ASSR3. Standardized Evidence: Audit Data Standards, Eric E ...

Standardized Evidence:Audit Data StandardsEric E. CohenCo-founder, XBRLYokohama 7-Nov-2012

AgendaThe evolution of the audit trailThe potential of standardizationAccounting and audit evidential data standardsPractical issues with adopting and leveraging existingstandardsOpportunities and challenges

Helping One or Helping AllIntegrationBookkeeping,write up, taxpreparationInternalauditMonitoringand controlsManagementdashboardTax (direct,indirect),Financialexternal auditExchange with close thirdparties for (limited)external processing

Evolution of the Oxymoronic ElectronicAudit Trail CorporateFirewall

Evolution of the Audit Trail“Evidence provided by original documents is more reliable than evidenceprovided by photocopies or facsimiles, or documents that have been filmed,digitized, or otherwise converted into electronic form, the reliability of whichdepends on the controls over the conversion and maintenance of thosedocuments.” - PCAOB Audit Standard 15 as of October 2012"cloud computing is a model forenabling ubiquitous, convenient, ondemandnetwork access to a sharedpool of configurable computingresources (e.g., networks, servers,storage, applications and services)that can be rapidly provisioned andreleased with minimal managementeffort or service provider interaction.“http://csrc.nist.gov/publications/PubsSPs.html#800-145The main drawback of cloud computingfrom a forensic perspective is that of dataacquisition – knowing exactly where thedata is and actually acquiring the data … itis also difficult if not impossible to maintaina chain of custody relating to theacquisition of the evidence ... as cloudsexist as remote datacenters … castingdoubt over the evidence’s authenticity,integrity and admissibility …

The Potential of StandardizationWithin the scope of the “General Ledger”• Financial Reporter, Trial Balance• VAT detailFurther evidentiary content• Impacting financial statements, tax returns• Other quantitative• Other qualitativeSolutions that both help the external auditor or taxpreparer, AND ALSO can help compensate with a singleinternal representation for data integration,migration, archival and consolidation

10 Forms of Evidentiary “Data”The Way Things Ought To BeReal-TimePolicies/Governance3 rd Party “Extranet”More DataReal Change, Real SoonBusiness RulesMetadataRisks, Controls, TestsAuthorization/AuthenticationDocumentsProcessesMore DataPlaying Catch Up – No less, if no moreData

Electronic Data“Standardized” Electronic Data – format“Standardized” Electronic Data – fields, structureStandardized Electronic Data – XBRL (format)Standardized Electronic Data - FrameworkStandardized Electronic Data – XBRL GL (fields, structure)Standardized Electronic Data – XBRL GL and XBRL GL ProfilesRulesProcessesGRCLaws andpoliciesWorkflow andauthorization

Standards in Auditor Audit TrailSpace• UN/CEFACT EDIFACT (90s-present)– DWG 14/TBG 12/Current Supply Chain– CHACCO, ACCOUNT, BALANCE, etc.– Other document standards• ANSI X.12 Journal Entry• OMG GL, AR/AP• OAG OAGIS enterprise model• OECD Standard Audit File(s): SAF-T, SAF-P• Regional agreements – Dutch Auditfile, Swedish SIE• XBRL Global Ledger Taxonomy FrameworkRelationships他 の 諸 団 体 との 関 係

RegionIndependentSyntaxIndependenceRegulatorIndependentReportingSpecificityRegionSpecificitySyntaxSpecificityRegulatorSpecificityReportingSpecificityPurpose/formSpecificSource systemSpecificPurpose/formIndependentSource systemIndependent

One Representation of Data Withinthe ERP System: Actual/Virtualpurchase ordersPOAP, IMitemsIMbompsales ordersOEAR, IMemployeescustomersvendorsassetsPRARAPFAGENERAL LEDGERREPORTING

Many Views of Data, But Only OneHolistic Reconciliator of DataUSGAAPIFRSXBRLGLTaxMany metadata standardsfor documents; a few forthe Enterprise; XBRL GLunique in concurrent booksfor book-tax, US GAAP-IFRS, etc.Drill downInternalSummarize

From Initial TransactionInvoice #: 10037I N V O I C E May 2, 2013Item Description Qty Extension1078 Blue Widget 200 2,803.781083 Cyan Widget 100 1,402.93Sub-total: 47,592.33Freight:Total: 47,592.33invoice100372013-05-02

Software Supportソフトウェア 会 社 との 関 係

AICPA “Audit Data Standard”• Project page– http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/AuditDataStandardWG.aspx• Exposure draft– http://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/DownloadableDocuments/FINAL%20Audit%20Data%20Standards%20ED.pdf• Overseen by AICPA Assurance Services Executive Committee(ASEC)• Developed by Emerging Assurance Technologies Task Force• Comment period ended Fall 2012

Advent of AICPA “Audit Data Standard”• PwC internal common data format– Based on and inspired by XBRL GL• CAQ format circa 2005• AICPA Audit Data Standard format– Covers in first iteration• General Ledger• Accounts Receivable– Status

Audit Data Standard• General LedgerStandards– GL_Detail– Trial_Balance– Chart_Of_Accounts– Source_Listing– GL Data Profiling Report– GL Questionnaire• Accounts ReceivableStandards– Open_Invoices– AR_Activity– New_Invoices– Customer_Master– Invoice_Type– Payment_TypeFrom Exposure Draft, subject to change

Opportunity: Cataloguing theCompromises

Sample DataCustomer_Account_ID AAA BBB CCCCustomer_Account_NameArnold's Amazing Anteaters Barbara's Bodacious Bouquets Camden Candy CornerCustomer_Physical_Street_Address1 100 Pastoral Lane 25 Main Street, Suite 400 47 Stephenwood StreetCustomer_Physical_Street_Address2Complex IIICustomer_Physical_City Akron Bayonne CamdenCustomer_Physical_State_Province Ohio New Jersey PennsylvaniaCustomer_Physical_ZipPostalCode 12345 65432 19283Customer_Physical_Country United States United States CanadaCustomer_TIN 16-4876544 345-67-8765 AHQISOTDHCVNDJSCustomer_Billing_Address1 100 Pastoral Lane 25 Main Street, Suite 400 BOX 500736Customer_Billing_Address2Customer_Billing_City Akron Bayonne CamdenCustomer_Billing_State_Province Ohio New Jersey PennsylvaniaCustomer_Billing_ZipPostalCode 12345 65432 19200Customer_Billing_Country United States United States CanadaActive_Date Jan-01-2001 Feb-15-2003 Dec-29-2011Inactive_DateDec-30-2011Transaction_Credit_Limit 50000 20000 1Overall_Credit_Limit 100000 25000 5Customer_Terms_Percentage 0.02 0.02 0Customer_Terms_Days 10 15 0Last_Modified_DateDec-29-2011Last_Modified_ByEECUser_ID ABC ABC EECApproved_By EEC EEC RMWEntry_Date Jan-01-2001 Feb-15-2003 Dec-28-2011PrimaryContact_Name Arnold Aultfather Barbara Bodacious Otto WellwoodPrimaryContact_Phone +1-616-234-9090 +44 (0) 234-44-2334 1-800-SWEETEMSPrimaryContactEmail aa@arnoldsamazing.com barbod@bodaciousbarb.com owellwood@camdencandy.comSome content withinsystems must betransformed beforeexporting to ADS (FFand/or XBRL GL)

U+0009Text FormatCustomer_Account_ID Customer_Account_Name Customer_Physical_Street_Address1Customer_Physical_Street_Address2 Customer_Physical_CityCustomer_Physical_State_Province Customer_Physical_ZipPostalCodeCustomer_Physical_Country Customer_TIN Customer_Billing_Address1 Customer_Billing_Address2Customer_Billing_City Customer_Billing_State_Province Customer_Billing_ZipPostalCodeCustomer_Billing_Country Active_Date Inactive_Date Transaction_Credit_LimitOverall_Credit_Limit Customer_Terms_Percentage Customer_Terms_DaysLast_Modified_Date Last_Modified_By User_ID Approved_By Entry_DatePrimaryContact_Name PrimaryContact_Phone PrimaryContactEmailAAA Arnold's Amazing Anteaters 100 Pastoral Lane Akron OH 12345 USA 16-4876544 100 Pastoral Lane Akron OH 12345 USA Jan-01-2001 50000100000 0.02 10 ABC EEC Jan-01-2001 Arnold Aultfather +1-616-234-9090aa@arnoldsamazing.comBBB Barbara's Bodacious Bouquets "25 Main Street, Suite 400" Bayonne NJ 65432 USA345-67-8765 "25 Main Street, Suite 400" Bayonne NJ 65432 USA Feb-15-200320000 25000 0.02 15 ABC EEC Feb-15-2003 Barbara Bodacious +44(0) 234-44-2334 barbod@bodaciousbarb.comCCC Camden Candy Corner 47 Stephenwood Street Complex III Camden PA 19283 CanadaAHQISOTDHCVNDJS BOX 500736 Camden PA 19200 Canada Dec-29-2011Dec-30-2011 1 5 0 0 Dec-29-2011 EEC EEC RMW Dec-28-2011 OttoWellwood 1-800-SWEETEMS owellwood@camdencandy.com

Lossless Transformation

XBRL GL: ADS Customer_Master ProfileABC2003-02-15EEC2500020000BBBBarbara's Bodacious BouquetsCPhysical25 Main Street, Suite 400BayonneNJUSA65432Billing25 Main Street, Suite 400BayonneNJUSA65432

Comparison and Compromise• Compact files versus– Bigger files• Tags, vestigial XBRLcontent, additionalhelpful content– Readability– Extensibility– Flexibility• e.g., comments– Validation• Specificity versus– Reusability– Code reuse– Scalability andcontrollable as scopeincreases; expansionwithout redesign• Others– Versioning– Hierarchical handling– …

Partial AnalysisADS Flat file relies heavily on file naming for major handling issues• Handling– Company identification• Whose data is thi?• File naming vs XBRL/XBRL GLentity information– Content• What data is this?• File naming– Time period• What period is this? Has thecontent been updated?• File naming vs explicitidentification• Handling– Versioning• Validation• Are these the 2012definitions?• File naming (?)convention vsnamespaces and other– Programmatic vs “free”• Extensibility– Text: additional fields at end?

Practical issues• Universal or– Reporting specific• Tax• Financial• Statutory– Regional• Local tax requirements– Fixed Assets» § 179– Payroll– Direct vs Indirect Tax• The Great Reconciler• Generic or– Specific• IdentifierCode +enumeration vs• CustomerCode,VendorCode,EmployeeCode,SalepersonCode …• Consumer burden orProducer burden• Text vs XML vs. XBRL(vs. XBRL GL)

Practical Issues• Language specificity• Region specificity• Explicit connections tofinancial reporting• Accounting: BridgingeBusiness and FinancialReporting会 計 :eビジネスと 財務 報 告 の 橋 渡 し• Minimizing file sizes• Normalized ormonolithic–Master filechanges–Transactionaldifferences

Opportunities and Challenges• Harmonization andlossless transformation• Organic but formalgrowth• NIH• Fragmentation andvendor support• Syntax-dependency in achanging worldXBRL GL as a BridgeブリッジとしてのXBRL GLIs a small tab a “tablet”?If you sign a tab, is it “tablature”?

Thank You!ありがとうごいざいました!

Continuing the DiscussionA matter of perspectiveCall to Actionこれから 何 をなすべきか