XBRL Kansas Elsas

On Positioning XBRL Assurance Business Rules in a Computational Infrastructure for Modern Auditing Philip Elsas ComputationalAuditing.com Lawrence, Kansas April 24-25, 2009 2009 Annual University of Kansas International Conference on XBRL A Practical View of XBRL in the 21 st Century

Introduction
Since 2003: Company - Canada, Netherlands
1988-2003: Deloitte. with intermezzo at Bakkenist Management Consultants, sold to Deloitte.
1990- 1996: PhD Computational Auditing
- Principal, Chief Architect & inventor of Smart Audit Support - Smart Audit Support is since 1994 key in Deloitte’s worldwide audit practice. Currently integrated in “The Deloitte Audit” - System blueprint in Chapter 5 of … - PhD in Mathematics & Computing Science on Financial Auditing - Parallel to Smart Audit project, in part-time at Vrije Universiteit - Directly after appearance awarded with the biennial Alfred Coini Prize for the best publication in Auditing Offering software and consultancy services to audit practices and audit software firms 1 The Dutch Tax Office used Computational Auditing in 2001-2003 as Frame of Reference to compare Big 4 firm’s planning and decision-support models and systems to investigate how to improve audit productivity (57 page report); considers Smart Audit Support “leader of the pack”.

Agenda On Positioning XBRL Assurance Business Rules in a Computational Infrastructure for Modern Auditing
How XBRL Works, by Charles Hoffman
Charles’ Smart XBRL App & Deloitte’s Smart Audit Support
Killer App for XBRL Assurance: Early Warning System for Systemic Risk
2
XBRL Assurance, Business Rules and XBRL Formula
Looking into Builder-Based XBRL Assurance App’s
Killer App (Wikipedia): any computer program that is so necessary or desirable that it proves the core value of some larger technology, such as computer hardware like a gaming console, operating system or other software. A killer app can substantially increase sales of the platform that it runs on.

How XBRL Works by Charles Hoffman, CPA Source at http://www.youtube.com/watch?v=nATJBPOiTxM 3

Unstructured Text Inventory Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456 , respectively. Source: Charles Hoffman 4

Structured Text <InventoryInformation> Inventory Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456, respectively. </InventoryInformation> Source: Charles Hoffman 5

Structured for Presentation <html> <p><bold> Inventory </bold></p> <p> Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to <bold> $45,594 </bold> and <bold> $34,456 </bold> , respectively. </p> </html> Inventory Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456 , respectively. Source: Charles Hoffman 6

Structured for Meaning <Inventory> <ConsistsOf> produce purchased for resale and supplies </ConsistsOf> <StatedAt> lower of cost or market </StatedAt> <ValuationMethod> FIFO </ValuationMethod> <Value2006> $45,594 </Value2006> <Value2005> $34,456 </Value2005> </Inventory> Inventory Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456 , respectively. Source: Charles Hoffman 7

Structured for Meaning, Global Standard <InventoryComponents contextRef=“D-2006”> produce purchased for resale and supplies </InventoryComponents> <InventoryCostBasis contextRef=“D-2006”> lower of cost or market </InventoryCostBasis> <ValuationMethod contextRef=“D-2006”> FIFO </ValuationMethod> <Value2006 contextRef=“D-2006” unitRef=“USD” decimals=“0”> 45594 </Value2006> <Value2005 contextRef=“D-2006” unitRef=“USD” decimals=“0”> $34,456 </Value2005> Inventory Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456 , respectively. Source: Charles Hoffman 8

This isn’t your Daddy’s Financial Reporting Application! 9 Current approach, type this into Word: Inventory Inventory consists of produce purchased for resale and supplies and are stated at the lower of cost or market using the first-in, first-out (FIFO) method. Inventory as of December 31, 2006 and 2005 amounted to $45,594 and $34,456 , respectively. Smart XBRL Application: Or: Put a grid (neutral format table) here Inventory Source: Charles Hoffman

10

XBRL Assurance
XBRL assurance is the auditor’s opinion on whether a financial statement or other business report published in XBRL, is relevant, accurate, complete, and fairly presented. An XBRL report is an electronic file and called instance in XBRL terminology.
11 IFAC and other accounting organizations are discussing the topic to decide on a common approach and XBRL auditing standards. The auditor may give assurance to an XBRL financial statement, an XBRL business report and XBRL real-time reporting (often referred to as continuous reporting). The short term focus is on XBRL financial statements and regulatory reports, while the future focus is expected to be more on real-time reporting. The XBRL standard has the ability to define business rules. These business rules can be found in different places (i.e. datatypes or linkbases) in the XBRL taxonomy. Application of these business rules will contribute to the reliability of the XBRL report. The business rules can be used by the reporting company (preparer), the taxonomy author (i.e. regulator) or the auditor. Source: Marc van Hilvoorde, 2008, http://en.wikipedia.org/wiki/XBRL_assurance

How to articulate, validate and execute a specification of an XBRL assurance process? 12 In XBRL Assurance we are particularly interested in articulating a methodology-based audit approach, or audit process, that guides how to achieve assurance Isn’t it too low? Isn’t it too high? For example: Charles’ Smart XBRL Application Inventory( Inflow:Purchase ) + Inventory( Begin ) – Inventory( End )  Inventory( Outflow:Resale,Suppliers ) in products or money (gross profit) 1 st interpretation: Bold font = Completeness Regular font = Correctness 2nd interpretation: Bold font = Correctness Regular font = Completeness Example audit equation

Assets = Liabilities + Equity (i.e. the balance sheet balances)
The invoice total equals to the sum of the invoice line item amounts
If you report Property, Plant and Equipment on your balance sheet, you need to provide specific policies and disclosures relating to that line item
13
declare function my:withinTolerance( $x as xdt:anyAtomicType, $y as xdt:anyAtomicType ) as xdt:boolean* { fn:abs( $x - $y) lt 500 }
tax:withinTolerance ($Assets,($CurrentAssets + $FixedAssets))
sec:withinTolerance ($Equity,$EquityPrev + $Earnings)
withinTolerance ($Assets,$Liabilities + $Equity)
…
if (…) then … else if (…) then … else …
Source: Charles Hoffman, 2009, http://xbrl.squarespace.com/journal/2009/1/11/things-generally-missed-about-business-rules-validation.html Source: XBRL Formula Requirements by Hamscher, Shuetrim and Vun Kannon, 2005, http://www.xbrl.org/technical/requirements/Formula-Req-CR-2005-06-21.htm In articulating an XBRL assurance process, a central role is considered for Business Rules using XBRL Formula For example, fragments from corresponding XBRL Formula For example, Business Rules

14 Having a computer-interpretable articulation of business rules offers main advantages: 1. automatic validation , and 2. automatic execution , like workflow software app’s for document transformations ( BPEL , XPDL , YAWL , Wf-XML )
And, as a consequence of having one standard language to specify assurance business rules, users have extra advantages:
A global standard way to express business rules
A global standard way of exchanging such rules between applications
Business rules are separate from, instead of integrated in, applications
XBRL engines support a large user base, reducing cost per user
You can apply your own XBRL rules on incoming XBRL information
Source: Charles Hoffman, 2009, http://xbrl.squarespace.com/journal/2009/1/11/things-generally-missed-about-business-rules-validation.html [with point #2 extended] Advantages

15
avoids handcrafting XBRL Formula expressions…
Being focused on capturing audit methodology in Business Rules expressed in XBRL Formula, let’s now look into an approach that: 2. …by using a tailored website builder and generates these expressions ‘behind the screens’ for validation and ‘executable code’-generation purposes
applicable to XBRL reports as Cascading Style Sheets
‘ inside scripting’ (inside the audit team):
data analysis tasks, with form-driven configuration and methodologically embedded in an audit planning context: “ When to do which task?” and “ What to do with results?”
client-side scripting and
server-side scripting (e.g. JSP Standard Tag Library ),
technically embedding executable scripts, via 3-way scripting :
automatically generating XML, XBRL and XBRL Formulas
publish/upload these smart forms as dynamic web pages
by specifying smart, interactive document/form templates
to articulate guidance on how to achieve XBRL assurance: “ What keeps Audit Leaders up at night?”, ACL, 2008

16 Why is it worthwhile to look into such a builder approach? To gain extra advantages Since a dedicated builder for XBRL Assurance is easy to use, it enables autonomous use by auditors , to prepare methodological guidance for auditors , without content intermediaries: quality & speed An executable specification of an audit methodology supports driving integral planning, execution and documentation of each audit instance Choosing document templates as ‘embedders’ of the audit methodology enables levels of documentation , both prescribing (setting standards) & describing (client instance) If it’s Not Documented, it’s Not Audited Evidence Acquisition Strategy that’s Executable

17

18 Charles’ Smart XBRL Application: Built in Yahoo! SiteBuilder Played in an arbitrary browser Player Builder

p.334
19 p.337 Builder Player Audit methodology specification drives integral planning, execution and documentation Illustrative case: Classification of the Client’s Use of Computers Proven Architecture for Interactive Audit Documentation and Guidance Conditional relevancy: An outgoing arrow  labeled with choice  specifies an activation dependency to a question, section, table, form, task, etc. Effective: don’t miss relevant issue Efficient: less relevant issue is not accessible Mitigation of litigation risk ‘ Correctness by Construction’ Deloitte’s Smart Audit Support: Interactive Audit Documentation published in Word and browsers World’s strongest audit support

Smart Audit Support’s Document Index related to Deloitte’s International Audit Approach (1990’s) p.336 20 p.62 All planning docs are smart forms All planning docs are smart forms All planning docs are smart forms All planning docs are smart forms All planning docs are smart forms All planning docs are smart forms Audit pack is a bundle of forms Deloitte’s Audit Methodology

Why builder-based approach? extra benefits to gain for XBRL Assurance 21 The main challenge in specifying an executable assurance methodology: preserve operational integrity and consistency That’s where science steps in: mathematical proofs that show how each ‘rewriting step’ in the executable methodology specification preserves integrity and consistency E.g. the processing structure of all connected questions, tables, etc. is guarded to be a Directed Acyclic Graph a specification huge in size, complex in structure, globally distributed, regionally refined, daily used by many, in groupware, and, as wanted and encouraged, regularly updated
Assurance expert makes own application & uploads it (business model)
Jumpstart: only a few hours learning curve on how to use builder tool
Comfortable: builder prevents classes of technical errors, no debugging
No need for cumbersome ‘knowledge elicitation’ from expert to engineer
No need to transfer ‘knowledge engineer’ specs to XBRL Formula expert
No need for the expert to verify the app made by XBRL Formula expert
Since a dedicated tool to build assurance guidance is easy to understand and use, assurance experts are enabled to autonomously construct executable guidance material, leading to extra benefits: ‘ Correctness by Construction’ in Domain-Specific Language (DSL)

22

23 Case I: Charles’ Smart XBRL App: extended for assurance Lower of Cost or Market (LCM) is an approach to valuing and reporting inventory. Normally ending inventory is stated at historical cost (what was paid to obtain it) but there are times when the original cost of the ending inventory is greater than the cost of replacement thus the inventory has lost value. If the inventory has decreased in value below historical cost then its carrying value is reduced and reported on the balance sheet. The criterion for reporting this is the lesser of the value of the original cost or the market value. Any loss resulting from the decline in the value of inventory is charged to Cost of Goods Sold (COGS) if non-material, or Loss on the reduction of inventory to LCM if material. http://en.wikipedia.org/wiki/Lower_of_Cost_or_Market Builder Player Functionality looked for by DecisionSoft, 2003 Available in Deloitte’s Smart Audit Support

Standard lib 24 Case I: Charles’ Smart XBRL App: getting ‘Formula in Form’ Builder Player Excel library with XBRL functions The ‘Formula in Form’ is automatically generated by an off-the-shelf spreadsheet add-on Sector packs of prefab sheets Inventory( Inflow:Purchase ) + Inventory( Begin ) – Inventory( End )  Inventory( Outflow:Resale,Suppliers ) in products or money (gross profit) Example audit equation

25 Case II: Raj Srivastava’s Information Security Assessment Based on: Sun, Srivastava and Mock, 2006 “An Informa-tion Systems Security Risk Assessment Model under Dempster-Shafer Theory”, pp.43-48 Player Fully Automatic Semi Manual Automatic dual-thumb sliders with range highlights

26 Case II: Raj’s Information Security Assessment Builder This can almost be expressed, in a slightly different way, in Deloitte’s Smart Audit Support

Case III: EY’s & Hans’ Smart Flowchart Pilot Study M: Majority Owner-Manager S: Sales department B: Buy/Purchase department F: Financial department T: IT department W: Warehouse manager L: Labor/salary accounts P: Planning department C: Creditor accounts D: Debtor accounts A: Application Agent Legend Agent’s access is associated to: 1. Transactions 2. States 3. Flows A capital letter is authorized, legitimate access A small letter is illegitimate access, arising mainly as consequence of being authorized Quantitatively motivated process decomposition 27 Output in XML, XBRL and scripts : 1. Audit equations 2. Segregation of Duties analysis Case by Hans Verkruijsse & EY team Enterprise-level Process Documentation incorporating Automatic Audit Analytics Approach: Powerful and easy system to support practice, founded in theory The world’s strongest process-oriented Auditing Theory: classical Dutch Auditing Theory (80+ yrs) & its best-fitting rigorous Process Theory: Petri nets tailored to the Auditing Domain Systematic framework guides input preparation process Input : diagram Top-level is Supercycle . Overview connecting traditional cycles. Clarifying. Refreshing. Case used in Efrim Boritz’ CAATs class Fit recognized by Jagdish Gangolly C b f t F m d D s t A t L f t P t P t W t A t A t S A A L F L F L F M M D F D C B F B F W P P P P W A A A A C m D f t S t A t F t B f t B f t P t W t L f 225 25 200 225 500 25 25 1,000 400 400 100 20 20 20 20 500 400 Dynamic: Transaction Profit & Loss Item T Static: State Balance Item S

28 Case IV: Conceptual Positioning & Computational Infrastructure
Executable External Controls, or audit tests, to test ‘ Ist ’ ICs to ‘ Soll ’ ICs; external auditor, to identify and, if possible, mitigate weaknesses in client’s Internal Controls (ICs)
Normative Internal Controls in ‘ Soll ’, ‘ To Be ’ modality; external auditor
Executable Internal Controls in ‘ Ist ’, ‘ As Is ’ modality; internal auditor
XBRL Assurance Business Rules as:
Methodological context for data analysis tasks, answering: “ When to do which test ?” and “ What to do with the test results ?” (ACL AuditExchange)
Standard setters develop high-level guidance packs, and strict forms à la tax, as basis to be refined , but not overruled, by other pack builders
External auditors develop sector or client packs for internal auditors, strengthening client relationship (source trade, vendor lock-in & ‘open’)
Uploading by fee- earning experts. Downloading and applying by fee- paying engagement teams. With a broker fee for the platform provider
By auditors, for auditors - no content mediators, only platform provider
Audit Pack Platform, Business Model :

Source: Rick Bookstab(b)er at http://rick.bookstaber.com/2009/02/markup-languages-and-mapping-market.html , speaker at the XBRL Risk Governance Forum, hosted by the IBM Data Governance Council, February 2009 [emphasis added]: “Within the work of this Forum are the seeds of reducing the risk of future market crisis. Indeed, it could be the foundation for a quantum leap in risk management.” 29 Case V: Rick Bookstaber’s proposal to set up an early warning system to identify build-up of systemic risk + mitigation “ Having the proper tags – the proper bar code, if you will – for financial products, ranging from bonds and equities to structured products and swaps will allow us to understand the potential for crisis events and system risk. It will help us anticipate the course of a systemic shock. It will identify cases where many investors might be acting prudently, but where their aggregate positions lead to a level of risk which they on their own cannot see. It also will give us the means to evaluate crises after the fact.” Why not have the external auditors do the first data aggregation ? They already visit all the major companies, know about auditing risks and know how to aggregate data to relevant, accurate, complete and fairly presented information on the business level. They only have to bundle and aggregate this individual business information to sector information. Furthermore, they are also familiar with all confidentiality issues involved. The audit firms submit their audited sector information to a central governmental agency, who is responsible for the new anticipation tasks. Comment posted by Philip Elsas on Rick’s blog

30
Killer App (Wikipedia): any computer program that is so necessary or desirable that it proves the core value of some larger technology, such as computer hardware like a gaming console, operating system or other software. A killer app can substantially increase sales of the platform that it runs on.

First release: matter of weeks or months, not years
The audit firms, as first aggregators of systemic risk indicators, connect ‘micro to macro’ in XBRL (i.e. who is leveraged, what do they own and what do they owe to whom?), and submit their audited sector indicators to a government agency responsible for the new anticipation and mitigation tasks
How far away? 31 Priority for Urgency: Early Warning System as Killer App for XBRL Assurance, speeding up getting XBRL’s ‘Place & Future’ into ‘Here & Now’
For computational functionality: stop expecting more from XML, start expecting more from the builder-based approach
An off-the-shelf system for bar-code tracking and tracing and configured for XBRL tag -coded financial products
Proposed Solution Risks to be identified: crowding in markets, ‘hot spots’ of high leverage, linkages in event of crisis based on investor positions Jumpstart by co-operation of top-specialists Rick Bookstaber, Raj Srivastava and Charles Hoffman, and preferably in co-operation with a Big 4 audit firm Small step for XBRL, quantum leap for financial world XBRL Assurance is closer than ever

“ Limperg described the essence of the Theory of Inspired Confidence as follows: “ The normative core of the Theory of Inspired Confidence is therefore this: the [auditor] is obliged to carry out his work in such a way that he does not betray the expectations which he evokes in the sensible layman and; conversely, the [auditor] may not arouse greater expectations than can be justified by the work done.” [1932, 1933] This takes the principles-based approach to its logical extreme. At this extreme, there are no definite rules for what procedures an auditor must perform in a particular case, but the general principle that guides the auditor is to perform enough work to meet the expectations the auditor has aroused in society. Thus, the most important factor is society’s needs , and the related factor that interacts with it is the ability of auditing methods to meet society’s needs. However, society’s needs are not fixed and change over time. Also, auditing methods can change and improve over time.” 32 Why the audit profession welcomes increase of their usefulness by being pivotal in ‘systemic early warning’ “ The dynamic theory [of inspired confidence] that connects society’s need for reliable financial information to the ability of auditing methods to meet this need is the essence of the process that the PCAOB must follow.” … “The PCAOB’s process must be directed by what is necessary to protect investors and further the public interest.” Source of quotes: Douglas R. Carmichael, first PCAOB Chief Auditor, 2004, http://aaahq.org/audit/midyear/04midyear/papers/Carmichael%20Speech.doc “ The PCAOB and the Social Responsibility of the Independent Auditor” Limperg Institute Symposium, the Netherlands, June 10, 2009, organized by Hans Blokdijk & Ruud Veenstra, with contribution of ComputationalAuditing.com [emphasis added]

XBRL Kansas Elsas

by Philip Elsas on Apr 30, 2009

Accessibility

Categories

Upload Details

Usage Rights

Statistics

XBRL Kansas Elsas — Presentation Transcript