Original Article

XBRL: Solving real-world problems

Received (in revised form): 20th March 2009

Glen L. Gray
is a professor of Accounting and Information Systems at California State University, Northridge. Glen received his PhD in 1987 from University of Southern California. He has been an academic member of XBRL International since 2000. His research interests include XBRL, auditing, IT controls, data mining, electronic nancial reporting and electronic commerce. He has conducted research projects funded by the IIA, the AICPA, the ISACA and the Big-4 accounting rms.

David W. Miller
is an assistant professor of Information Systems at California State University, Northridge. David received his PhD in 2003 from Mississippi State University. His research focuses on investigation into technologys effect on social structures and the diffusion of technological innovations as well as issues surrounding management of information security.

ABSTRACT The use of eXtensible Business Reporting Language (XBRL) continues to grow since its public introduction in April 2000. For example, since April 2005, the Securities and Exchange Commission (SEC) has been encouraging Electronic Data Gathering, Analysis, and Retrieval (EDGAR) lers to voluntarily furnish XBRL-related documents as attachments to traditional EDGAR lings. More recently, the SEC has funded a US$54 million project to modernise EDGAR. XBRL is a key component of this modernisation and the mandatory ling of XBRL documents was phased in starting in 2009. In October 2005, the Federal Financial Institution Examination Council (FFIEC) completed a $39 million project that requires over 8000 banks to submit their quarterly call reports to the FFIEC using XBRL. Around the world, several stock exchanges, taxing authorities and other regulatory agencies are requiring organisations that report to them to use XBRL. Beyond the required reporting, XBRL is also providing an improved platform for such things as internal reports and consolidations. Despite the potential benets of XBRL only 137 companies (out of over 10 000 lers) participated in the SECs voluntary ling programme (VFP). Less than 1 per cent of the banks required to use XBRL for quarterly call reports to the FFIEC are also participating in the SECs VFP. XBRL adoption appears to be sitting on the edge of the chasm between the early adopters, who are tolerant of the issues associated with new technology and are less concerned about near-term Return On Investment (ROI), and the majority of the potential market, who are more sensitive to costs, ROI and ease of use. To help XBRL move over that chasm, our study begins by conducting four focus groups to develop an understanding of the current issues and concerns faced by organisations related to accounting, nancial reporting and auditing. The specic issues and questions regarding XBRL were subsequently summarised and forwarded to selected members of the XBRL community, who were asked to suggest how XBRL addressed those issues, concerns and questions. The ndings are that the XBRL community feels that XBRL technology can fulll the needs of the nancial reporting community and that further awareness within that community is needed before there will be

Correspondence: Glen L. Gray Department of Accounting & Information Systems, College of Business and Economics, California State University, Northridge, Northridge, CA 91330-8372, USA

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

www.palgrave-journals.com/jdg/

Gray and Miller

widespread adoption of XBRL absent a regulatory requirement. These ndings are important essentially to anyone wishing to promote or champion the adoption of XBRL for management and control of internal nancial data and reporting processes. This list should include, but certainly not be limited to: compliance ofcers; accounting and systems auditors, both internal and external; nance and information systems managers; and, systems designers. Although our study reports ways in which XBRL addresses many of the questions, issues and concerns of auditors, researchers may wish to conduct further studies to determine if there are other questions, issues and concerns of auditors that were not found in our study. Or, our ndings could be used for comparison of this topic in other populations such as compliance ofcers and nance managers. Researchers could also study ways to effectively convey our ndings to promote and champion the diffusion of XBRL.

International Journal of Disclosure and Governance (2009) 6, 207223. doi:10.1057/jdg.2009.8; published online 14 May 2009
Keywords: XBRL; diffusion of innovation; technology adoption; nancial reporting; internal controls

INTRODUCTION
The use of nancial reporting data identication technology known as eXtensible Business Reporting Language (XBRL) continues to grow since its public introduction in April 2000. For example, since April 2005, the US Securities and Exchange Commission (SEC) has been encouraging corporations and mutual funds ling nancial reports through its Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system to voluntarily furnish XBRL-related documents as attachments to traditional EDGAR lings. More recently, the SEC has funded a US$54 million project to modernise EDGAR in which XBRL is a key component of this modernisation. A result is that the SEC has begun phasing in a programme requiring that all corporations and mutual funds include XBRL instance documents as part of their EDGAR lings1,2 where all public companies will be required to furnish XBRL documents by 2011. The US Federal Financial Institution Examination Council (FFIEC) completed a $39 million project in October 2005 that required over 8000 banks to submit their quarterly call reports to the FFIEC using XBRL.3 Around the world, stock exchanges, taxing authorities and/or other regulatory agencies in Australia, Belgium, Canada, China, Denmark, France, Germany,

Ireland, Israel, Japan, Korea, Luxembourg, the Netherlands, New Zealand, Norway, Singapore, Spain, Sweden, Thailand and the United Kingdom are requiring organisations that report to them to use XBRL. Clearly, the SEC and FFIEC, along with the many regulatory agencies of other nations, feel that a standardised nancial reporting data format is necessary and that XBRL offers the needed standard. Financial reporting experts have lauded the requirement of collecting ling data in a uniform format in general and the use of XBRL in particular (cf.4,5). XBRL is believed to enhance the search capability of the SECs EDGAR database allowing efcient and effective retrieval and examination of data, thus enabling nancial analysis of registered lers and comparisons between lers within industries.4 Moreover, organisations who have voluntarily adopted XBRL for their lings have found the cost, time and technical prociency thresholds to the adoption to be relatively low.6 According to an SEC survey, the rst-year preparation costs could average $30 K$40 K (with upper bounds of $60 K$82 K), with a signicant drop in the subsequent years.2 Once the nancial data were formatted using XBRL report production costs were reduced with more efcient reporting, information

208

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

XBRL: Solving real-world problems

sharing was improved, and internal controls and regulatory compliance were strengthened.68 Along with issues of monitoring and regulatory compliance, XBRL holds potential benets for those responsible for corporate governance.5,9 Adopting XBRL for internal nancial data affords opportunity to lower corporate risk, increase efciency and transparency and better serve stakeholders and the marketplace.10 Despite the benets of XBRL touted by the SEC and the XBRL community at large, only 137 of the more than 10 000 registrants adopted XBRL ling under the SECs voluntary ling programme (VFP). Of the more than 8000 banks required to le reports in XBRL to the FFEIC, less than 1 per cent have chosen to participate in the SECs VFP. With most new technologies, a chasm frequently exists between early adopters of a new technology and the mainstream market.11 Based on its adoption numbers (that is, the adoption numbers for SECs VFP), XBRL seems to be on the edge of that chasm. The early adopters are willing to try innovations just because they are new. They are less concerned with issues such as cost and Return On Investment (ROI), and whether others are adopting the innovation while they are more willing to deal with the challenging aspects of technology. The mainstream market is more price and ROI sensitive, has a stronger whats-in-it-for-me attitude, and values ease of use and reliability. Plus the any voluntary use of XBRL has an up-hill battle against several mandatory requirements, which, depending on industry, can include mandates, such Sarbanes-Oxley, Health Insurance Portability and Accountability Act, Basel II and payment card industry (PCI) that compete for general and IT resources.12 Moving beyond early adopters to mainstream is going to be a challenge to the XBRL proponents. There are many factors that affect the ready adoption (diffusion) of an innovation such as XBRL. Generally recognised as the preeminent scholar in the diffusion of innovations, Rogers13 has shown that getting an innovation widely adopted is often very difcult. Even when the innovation has obvious

advantages, it may be many years from the time the innovation becomes available until it is widely adopted, if ever. So, a common issue for proponents of a particular innovation is how to speed up the rate of diffusion of the innovation. Diffusion is best understood as a particular form of communication in which participants create and share information in order to reach a mutual understanding relative to the innovation. Therefore, diffusion of the innovation requires that information about the advantages of its adoption be collected and then shared with potential adopters.14 In the case of XBRL, the direct costs, such as acquiring the application software, learning how to use the application and the one-time effort to build the data template, are low,1 but there is no clear indication that this has been well communicated to potential adopters of XBRL.5 There are also more subjective organisational factors that may inhibit diffusion of the innovation even if the objective information of the advantages afforded by the innovation are known.15 Clearly, there is a disconnection between the apparent benets versus the costs of adopting XBRL. There has been little academic research to date specic to the diffusion of XBRL. What research has been done has provided ndings encouraging to those hoping for widespread adoption of XBRL, whereas reinforcing the disappointment that reaching a critical mass of diffusion is far from imminent. Troshani and Rao16 concluded that widespread adoption of XBRL is unlikely without mandates from regulatory bodies. They further suggested that organisations may not be ready to adopt because of limited awareness of benets, functionality and related costs. In a related study, Troshani and Doolin17 found potential adopters of XBRL who have a legitimate basis for adopting nevertheless lacked power and a sense of urgency necessary to signicantly affect diffusion. As a remedy, they suggest instrumental measures such as knowledge building and deployment, subsidy, mobilisation and directives from organisational stakeholders towards

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

209

Gray and Miller

designing proactive solutions that positively affect diffusion. Individuals responsible for corporate governance can inuence the adoption of XBRL as well as have the responsibility for the policies, procedures and practices organisations need covering use of XBRL.10 A common element of these ndings is the importance of the need for stakeholders to develop and accumulate knowledge of the advantages and benets of adopting XBRL, particularly relative to the costs and concerns of its adoption and sharing that information with potential adopters. The outcome of each study is a belief that improved information on the advantages of XBRL, properly communicated will greatly increase its diffusion. The purpose of the research presented in this paper is to contribute to the body of knowledge regarding XBRL relative to the concerns of potential adopters regarding its adoption. Even though the SEC is mandating that XBRL be used for lings, diffusion research suggests that widespread diffusion is not assured beyond the minimum ling requirements.13,16 Assuring widespread adoption of XBRL will depend largely on documenting the applications and advantages offered by XBRL in the required and other domains versus the associated costs and communicating this knowledge to potential adopters.16 In this study, we explore signicant accounting and nancial reporting concerns of organisations and identify how XBRL can help alleviate those concerns. Specically, we endeavour to determine what are the highpriority accounting, nancial reporting and internal audit problems that XBRL potentially addresses that would encourage people to adopt XBRL for their organisations. The remainder of this paper is divided into three major sections. The section Background provides general background information on XBRL technology and the potential drivers of XBRL acceptance. The section Research overview provides an overview of the research. The section Focus Group Summary and XBRL Community Responses summarises the research ndings, including the high-priority

accounting, nancial reporting, and internal auditing issues and concerns suggested by the focus group participants and the corresponding responses from the XBRL community members on how XBRL could directly address those issues.

BACKGROUND
Moving toward critical mass
The diffusion of an innovation such as XBRL can be compared with the diffusion of other technology innovations such as fax machines, barcodes, instant messaging and even the telephone. As with any of these innovations, the more people that adopt the innovation, the more valuable the innovation becomes to each adopter until a critical mass is achieved. At the point of a critical mass there are enough adopters of an innovation that the innovations further rate of adoption becomes self-sustaining.13 But, before a critical mass can be reached, there must be those early-adopter organisations who implement the innovation before there is any clear benet in adopting it. Such early-adopter organisations may adopt the innovation anticipating the rate of adoption will increase to critical mass or when a change agent seeks to persuade an organisation to adopt the innovation. Whichever the case may be, for diffusion of an innovation to occur, information about the innovation needs to be communicated to potential adopters. The information may come from adopters who share their experiences with others or the information may come in a linear fashion from an authoritative agent. In the latter case, the agent can attempt to distribute information about the innovation like the SEC VFP in XBRL or can attempt to persuade the potential adopters through rules or regulations like the new SEC requirement to le using XBRL. The communication of this information then drives the adoption process. Therefore, to understand the diffusion of an innovation (or lack of diffusion) we must rst understand the informational drivers of that innovation. Adoption of XBRL has been

210

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

XBRL: Solving real-world problems

slowly growing on a worldwide basis since its rollout in 2000 but has yet to achieve a critical mass where its continued adoption is self-sustaining. Therefore, to better understand the state of XBRL diffusion, we must explore the informational drivers affecting its adoption. There appears to be several drivers that are contributing to XBRL diffusion moving toward a critical mass, including:

Sarbanes-Oxley. A signicant driver for XBRL has been the unpleasant ndings from organisations Sarbanes-Oxley activities. Management is now far more aware of basic process ow, data and control problems in their organisations. Consequently, management is searching for solutions to improve the efciency and effectiveness of processes and controls, and to reduce the associated costs. XBRL has many features that can help management meet those objectives. For example, implementing XBRL Global Ledger (XBRL GL) at the beginning of the information supply chain gives auditors an efcient means to interrogate detailed transactions, so, the auditor will be able to analyze larger samples and lower the materiality levels, which, in turn, will increase the probability of discovering problems or fraud. Extensible markup language (XML) knowledge. XBRL is an application of XML technology, which is experiencing its own rapid growth in adoption. Organisations already have growing staffs that are knowledgeable of XML, so from a technology perspective, XBRL is more of an evolutionary technology than a revolutionary technology, which should make XBRL adopter easier with a atter learning curve. External recipients. Government regulators, tax agencies, stock exchanges and other recipients of XBRL instance documents are major supporters of XBRL because it can vastly improve their productivity in terms of the initial data collection, manipulation, validation, analysis and reporting.

There also can be a signicant drop in new errors entering the information supply chain because manual data reentry steps are greatly reduced or eliminated. Consequently, more time can be focused on data analysis. This escalating acceptance of XBRL report by third-party recipients has been a worldwide phenomenon. XBRL consortium synergy. There are over 500 (and growing) organisations worldwide that are members of XBRL International. The size and diversity of this membership creates signicant synergy. Many software companies already have or are adding XBRL functionality to their products. Other software companies are developing new XBRL tools for the creation of XBRL instance documents. The XBRL members from the nancial analyst and reporting communities are also developing tools and services around XBRL. The accounting rm members are encouraging their clients to enhance their processes and controls through implementing XBRL technology.

Potential uses of XBRL

The rst meeting of the XBRL Steering Committee was October 1999 and the public roll out of XBRL was April 2000. Since that time, many people have made presentations to a broad diversity of audiences regarding XBRL technology and its applications.18 It is clear from these presentations that there are a wide variety of potential applications of XBRL technology, including those summarised below:

Web-based nancial reporting: most large public companies in countries with active public markets voluntarily post their nancial statements on their websites. In the United States, SEC Regulation FD and Sarbanes-Oxley Section 409 are encouraging companies to do even more with their web-based nancial disclosures. Using XBRL-nancials makes it easier for

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

211

Gray and Miller

investors and other users to download and analyze the nancial information. The new SEC XBRL mandate requires that public companies post their SEC XBRL ling to their own websites. Financial analysis: Banks, creditors and nancial analysts are interested in XBRL as it will signicantly reduce the mechanical aspects of nancial analysis and provide more time for analysis and decision-making. Analysis of nancial data generally involves three tasks: (1) collecting and loading the data into the users analytical software whether spreadsheets or sophisticated analytical tools; (2) using the software to aggregate, disaggregate, clean and re-categorise the original data so it is comparable with other data already collected from other sources; and (3) analyzing the data and making decisions based on that analysis. If the original data are a printed (or human-readable electronic) document (for example, Form 10-K) or in an incompatible format, most of the users time will be spent on the mechanical tasks (1) and (2). XBRL enables the analyst to access nancial data and move the data to the analytical software more quickly, thereby, reducing the time and processing costs for tasks (1) and (2) and allowing more time for task (3), decision-making. Also, the elimination of cutting-and-pasting or manual data reentry greatly reduces the probability of new errors being introduced into the data. Tax and regulatory ling: many government agencies, such as tax and regulatory bodies around the world, have mandated XBRL documents and many others are monitoring these activities and may do likewise. The most signicant announcements in the United States were the SECs voluntary XBRL submissions started in April 2005, the FFIEC $39 million XBRL-based call report modernisation project, which went live in October 2005, and the recent SEC XBRL mandate. Internal reports: The power of XBRL also applies to internal data exchanges and

reports, which are often more detailed, frequent, variable and ad hoc compared to external reports. The efciencies of XBRL are signicant inside the organisation as well as outside the organisation. XBRL was rst viewed as an external nancial reporting tool, but it was also quickly seen as a valuable internal reporting tool. As said before, XBRL GL taxonomy moves XBRL upstream to the transaction level and subsequently allows drilling down from nancial statements to trial balances to underlying transactions. Different XBRL-compatible accounting packages will be able to freely exchange data. Consolidations: XBRL could be used to consolidate accounting information (as well as other information) from disparate systems used by different business units. If each system is XBRL compatible, after a onetime mapping process, consolidating could be automated.

The evolving use of XBRL

Exactly how each organisation implements XBRL will vary widely; XBRL can be implemented incrementally and can coexist with other technologies. For banks in the United States and for organisations in some other countries, their rst use of XBRL was creating XBRL instance documents for mandatory external reports to government regulators and/or stock exchanges. Other organisations may be more likely to use XBRL to exchange data internally; similar to the way Excel is frequently used today. Some XBRL tools are add-ins to Excel, so the environment will be somewhat familiar to rst-time XBRL users. Currently, creating an XBRL instance document is usually a two-step approach where the user will collect data or a report in one format and then use an XBRL tool to create an XBRL instance document. There will probably be a mix of manual and automated tasks involved in mapping the traditional report to the appropriate XBRL tags. However, with companies

212

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

XBRL: Solving real-world problems

such as Great Plains, SAP, Navision, Hyperion and Oracle, building XBRL functionality into their products, producing an XBRL instance document will, in the future, become a onestep process maybe just as simple as a Save As option in the application programme. This will accelerate the creation of an XBRL instance document and reduce human error associated with re-entering data.

Research method
The primary participants in this research study were internal auditors from a variety of organisations, including public and private companies, government agencies and not-for-prot organisations. Internal auditors generally have a very broad understanding of their organisations well beyond just the accounting functions. However, only a very small population of internal auditors (or the general business population, for that matter) is familiar with basic XBRL concepts. As such, it would have been impossible to directly ask internal auditors to discuss potential applications of XBRL. To address this limitation, the multiple-step approach shown in Figure 1 was used. The rst step was to collect and review XBRL literature, which included published papers, XBRL presentations and both public and member-only materials available at the www.xbrl.org website. The second step was to conduct a series of 2-hour focus groups with internal auditors, including volunteers from: 1. 2. 3. 4. San Fernando Valley IIA chapter, Dallas IIA chapter, Hawaii IIA chapter and Los Angeles ISACA chapter.19

RESEARCH OVERVIEW
Motivation and goals
As said before, there is a growing population of successes for XBRL where it has been implemented or will be in the near future. The embracement of XBRL by the SEC and other regulators has the potential to greatly increase the diffusion of XBRL. We can fairly safely presume that nearly all US banks, publicly traded companies and mutual funds will acquire at least a basic awareness and experience with XBRL. Diffusion researchers have shown, however, that such a level of knowledge of an innovation is not sufcient to assure its adoption achieving a critical mass.13 The comparatively low number of adopters of XBRL under the VFP seems to bear this out. Promoting a more widespread adoption of XBRL will likely require the creation, collection and sharing of information on the advantages of adopting XBRL that go beyond the ling requirements imposed on companies. The purpose of this paper is to look at the informational drivers of adoption of XBRL; particularly, we examine drivers stemming from information on the advantages of XBRL beyond that which companies will garner from the mandatory ling rules. The general goals for this research project included: 1. Identifying the most signicant accounting and nancial reporting issues facing a wide variety of enterprises. 2. Identifying how and where XBRL could address those issues.

The primary objective of each focus group was to develop an understanding of the current issues and concerns related to accounting, nancial reporting and auditing that organisations are experiencing. About 90 min of each focus group was dedicated to this rst objective. In the rst round-robin, each auditor was asked to provide an issue or concern that is most challenging or problematic for their organisations controller. Once that discussion subsided with auditors reacting to the other participants suggestions, a second round-robin was started with each auditor asked to provide an issue or concern that is most challenging or problematic for their organisations internal audit operations. During the last 30 min of each focus group, the researcher provided a brief overview of XBRL and the participants were also asked for their specic comments and questions regarding XBRL.

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

213

Gray and Miller

Review XBRL literature

Conduct 4 focus groups

Send comments to XBRL community

Feedback

Synthesize responses

Structure and aggregate information

Summarize findings

Figure 1: Research methodology.

The focus group comments regarding accounting, nancial reporting and auditing, and specic issues and questions regarding XBRL were summarised and forwarded to selected members of the XBRL community. These XBRL community members were asked to suggest how XBRL could directly or indirectly address the issues, concerns and questions suggested by the internal auditors. The nal step was to structure and aggregate all the information collected during the project.

and a synthesis of the corresponding responses from the XBRL community members. The issues and concerns suggested by the internal auditors generally grouped into the following topics:

Sarbanes-Oxley and internal controls; fear of spreadsheets; retrieving and consolidating accounting information; audit tools.

FOCUS GROUP SUMMARY AND XBRL COMMUNITY RESPONSES

This section summarises the comments from the internal auditor focus group participants

In addition to the above topics that surfaced during the focus groups, this section also includes the participants specic questions regarding XBRL from the latter part of the

214

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

XBRL: Solving real-world problems

focus groups and applicable responses from the XBRL community. As the following paragraphs will expand on, the overall concern of the internal auditors could be summarised in the single term data integrity. Worrying about having timely and accurate data so that nancial statements and other business reports can be produced in a timely fashion creates stress for preparers and auditors because they are faced with the overriding question: how do I really know that data I have are accurate and complete? As the following paragraphs illustrate, data integrity is challenged from many different aspects of the organisational environment and XBRL has the potential to improve that environment.

Sarbanes-Oxley and internal controls

Considering the timing of the focus groups, it was not a surprise that Sarbanes-Oxley and internal controls were signicant topics of the focus group discussions, including the following sample of comments

Sarbanes-Oxley was a real eye opener in terms of the state of internal controls over nancial reporting. Non-standardisation of controls was a concern. It was not that the controls were weak or lacking, but the same process in different business units would have a different set of controls. The continuation of the controls was a concern because once the existing controls have been tested and documented, how do you know that those controls are still being used after the testing has been completed? Segregation of duties was an issue in that, partly because of the proliferation of spreadsheets, it is not totally clear who has access to what data. In the IT department there are super-users who raise additional segregation of duties concerns. Segregation of duties is a dynamic issue because segregation of duties could be

appropriate today, but tomorrow, because of personnel or other changes, there could be a conict of duties. Independence and objectively can be an issue, particularly related to management overrides. For example, what if a manager tells a subordinate to do something that violates policies? What if a strong CEO or CFO tries to convince employees or auditors to not report something? The general lack of formal training regarding policies and procedures is a concern. Fraud detection is an issue because fraud detection requires more auditor time and resources. Materiality levels are set too high and samples are too small partly because of budget constraints to detect fraud. Lack of transparency of transactions was an issue, raising questions such as: did the data change? When did the data change? What did it change to? An issue related to legacy systems is that the people who understood the legacy systems are retiring or literally dying off. Yet, companies have no plans to replace those systems. Keeping up with technology changes is a concern, particularly, if there are multiple platforms each of which is changing over time. Sometimes those changes are internally driven (for example, maintenance and upgrade activities) and other times they are external changes (for example, changes to meet a regulatory requirement or software patches and upgrades). The dynamic aspects of businesses can be a challenge to auditors. For example, adding a product or service might result in a change to the general ledger by adding a new account or line item. This would mean that reports based on the general ledger and spreadsheets that use data from this general ledger would have to be modied to reect the GL change. How do you know this was done by everybody affected by the changes?

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

215

Gray and Miller

Who owns the processes and controls? What if nobody will take the ownership? Or what if a person will take ownership of the processes but not the associated controls?

The following is a synthesis of the comments of the XBRL community members regarding XBRLs potential contributions to ameliorating Sarbanes-Oxley and internal control concerns.

XBRL contributions to SarbanesOxley and internal control environment

In response to the above points, the XBRL community members indicated that XBRLs contributions to improving controls and data integrity are both direct and indirect. Although XBRL cannot solve every internal control problem, many aspects of XBRL can improve internal controls. As a reporting tool, XBRL has several built-in controls. First, XBRL software tools will not create an XBRL instance document if it is not XML and XBRL syntactically and semantically correct the software will generate a list of errors instead. In addition, XBRL taxonomies include linkbases that contain business rules, adding another level of validation, and linkbases can move validation to the earlier stages of the organisations internal information supply chain.

Continuous auditing (CA). XBRL supports CA, particularly, at the XBRL GL level. If XBRL instance documents are used as the interface to exchange data between disparate systems inside and outside the organisation, because those interfaces will be standardised and uniform, embedded audit modules (EAMs) can also be standardised and uniform. Therefore, it will be much easier to implement EAMs and CA functionality organisation wide. In addition, it will be easier to ne-tune those uniform EAMs to improve fraud detection and reduce false positives.

Data layer validation. Another important value of linkbases is that the validation is taking place at the data layer instead at the application layer. This means better quality data will be accessed by different applications in the application layer and that the data validation components of each application do not have to be as sophisticated. This data layer validation is a signicant contributor to the productivity increase expected in the FFIECs bank-reporting project, where the time to deliver summary reports based on the individual call reports from over 8000 banks dropped from 60 days to 2 days because the XBRL data goes through an extensive validation process before it is transmitted to the FFIEC.

Does all of this mean that an XBRL instance document will contain no errors? Unfortunately, garbage-in-garbage-out still applies. If somebody accidentally or intentionally posts a transaction incorrectly, that error could move through the information supply chain and the XBRL documentation process. However, as XBRL may result in more nely tuned, standardised controls, it may be more effective and efcient in preventing, capturing, or at least agging errors. Moving XBRL further upstream with XBRL GL level reduces the possibility of errors subsequently creeping back into the information supply chain as data are exchanged from one process to the next. In summary, XBRL promotes standardised data formats and built-in data rules for exchanging data, which, in turn, can promote standardised controls, standardised testing and improved audit processes. Over the long run, standardised testing can mean that the materiality levels can be reduced and larger data samples can be tested for errors and fraud.

Fear of proliferation of spreadsheets

The internal auditors in the focus groups raised many concerns about the proliferation of spreadsheets, including

Current spreadsheets are very complex and, generally, not designed to share data

216

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

XBRL: Solving real-world problems

between separate spreadsheets, which means frequent manual data reentry. The external auditors were not improving managements comfort level with spreadsheets because the auditors do not test all the existing spreadsheets. A frequent concern was that spreadsheets that are now an integral part of the accounting and nancial reporting systems and these in-house developed spreadsheets do not include design or operating documentation. A big concern was how to validate spreadsheets and the source data for those spreadsheets. Another issue was the potentially false sense of security that the data collection are being performed properly because the transfer process has been automated or built into the application (for example, Oracles enterprise resource planning (ERP) system can automatically transfer data into spreadsheets). Another concern was the ongoing maintenance control or the lack there of. For example, what kind of testing is done after changes are implemented into a spreadsheet to ensure that the changes did not create new problems? What about security at the spreadsheet access level and at the data level?

3.

4.

5.

6.

7.

8.

XBRL contributions to alleviating spreadsheet concerns

In response to the above internal auditor comments, one of the XBRL community members said that the issues with spreadsheets can be characterised as 1. The frequent cutting-and-pasting and manual data reentry introduce new errors into the information supply chain. 2. No live links exist from the spreadsheets back to the source data, so it is not clear what the source data were and, if the value of the sources changes, the spreadsheets

that included that data are not automatically updated. Because different people may be extracting the same data, but at different times, there will quickly be a version control problem. Data validations both on incoming data from the source and out going data from the spreadsheet are probably incomplete, undocumented and performed manually. Business rules and analysis formulas are captured in the spreadsheet cells and macros, but different individuals are creating their own idiosyncratic representations of these rules and formulas without collaboration. Spreadsheets are rarely self-documented. For example, a cell might include = (C17/C28), then the person goes to C17 to see what is there and they see = SUM(A6:A10), and so on. Worse yet is to examine a long macro full of cell references with no names or comments. Trying to determine what the cell references and macro are actually doing and whether they are doing it correctly is a major challenge. Is creating and maintaining spreadsheets the best use of a persons time, particularly because accountants and nancial people, generally, have little, if any, formal computer training? Plus the redundancies of individuals independently creating essentially the same spreadsheet signicantly adds to the overall cost of the spreadsheets. The shear number of spreadsheets that exists in organisations means that there are many spreadsheets that are never going to be fully audited. All of those spreadsheets could be part of the Sarbanes-Oxley Sections 302 and 404 internal control domain.

The XBRL community members expressed the view that spreadsheets are NOT going to disappear with the implementation of XBRL. XBRL has superior functionality to act as an intermediary between disparate systems or applications. Eventually, some spreadsheets can be removed from functioning as intermediaries and be replaced by XBRL-based web services

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

217

Gray and Miller

or local applications. With XBRL, the business rules that are currently embedded in spreadsheets and uncontrollable can be incorporated in XBRL taxonomies, thereby, moving business rules from the application layer to the data layer. Applications, such as spreadsheets, will still be needed to manipulate the XBRL instance documents, but the logic and the rules will be standardised and external to the applications, thereby, greatly reducing version control problems and redundancy. In summary, the tight coupling between XBRL instance documents and their taxonomies provides strong error checking and persistent connectivity, which can mean an unbroken audit trail. However, with all that said, spreadsheets will still be an important tool. For example, if a spreadsheet is needed to perform some unique tax calculations, the spreadsheet would rst automatically import the appropriate XBRL instance document, the tax calculations would be performed in the spreadsheet, and then the results could be automatically exported to an XBRL instance document that would, in turn, automatically update the general ledger.

Retrieving and consolidating accounting information

The internal auditors indicated that interfacing and consolidating disparate general ledger packages are ongoing challenges for controller and internal auditors, specically including

Some regulators and taxing authorities have different reporting periods compared to the companys scal year and they will have different denitions (for example, allowable expenses) for line items for their reports. Another concern is mis-posting of accounting transactions. That is, how do you know that all transactions were posted to the appropriate accounts? Disparate systems, dissimilar platforms and software applications that must share, exchange and transfer data contribute heavily to data integrity concerns. Different Generally Accepted Accounting Principles in different countries add to the consolidation problem. Decentralisation of the organisation can be a problem. The highly competitive global marketplace in which most companies must function makes long-range planning very difcult. Many companies now have more integrated business relationships with trading partners and supply chain participants, which have to interact and exchange data. Budget limitations can be a problem. As such, even though management may want to replace or upgrade old systems, they may not have the budget to do that.

XBRL contribution to consolidating accounting data

In response to the above comments, the XBRL community members expressed the belief that one of the core powers of XBRL is acting as a means to support the map-once-use-many exchange of data between disparate internal systems, third-party systems and trading partners and banks. Essentially, once a system is mapped to an XBRL instance document (or if a system automatically produces an XBRL instance document) that instance document becomes the uniform interface to exchange data with the world outside that system. This concept is similar to the traditional electronic

Exchanges between packages under different platforms such as Unix, mainframes and Windows servers were problematic. Proprietary le formats of the third-party packages can also be a problem. Sometimes applications are so dissimilar that the data could be exchanged and aggregated only through manual reentry activities. Ever-changing systems are a concern because even after procedures are in place to perform data exchanges between systems, one or more of the systems will change in a relatively short time frame.

218

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

XBRL: Solving real-world problems

data interchange concept, but XBRL is much more robust.

Auditing tools
Internal auditors in the focus groups did not complain specically about the set of functions built into audit tools such as IDEA and ACL; instead, as the following outline indicates, the concerns related to deciding what functions to use for specic situations and selecting the right data to meet specic testing and auditing objectives.

Each audit tool has a learning curve that must be addressed to ensure that there is somebody on staff who is ready to use the tool when needed. Extracting data is more of a challenge than using the tool itself because organisations have hundreds of data elds distributed among hundreds of database tables located on different computers. False positives can be an issue with audit tools, particularly for very large databases. Some of the auditors came from organisations where auditors were not allowed to create and run their own data extractions. The IT department did the queries because they worried that the auditor would make mistakes that will use excessive computer resources and slow down other processes. With large organisations, part of the problem with data analysis is the sheer volume of data.

or les from the clients native les. Determining the correct elds and tables will still have to be addressed, but once mapped, the XBRL mapping will be the ongoing interface to that data. As XBRL moves upstream with XBRL GL, XBRL will be at the most detailed level allowing for the nest granularity for analysis. Eventually, XBRL could be the native format and the mapping step will no longer be necessary. XBRL will also help address the situation where the IT departments will not let the auditors conduct their own queries. The auditors could work with the IT department to create the mapping between the current systems and the desired XBRL instance documents that will be used by the auditors. This mapping would have to be performed once, but the mapping could then be automated to create revised XBRL instance documents on an as-needed basis. Over time, the XBRL instance documents could become more comprehensive and sophisticated.

XBRL comments and questions

Before each focus group, the internal audit participants were e-mailed some papers and links related to XBRL to review before the focus groups. In the last 30 min of each focus group, participants were asked for their comments and questions regarding XBRL. A summary of these comments and questions were subsequently e-mailed to selected members of the XBRL community to solicit their responses. The following summarise the internal auditors questions and the XBRL community members responses. Question #1: Once the investment community learns that it is easier with XBRL to provide more data quicker with less work, will the investment community (and regulators) start demanding more detailed and expanded data, wiping out any productivity gains? Response #1: Regardless of communication channels, as was seen with Sarbanes-Oxley,

XBRL contribution to audit tools

In terms of helping the auditors audit, the XBRL community members indicated that two important aspects of XBRL are its potential to function as a means to exchange data between applications and its map-once-use-many functionality. Some of the specialised auditing tools, such as ACL and IDEA, are now capable of working directly with XBRL data. The data mapping will have to be performed the rst time to create the XBRL instance documents

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

219

Gray and Miller

Regulation FD and so on, regulators and investors are going to continue to demand more and quicker information from organisations that is given. As such, organisations need to nd the most efcient and effective ways to meet that growing demand. The map-once-usemany, the standardisation of processes and controls, and the built-in validation and controls are some of the aspects of XBRL that will help organisations meet those growing demands. Question #2: Why take the time and effort now to map the current disparate systems to XBRL for consolidation purposes as (1) the company already has something in place for doing consolidations, and (2) if they implement ERP systems in the future, this functionality will be built in? Response #2: This question is an oversimplication of the current situation and the related problems. Although it is true that organisations already have a consolidation process; that process is generally replete with manual steps and weak controls that can be enhanced and made more efcient with XBRL. Also, the idea that an ERP system provides this functionality seems to ignore some of the common problems with data today, such as

Physical relationship between data and analytics with business rules dened at the application layer meaning that several versions of the same business rules can reside in different applications (for example, different accounting systems, different spreadsheets and so on). This leads to version control problems. Poor connectivity to resources across applications. Owing to the poor connectivity and oneway data ow, it is difcult or impossible to follow an audit trail upstream from reports to the original sources. This is a signicant Sarbanes-Oxley issue.

Question #3: Why spend the time and effort now on mapping old systems to XBRL? Why not just wait for the second generation of applications where XBRL is more integrated or native in the software and other applications? Response #3: As with any technology, the issue usually boils down to identifying and quantifying all of the applicable costs and benets. XBRL is not going to be the cost-effective solution in every situation. However, if the benets exceed the costs in a particular situation, then postponing the implementation of XBRL technology means that the net benets are being postponed and lost. XBRL can be implemented incrementally, so it is not an allor-nothing situation. Question #4: Although the cost of disk storage and bandwidth are coming down, there are still some costs associated with XML technologies in terms of larger le sizes. Response #4: Although it is true that XML tags can add signicant overhead to a les size, most XBRL instance documents for nancial reports are still relatively small. As XBRL GL can be used to exchange transaction-level data, those les could become much larger than the XBRL nancial reporting instance documents. Fortunately, with the continuous decrease in

No shared context across applications both within and across enterprises. Labels (eld names and so on) are not consistent across applications no shared denitions. Poor data quality because of little or no independent validation of data as it moves from process to process. One Way data trafc with data moving out of an ERP system for analysis, but it is difcult to put the results back into the ERP system. For example, information for a tax provision analysis will be dropped into Excel, but the resulting answer must be entered back into an ERP via a manual journal entry.

220

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

XBRL: Solving real-world problems

the cost of storage devices, even if the use of XBRL instance documents grows signicantly in an organisation, the storage cost should not become a major issue. Question #5: Currently, the benets of XBRL seems to be to the recipients of XBRL instance documents, but what are the benets to the preparer of this XBRL instance document? Response #5: Most public companies would agree that simply communicating better, faster and more directly with the analysts and capital markets is itself a good thing and there are academic studies to support that opinion. XBRL provides companies with both ways to tell their story and provide their data to the analysts in a format that can easily be consumed by their computer models. In general, from the companys perspective, some of the benets to the preparer are

Response #7: No XBRL les can be digitally signed and made immune to hacking. Openness and commonness are not security risks. Failure to implement proper controls and information security is the root problem. Question #8: It is all well and good that XBRL could be used internally to consolidate accounting data from disparate systems; however, that is a very small population of companies. Response #8: The number of organisations that are candidates for XBRL is larger than it rst appears. There are the non-US based multinationals and the large population of private companies. Any company with a consolidation of two or more accounting systems is a candidate for XBRL consolidation. There is a false assumption that an ERP system standardises information. Putting all of a companys data into one location does not solve the fundamental information problem. Even in a single database you can have disparate data denitions. Question #9: Does XBRL have a very steep learning curve for both the tags and basic XBRL technology? Response #9: There is no denying that XBRL has some complexity. Fortunately, much of the grunt work associated with creating extension taxonomies and XBRL instance documents has been built into a growing population of XBRL software tools.

lower cost of producing information; tell your own story (precise & clear); more timely, accurate, data for decisions; enhanced analytical capabilities; better control environment, which is applicable to both small and large companies; accelerated adoption of reporting model changes.

Question #6: Because of the complexity and size of XBRL les, will it be easier to intentionally hide something or make it harder to nd an error that occurred in the XBRL le? Response #6: As XBRL les are validated and the structural relationships are open, there is much less possibility of this, compared to unvalidated and closed systems, such as text, faxes, CSV les and spreadsheets. Question #7: Because XML/XBRL is an open and a common language, does that make it easier for hackers to hack into these kinds of les?

CONCLUSIONS
The diffusion of an innovation to the point of a critical mass is not assured regardless of any inherent advantages the innovation offers. Such is the case with XBRL. Despite the views of the advantages of XBRL expressed by experts in its implementation and use and embracement of XBRL by the FFIEC and SEC, there has not been widespread adoption by organisations. The research in the diffusion of

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

221

Gray and Miller

innovations tells us that it is also uncertain if the mandated adoption of XBRL will result in its increased use in domains of nancial data not covered in the mandates. To achieve the widespread adoption of XBRL, particularly in these other domains, requires the sharing of information pointing out the advantages it offers. Of course, this information needs to be created and collected before it can be shared. This paper has done this by ascertaining the primary concerns of practitioners regarding nancial data and coupled this with views of experts in how XBRL alleviates those concerns. In particular, this study demonstrates that there are many ways that XBRL directly addresses the high-priority accounting, nancial reporting and auditing issues facing public companies and other organisations. The next step then is to see that this information is shared with potential adopters of XBRL. Practitioners and regulatory agents may share this information directly in hopes that its value will be readily perceived by potential adopters.14 Researchers may expand and elaborate further on this information, creating more information; or, perhaps more importantly, they may explore which avenues of communication are best to share this information. Researchers could also expand on this research to include other stakeholders beyond internal auditors. This study has created information on the advantages the XBRL offers adopters of the innovation associated with high-priority accounting, nancial reporting and auditing within and beyond what has been or will be learned from complying with the mandates. We believe that appropriate communication of this information will help accelerate diffusion of XBRL to the point of critical mass and help cross the chasm from early adopters to the mainstream.

us permission to incorporate selected materials from XBRL: Potential Opportunities and Issues for Internal Auditors for this paper.

REFERENCES AND NOTES

1 Swartz, K. (2008) The SECs IDEA: Replace EDGAR. Information Management Journal 42(6): 13. Securities and Exchange Commission (SEC). (2009) Interactive Data to Improve Financial Reporting, Release no. 339002. This is also commonly referred as the FDIC project. Debreceny, R.S., Chandra, A., Cheh, J.J. and Janvrin, D. (2005) Financial reporting in XBRL on the SECs EDGAR system: A critique and evaluation. Journal for Information Systems 19(2): 191210. Garbellotto, G. (2007) 14th XBRL international conference: An internal perspective. Strategic Finance 88(7): 5758. Stantial, J. (2007) ROI on XBRL. Journal of Accountancy 203(6): 3235. Willis, M. (2003) Corporate reporting enters the Information Age. Regulation 26(3): 5660. Plumlee, D.R. and Plumlee, M.A. (2008) Assurance on XBRL for nancial reporting. Accounting Horizons 22(3): 353368. Premuroso, R.F. and Bhattacharyaa, S. (2008) Do early and voluntary lers of nancial information in XBRL format signal superior corporate governance and operating performance? International Journal of Accounting Information Systems 9(1): 120. Cohen, E.E., Schiavian, T. and Servais, O. (2005) XBRL: The standardised business language for 21st century reporting and governance. International Journal of Disclosure and Governance 2(4): 368394. Moore, G.A. (2002) Crossing the Chasm, Revised edn., New York: Collins Business. Gray, G.L. (2005) XBRL: Potential Opportunities and Issues for Internal Auditors. Altamonte Springs, FL: The Institute of Internal Auditors Research Foundation. Research Report. Rogers, E.M. (2003) Diffusion of Innovations, 5th edn., New York: Free Press/Simon & Schuster.

3 4

6 7

10

11 12

ACKNOWLEDGEMENT
We remain grateful to the IIA Research Foundation for funding this research and for granting

13

222

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

XBRL: Solving real-world problems

14

15

16

17

Swan, J.A. and Newell, S. (1995) The role of professional associations in technology diffusion. Organization Studies 16(5): 847874. Zhu, K., Kraemer, K.L. and Xu, S. (2006) The process of innovation assimilation by rms in different countries: A technology diffusion perspective on e-business. Management Science 52(10): 15571576. Troshani, I. and Rao, S. (2007) Drivers and inhibitors to XBRL adoption: A qualitative approach to build a theory in under-researched areas. International Journal of E-Business Research 3(4): 98111. Troshani, I. and Doolin, B. (2007) Innovation and diffusion: A stakeholder and social

18 19

network view. European Journal of Innovation Management 10(2): 176200. Many of those presentations are available at www.xbrl.org, www.xbrl.us. An ISACA chapter was selected to obtain a more IT-focused perspective, however, the perspectives between the groups did not seem to be materially different. This may reect the self-selected (versus Randomly selected) nature of focus group volunteers. That is, volunteers generally have some interest in the topic. As such, The IIA volunteers probably had some general interest in IT, so they were not that much different than the ISACA volunteers.

2009 Palgrave Macmillan 1741-3591 International Journal of Disclosure and Governance

Vol. 6, 3, 207223

223

Reproduced with permission of the copyright owner. Further reproduction prohibited without permission.