the Commission hasn’t

specified an accepted IFRS XBRL taxono-

my. Since there is no SEC-approved XBRL

IFRS taxonomy, FPIs can’t meet the filing

requirement until the SEC approves one.

The No Action designation also means

that FPIs won’t be sanctioned for not

filing XBRL financial statements.

What Are the TaxonomyDifferences?Let’s examine some of the differences

between the two taxonomies for insight

into this problem. The UGT development

effort, now headed by the Financial

Accounting Foundation (FAF), issued the

updated and improved 2011 UGT in Feb-

ruary 2011. On September 1, 2011, it

released the 2012 UGT for public review

and comment, adding more improve-

ments to meet filers’ reporting needs.

The scheduled release date is early 2012.

The managing body for xIFRS is the Inter-

national Accounting Standards Founda-

tion (IASF), which issued an interim xIFRS

5 6 S T R AT E G IC F I N A N C E I O c t o b e r 2 0 1 1

XBRLA Tale of Two XBRL Taxonomies

By Kristine Brands, CMA, CPA

TECHNOLOGY

O c t o b e r 2 0 1 1 I S T R AT E G IC F I N A N C E 5 7

release on September 1 to address con-

cerns raised by the SEC. The IASF is cur-

rently working on the 2012 xIFRS that

will include improvements that are

expected to meet SEC requirements and

approvals. The exposure draft release

date is scheduled for January 2012, and

April 2012 is the targeted final release

date. For the past three years, the UGT

has been used for the mandate, and its

revisions incorporate user feedback. xIFRS

hasn’t been road-tested.

The difference in the breadth and

depth of the taxonomies is an eye open-

er. The 2011 UGT includes about 15,000

financial reporting elements with several

industry entry points, such as the Com-

mercial and Industrial Taxonomy that

applies to most companies. The 2011

xIFRS taxonomy weighs in at about

2,500 concepts. One reason for this vast

difference is that xIFRS was designed to

only address IFRS. The taxonomy’s initial

scope was limited to concepts for IFRS

disclosure requirements and guidance.

Common financial reporting concepts

and local, jurisdictional, and industry-/

company-specific reporting requirements

weren’t included. The limited number of

concepts forces companies to add

extensions to achieve disclosure require-

ments, which diminishes the power of

XBRL-reported financial statements by

compromising financial reporting com-

parability. The IASF responded to these

issues by modifying the IFRS XBRL mis-

sion statement to include developing a

taxonomy that meets financial users’

needs by including common financial

concepts.

A practical difference affecting taxon-

omy users is access. The UGT SEC Ap-

proved Taxonomies are readily accessible

through an easy-to-use Web-based

browser called Yeti (see Figure 1). The

IFRS 2011 Taxonomy is accessible through

a fee-based subscription to eIFRS content

that includes the complete IFRS and xIFRS.

The FutureThe global financial community is await-

ing the SEC’s decision about U.S. IFRS

adoption that’s expected in early 2012.

The progress that the SEC has achieved

with the XBRL reporting mandate during

the past three years has dramatically

improved the transparency of financial

reporting. The initiative has benefitted

financial statement users and regulators

alike by providing access to all public fil-

ings. Yet the gap between the UGT and

xIFRS taxonomies is substantial and must

be closed before the U.S. adopts IFRS to

prevent the loss of financial transparency

ground. SF

Kristine Brands, CMA, CPA, is an assis-

tant professor at Regis University in Col-

orado Springs, Colo., and is a member

of IMA’s Pikes Peak Chapter. You can

reach her at kmbrands@yahoo.com.

Note: For more information on IFRS and

XBRL, visit www.ifrs.org/XBRL/XBRL.htm,

and on XBRL US GAAP Taxonomies Viewer

US GAAP 2011 Taxonomy Yeti™ Viewer,

visit http://xbrl.us/taxonomies/Pages/US-

GAAP2011.aspx.

Source: http://xbr l.us/taxonomies/P ages/US-GAAP2011.aspx .

Figure 1