17 December 2009

The Logic of the Logical Cave Wall (iXBRL)


Summary



XBRL (eXtensible Business Reporting Language) started life as a dream of freeing information from the tyranny of the logical cave wall, also known as the printed page or computer screen. Now we discover that the information is going to be read by humans after all, so lets make a logical cave wall version of XBRL.


Um, isn't this where we started from, and if so, why not just stick with something simple like, oh, XML, CSV, PDF, Word, or even a web-based form? Because iXBRL will merge the benefits of the logical cave wall while also freeing the information.
 


A dash through history
 

Once upon a time there was a cave wall. Someone drew a picture on that wall. The picture said “There are deer here, cows there, other people (competitors) over there”. So business reporting began.
 

Then humans discovered mud (well, at least for "writing"), and suddenly we could make business reports on mud tablets, dry them in the sun or fire them, and store them in our library. Much of what we have learned about Ur, Ebla and other ancient cities has come from their mud libraries, which were preserved when the libraries were burned, either accidentally or as the result of conflict and invasion. In the case of Ebla, more than 15,000 cuneiform tablets were preserved when the library was burned. These tablets include some of the earliest references to biblical figures and places, provides us with names of cities yet to be discovered, and histories and relationships long lost. Just read this, it’s fascinating.



Okay, I admit I cannot read it either, but if you look very closely, you can probably see the "angle brackets".

But lets move quickly forward in time - past papyrus, velum, then paper, and finally, to the computer screen and the high volume printer. Suddenly we have the opportunity to decouple each word, each concept, from the cave wall, or the mud tablet, or even the printed page.
 

Fantastic, if words and concepts are no longer tied to the page (or logical cave wall) then we can have the computer create the words - we'll start calling it 'data' here - and pass that data to other computers to read and use on our behalf.

But XBRL is just data
 

Enter XBRL, and the crowd goes wild!
 

For too long have we manually entered or computationally created data, printed that data, and then re-keyed or recreated that data in another system, putting human error right in the middle of our carefully conceived plans.
 

With XBRL, we can truly make the human interface redundant. We can create the data in any system we want to, provide that data to "the world" or any subset of “the world” we want to, and have the receiver automatically consume that data into their computer, producing content for decision making - wait for it - printed reports for humans to read. Printed in this context of course meaning anything from a cave wall to a computer screen to an actual printed piece of paper.
 

And here is the most important point, XBRL is data. It is data decoupled from the tyranny of the cave wall, freed from human error, and severed from the need for the human eye to provide the final quality control or audit check of the data.
 

But no one can read data
 

Okay, so we've made the great move. We are now data-centric. The cave wall is done, history, finished - efficiency is in front of us all the way.
 

So, just to remind you, you are sitting in front of your logical cave wall right now, reading what I've painted on that wall.


So now read this:




Okay, I admit it, I can’t really read this either.

Good isn't it. All that data. All that meaning, from computer to computer. We've cut out the person. No errors, fast, but with one small problem; people cannot read data. 


And in the end, if it does not pass the eyeballs test (actually, the brain behind the eyeballs, but lets not be picky), how can we give assurance that all that data is really what we thought it should be. Because assurance, whether by the creator of the data or by an external party, is based on human eyeballs looking at the information and interpreting that information through analysis and comparison with what the reading eyeballs think the information should be.


Lets make "readable" data


The answer - "readable" data, also known as "Inline XBRL" or iXBRL.


The idea is to create a standard that allows XBRL data to be imbedded into an HTML stream such that the HTML page can be displayed with the XBRL data. The XBRL data can then be extracted by the receiving computer(s) and the HTML stripped, leaving the XBRL ready to be stripped of the XBRL and imported into the receiving system. 


Well, I guess it makes sense


Being able to actually see (understandably) what is in an XBRL instance document is important. We use to assume that the software vendors would fill the gap with tools for easy viewing, and in particular that Microsoft would actually build XBRL into its product suite. Maybe they have and will.


But the software vendors simply have not stepped up to the plate adequately to enable ubiquitous and simple viewing of XBRL.


So consumers of XBRL, in particular HMRC (HM Revenue and Customs) in the UK have decided that Human Readable XBRL (iXBRL) is what must be provided, not XBRL. In order to enable this, the "Inline XBRL" specification has recently been approved.


The Cave Wall "wins"


Which brings us right back to the cave call, or the cuneiform tablet. Humans needs to see, with their eyes, the information that is being provided. XBRL is the answer for computer created for computer consumed information, provided there remains the ability to paint a picture on the cave wall.
iXBRL provides XBRL's logical cave wall.


But does that then undermine vendors efforts to actually create XBRL viewer software. I don't think so. Vendors will build applications to meet business needs, and the ability create a logical cave wall version of the information contained in XBRL instance document will not go away.



In addition, iXBRL does at least provide a recognition that the logical cave wall remains a critical part of the business reporting environment. Will iXBRL help expand the range of use-cases for XBRL? Quite possibly, by providing the logical cave wall integrating separable, non-human consumption of the data.






13 December 2009

Santa Enterprises, Corporate Social Responsiblity (CSR) Report Review


Santa Enterprises, CSR Report Review

Have you ever had that horrible moment when you've hit the "send" button on an e-mail, and you realize that you've just sent something to the wrong person? Not only to the wrong person, but something that really should never see the light of day. Last week we received such an e-mail, completely by mistake. Of course, the bottom of the e-mail had the usual "if you are not the intended recipient" stuff, but in light of the attachment, we thought we would share it with you anyway.

It appears to be a pre-first draft of the "Santa Enterprises Corporate Social Responsibility assurance report". We won't mention the name of the advisers/auditors, but suffice to say this came to us from a reputable firm. They know who they are, so we'll leave it at that.

I’ve gone through and removed the names of the actual individuals and replace the actual names with “(name removed)” for confidentiality. Also, the reviewers text was highlighted, so I've left their highlighting.


So here, reproduced in full for your seasonal enjoyment, is the pre-first draft of the CRS assurance report for Santa Enterprises:




Report Introduction

-- Note to (name removed) --

Insert the usual "stuff" here. I think we have some other reports that we can steal from. Usual stuff - importance of CSR reporting, sustainability, etc. No one will notice that it looks like every other report.

-- Note to (other name removed) specifically --

(Name removed), this time at least remember to change the name of the client. The "Baby Seal-Skin Cigar Case Company" might also be located in the far north, but I'd rather we didn't have that kind of mistake again. I really do not want to be called on the carpet (or snow) again.


Organization overview

Santa Enterprises is a multi-national, family run business, with one of the greatest brands and customer bases in the world. Santa Enterprises is proud of its long tradition of same-day delivery to all customers around the world, although this requirement for same-day deliver, one day of the year, does impose a certain level of stress leading up to that day. On the other hand, the company is (internally anyway) famous for its "after Christmas" party.

Santa Enterprises has one of the world’s most extensive supply chains, with suppliers around the world delivering the widest possible range of products for distribution. In the past this has opened the company to criticism of suppliers' business practices, but an assertive PR program has, in the vast majority of cased, shielded the company from any direct negative PR. Allocation of blame on suppliers has been a key method of ensuring the purity of the brand (**Partner's comment: You might want to reword that.**)

The centralization of distribution and management of final quality assurance and preparation by the Elf workforce is also a hallmark of the company. In fact, the intergenerational support of the Elf workforce is a significant contributor to the ongoing value of the brand. This workforce loyalty also enables Santa Enterprises to keep its labor costs low, while at the same time continuing to provide a great work environment for that specific workforce.

Equally, the seasonal nature of the business has ensured that the company has been able to use the "non-Busy Season" in the early part of the year to review processes, introduce new products, and to experiment with alternative go to market strategies. We note that in the antipodes (Australia and New Zealand in particular) the "Christmas in June" program has met with some limited success.

Work performed

(Provider name removed) has been engaged by Santa Enterprises to review and provide an independent report on the company's CSR report. Our report covers the years (removed) to (removed), and focuses specifically on Santa Enterprises.

As in previous years we evaluated Santa Enterprises’ progress against targets based on the following:

  • Documented evidence relating to the period stated above, verifying the extent to which actions undertaken by Santa Enterprises led to the achievement of targets. This evidence included internal and external communications, management reports and analysis of data from key performance indicators
  • A series of one-to-one meetings and telephone conversations with individuals responsible for creation of Santa Enterprises’ corporate responsibility report.
  • We have also considered the structure and content of your GRI G3 Index.

Certain areas were, as in the past, specifically excluded from our review and assurance. These include:

  • External suppliers. Santa Enterprises makes extensive use of external partners in the supply chain for the creation and deliver of specific products and services. As these are not under the control of Santa Enterprises management, they are again excluded from this report.
  • Estimated Carbon Footprint. While Santa Enterprises is fundamentally a distribution company, the carbon footprint has been excluded. Santa Enterprises expects to include this in reporting as soon as there is a mandatory reporting of carbon emissions. Santa Enterprises does not participate in the Carbon Disclosure Project. (**Partner comment: You might want to delete this text. Check with client. **)

Standards applied

As in previous reviews, we applied both the AA1000AS (revised) standard, and the ISEA3000 standard for the review of non-financial information, and all work was perform in accordance with the spcific Agreed Upon Procedures document agreed by both parties. We note that Santa Enterprises has elected to retain the report for internal use only.

Our Opinion

-- Note to (name removed) --

Insert the usual "stuff" here. I think we have some other reports that we can steal from. Usual stuff - "fair and accurate", negative assurance (to cover our backs - we didn't get paid enough to do a really detailed review, besides, He won't let us near the Elves, so negative is the only assurance we can give, not to mention the dreadful state of their records...).  And let’s face it, we can’t very well say “listen, your main brand is an obese guy in red pajamas, who is to cookies what the Marlboro Man is to smoking.”


Key findings and Observations

Carbon intensive

Santa Enterprises, through its centralization of all product distribution from the North Pole, and the requirement to gather all product at that one location, is running an excessively carbon intensive business, in respect of transportation related carbon.

Centralized distribution

The current process of central distribution, as noted in previous reports, does add overhead in the need first to gather all products in one location, then to perform a single massive distribution event. Distributed distribution centers might reduce costs, reduce waste, and certainly reduce carbon emissions.

"The List"

This is another fine perennial item in our reports. We continue to stress that “Naught and Nice” list could cause some serious problems. We remain concerned because:


  • Naughty and Nice would appear to have too many alternative interpretations
  • This sounds just a little too similar to a Ricahrd Nixon “Enemies List”.

We also remain skeptical as the effectiveness of the risk assessment processed used to determine placement on either Naughty or the Nice list. Documentation of the criteria for inclusion on either list may be helpful.

Recycling

One consistent complaint from stakeholder interviewees is that the amount of packaging seems excessive, and that there appears to be no recycling program in place. We heard from a number of stakeholders that they would welcome being able to provide the packaging for pickup the following day. All those boxes and wrapping paper. One helpful stakeholder even suggested a name – “Boxing Day”. We’re not sure how well this would work, but we recommend Santa Enterprises explore a recycling and waste reduction program.

Sustainable sourcing

Sustainable sourcing or resources used remains an area of potential improvement. Certainly progress has been made, and we would suggest that Santa Enterprises might be able to further improve the brand through publicity of such sourcing.

Employee relations

The centralization of some production at the North Pole does create something of a captive workforce, and undermines the ability, should they so desire, for Elf collective bargaining. While not suggesting a relocation, it may be appropriate to leverage the existing supply chain, providing secondment of Elves to the factories in China (and other countries) and secondment of workers and management in such factories to the North Pole. Such secondment should also have the side benefit of improved sharing of management practices and efficiencies in operational practice.

Danger of "Elf Labor" accusations

Unfortunately we were unable to speak with any of the Elves, or to actually see and review the ER (Elf Resources) records. When we combine this is the general height of Elves, there is the risk that Santa Enterprises could be leaving itself open to accusations of "Child-Elf Labor" practices. We recommend that subsequent reviewers be provided with access to ER records for verification.

Stakeholder engagement

All reviewers were in agreement as to the very extensive and impressive stakeholder engagement processes in place. The "Letters to Santa" program and the "Mall Santas" are both highly effective at engaging the very wide stakeholder communities.


  • "Letters to Santa": This clearly is one of the greatest and longest running examples of stakeholder engagement, in terms of both feedback on prior year performance, and on clear expectation setting on the part of the stakeholder community. We would caution, however, that the actual range of stakeholders participating in the program is somewhat narrow. Perhaps the program could be widened to include others in the wider Santa Enterprises stakeholder community such as parents, suppliers, Elves, local regulators and community leaders - the Archbishop of Canterbury comes to mind).
  • "Mall Santas": Again, one of the great stakeholder engagement programs. We note also that this program has been growing internationally, with Mall Santas being seen in Canada, the United Kingdom, parts of Europe, and moving into Asia.  The feedback provided by this program is invaluable to Santa Enterprises, as demonstrated by the year on year continued popularity of the program. Greater care might be taken in some cases in selection of actual event moderators.

Recommendations

Finally, our recommendations to the management of Santa Enterprises remains the same as in previous years - there are a number of individual actions that could be taken, but generally we would say: "Don't Change a Thing. Your Stakeholders Love you, and the service is great".




So with that let me end this post, and wish everyone a wonderful holiday season. Certainly there will be more articles between now and the year end, covering the usual range of topics, so keep coming back.

Cheers,
Dan


09 December 2009

The EPA makes its move, SEC next? Implications?


The EPA makes its move, SEC next? Implications?

First things First - I'm ignoring Copenhagen; It's a talk fest with the real work either already done, or still to come.

The news from the EPA really couldn't be better, and the timing is just right. The EPA issues their finding that CO2 is dangerous. This allows the EPA (Environmental Protection Agency) in the United States to create regulations for allowable CO2 emissions, if necessary bypassing congress. The Clear Air Act was specifically designed to allow the EPA to regulate in situations where the politics of the issue would otherwise stop progress.


So what are the implications for the accounting firms? There definitely will be winners and losers.


First, the EPA:


First, here are some links - a Wall Street Journal article, and to two from the EPA.

WSJ Article

This is also especially important as it signals that the official policy of the United States government, post Bush years, is that Climate Change is real, and that it will have a significant negative impact on people.


In the WSJ article there is the following paragraph:


The EPA's finding "could result in a top-down command-and-control regime that will choke off growth by adding new mandates to virtually every major construction and renovation project," U.S. Chamber of Commerce President Thomas Donohue said earlier in a statement. "The devil will be in the details, and we look forward to working with the government to ensure we don't stifle our economic recovery," he said, noting that the group supports federal legislation.


I suspect that this quote could apply to almost anything that the EPA or any arm of government might do to help protect the widest range of people. In fact, I expect the very same opening quote could have been used against the introduction of standards for scaffolding on building sites, air quality internal to building (Legionnaires' disease anyone?) or even to power stations and acid rain (well, they are Canadian trees after all, so why impose costs on American business to protect Canadian trees?).


Now the SEC:


The timing reinforces my prediction that we will also see mandated CSR/ESG (Corporate Social Responsibility / Environmental, Social and Governance) reporting by the SEC in the near future. 


Of course, the SEC may choose to focus specifically on a standard such as CDP (Carbon Disclosure Project) which very specifically requests companies to measure, monitor and disclose the carbon (and other greenhouse gas) emissions.


The "softer" standards such as the GRI (Global Reporting Initiative) might have to wait, as there is yet to be a finding that oppressing labor in the developing world is harmful to American citizens. So that facet of CSR/ESG reporting might have to wait, but I hope not.


But wait, there's more - The Accounting Firms:


The accounting and auditing profession could find itself right back in the "good old SOX days". There simply are not the trained or experienced resources to provide assurance over such reports, certainly not if mandated by the SEC. We could find the accounting firms building their practices rapidly.


The Winners:


The winners in the accounting profession will be the firms that:


1. Have built strong CSR practices. They will have the resources to "loan" to the audit side of the house when it comes to audit season.
2. Those firms with a "global reach" provided they also have established CSR practices or networks.
3. The smaller assurance shops, if they find a firm for alignment.



The Losers:


1. Firms that fail to see this coming, or reject CSR as an unimportant policy issue will find that they do not have the skills or experience to enter the market effectively. The well established firms could "pick off" the juiciest clients.
2. Regional or national firms that do not build their global networks of potential providers, regardless of brand or badge on the door.
3. Any firm that takes an existing standard, turns it into a questionnaire, and "forgets" to cite the copyright of the actual standard (I've actually seen that done, taking the GRI's G3 and turning it into a questionnaire with zero attribution).

06 December 2009

When will the SEC mandate CSR/ESG reporting?

Summary

Climate Change is real, and only a strange fringe continues to think that it will not have a direct impact on corporate performance. Potential impacts on corporate performance, good and bad, must be reported by US listed companies to ensure that investors can include that information in their investment decision making.

Current SEC reporting requirements already provide the framework for CSR (Corporate Social Responsibility) or ESG (Environmental, Social and Governance) reporting. These rules need to be confirmed by the SEC. Hopefully the SEC will provide interpretation that will demonstrate that avoidance of reporting of these issues is no longer an option. And where the SEC leads, other regulators will follow.

In addition to mandating CSR/ESG reporting, the SEC should also expand the scope of XBRL reporting to include the MD&A, the specific area of existing reporting that would logically include CSR/ESG information. Of course, existing taxonomies are inadequate, but that too can and should be solved.

Already Required

I focus on the SEC (Securities and Exchange Commission) in the United States not because other regulators are not requiring CSR / ESG reporting, but because most other reporting requirements fall far short of what the SEC is able to require, and does require already for all other areas of corporate reporting.

It is my contention that CSR/ESG reporting, and specifically reporting about the potential impact of Climate Change, is already mandated by the SEC for the MD&A (Management Discussion and Analysis) as specified in Reg S-K, section 303.

Doctors can, and perhaps should, prescribe SEC regulations for patients with serious insomnia. But for the sake of this discussion, here is a link to the relevant extract from the SEC's Reg S-K. You can skip it if you want, but the underlined sections matter in this case.

Known Trend? Uncertainty?

In the regulation above, there are two phrases that matter:

  • Known Trend
  • Uncertainty

Climate Change as a Known Trend:

Now we get to the heart of the matter. Scientists, the IPCC, and dare I say it, government officials and politicians around the world agree that Climate Change is happening, they disagree on the speed or impact. Does this make Climate Change a "Known Trend"? Certainly it is to the IPCC and the its authors. Equally, it clearly is a known trend to the wider scientific community studying the ice caps, retreating glaciers, and dare I say it, to the cabinet of the Maldives Islands in the Indian Ocean, who recently held a cabinet meeting under water to highlight their own concerns that their country will be swamped due to sea level rises (but maybe that was a publicity stunt from a country that lives on its tourist trade).

So to a significant and growing number of individuals, organizations, communities and governments including the United States government, Climate Change is a "Known Trend". And if it is a known trend, companies must report on the potential impact this may have.

Climate Change as an Uncertainty:

But wait, you say, what about the recent noise about the release of e-mails indicating the possibility of scientific fraud? What if the Climate Sceptics are right? What if this is all a big hoax or a mistake?

There are certainly many individuals who do not accept the idea that 1) Climate Change is happening or 2) that it is in part being caused by human activity. Good for them. It is important that there be contrary opinions and voices, to ensure that ideas are fully explored from all angles.

Not accepting the idea that Climate Change is happening do not make it so - it makes it an "uncertainty", and therefore is subject to reporting requirements, even if the company simply reports "We have reviewed the materials available, and do not accept the idea that Climate Change is happening. Therefore we do not expect it to have any impact on our liquidity or operations."

Is Climate Change the new Y2K?

Y2K was a special event, with a clearly defined period in which the potential impact would occur. Is Climate Change the new Y2K?

Yes and No.

Yes, Climate Change is the new Y2K in that there is a growing consensus of potential impacts, remediation activity, and time horizons. There are also specific actions that can be taken by companies to limit the potential impacts on their business activity due to Climate Change (not least being impact on operations of legislation or regulation).

No. Y2K was defined by a very specific event and the immediate time periods around that event, and risk assessments and planning could be completed, remediation put in place, to address risks specific to the event and time period. Climate Change has the potential to have a far wider range of impacts over an undefined range of time.

But:

Y2K does provide a framework for mandating reporting. The SEC required companies to discuss the potential impact of Y2K, with boilerplate responses being specifically forbidden. The SEC could, in light of existing Reg S-K reporting requirements, determine Climate Change to be a "known trend or uncertainty" or sufficient magnitude to required comment in the MD&A - Boiler Plate responses again being forbidden.

When?

The change of administration and the appointment of a new Chairman of the SEC opened a window of opportunity for communication with the SEC on matters of reporting. And organizations have been taking advantage of that opportunity.

Earlier this year, the SIF (Social Investment Forum) met with and wrote to the SEC recommending the introduction of requirements for regulated companies to report on CSR/ESG issues in their regulatory filings. A copy of the SIF letter can be found here. Read my supporting letter here.

Pressure is mounting, with organizations such as CALPERS, the GRI and others also communicating directly with the SEC advocating for CSR/ESG reporting.

So the SEC is hearing the message, and there is a returning trickle of information suggesting that the SEC is beginning to move.

When exactly will be SEC move? I do not know.

Prediction:

Over two years ago I predicted that a new administration would require CSR/ESG reporting by companies. I suggested that it would take place in the first or second year of the new administration, regardless of who the candidates were or who won. I stand by that prediction, even though the first year of the new administration is rapidly coming to a close.

While the number of registrants mentioning "Climate Change" or "Global Warming" has more than doubled between 2007 and 2009, the number is still well under 10% (due to double counting where both are mentioned). In 2007, approximately 380 registrants included the words "Climate Change" or "Global Warming" in their 10K filings with the SEC, and a further 80 registrants include those phrases in their 20-Fs. For calendar 2009, the numbers are 648 and 335 respectively.

So my revised prediction is:

We will see, within the next year, and very possibly with the next months, a mandate form the SEC for CSR/ESG reporting.
  • Mandated CSR/ESG reporting will be required for 10-K and 20-F filings for years ending 31 December 2010. This means 10-Ks/20-Fs filed with the SEC in early 2011.
  • While not audited, auditors will have a requirement (as they do today) to read the information provided and determine that nothing written in any way contradicts or disagrees with information provided the audited financial statements.

Specific Recommendations:


  1. The SEC should release an interpretation as soon as possible clarifying and confirming that Climate Change rises to the standard of a Known Trend or Uncertainty for MD&A reporting.
  2. The SEC should carefully consider which, if any, existing CSR/ESG standard to suggest or recommend. Each standard has its strengths and weaknesses.
  3. Currently there is no requirement for the MD&A section of SEC reports to be tagged in the XBRL format. This should be changed with a requirement for the MD&A (and the included CSR/ESG information) to be tagged and included in the XBRL versions of reports.
  4. Other securities regulators should release interpretations supporting and requiring companies under their jurisdictions to provide comparable reporting.
  5. Listed companies should actively prepare themselves for mandated CSR/ESG reporting to the SEC, probably with a mandate to report in their 2010 year end 10-Ks or 20-Fs.

    01 December 2009

    XBRL - the One True Standard?

    Summary

    XBRL (eXtensible Business Reporting Language) is the One True Standard for business reporting; or is it? It is long past time for the XBRL community to be considering what are the situations where XBRL will make a qualitative difference in business reporting, and stop declaring that every reporting problem can be solved if only it was XBRL’ized.

    Two hypotheses:

    For sake of argument lets start with two potential hypotheses:


    1. XBRL is the standard for business reporting from creation of any individual concept of business information through to the reporting and consumption of that individual or aggregated piece or pieces of business information - that XBRL satisfies and is the most effective standard for all points along business reporting supply chain.
    2. XBRL is a specialized standard that can and should be used for specific applications and situations where the use of taxonomies and the complexity of XBRL will solve business reporting issues.

    Unfortunately sometimes questioning the first statement is not welcome. Yet accepting it leads to some pretty interesting ideas of what XBRL can do or where it should applied.

    The first hypotheses is difficult to support in a world where software vendors, accounting firms, individual companies and standards setters have yet to fully embrace and build the standard into their core products and services. After all, belief in the efficiency of markets would suggest that something as obviously beneficial as XBRL should have been fully embraced and implemented by markets years ago. Yet we still require the support of regulators to create demand and products.

    In every case where XBRL has been voluntary, where companies have had to make an investment or expenditure decision, participation rates have been, well, unimpressive. This does not in any way disprove the value of XBRL, but it does indicate that in its first decade, the value proposition for individual companies required to make an expenditure decision has been inadequate to propel XBRL into ubiquity.

    And companies will not "just realize the benefits and implement XBRL", which has been said to me a number of times. People and companies do not work that way. If they did, "we would all just realize [...fill in the blank...]" and we would actually have World Peace.

    Does this mean then that XBRL is not an effective standard for efficient and effective business communication? Absolutely not. From my perspective it simply demonstrates that XBRL is not a panacea, and that we need as a community to be supporting the most effective use-cases, and promoting the value proposition to investors and decision-makers associated with those use-cases.

    Taxonomies are Very Expensive:

    We must also remember that every implementation of XBRL will require a taxonomy, and taxonomies are not cheap. When I asked the XBRL US Domain Working Group in 2006 to tell the Steering Committee how much was needed to develop the US GAAP taxonomy, I was told $3 million. I asked for a justification of that, saying “I can spend $3 million, but what would it be spent on?” The Domain Working Group came back with a plan, and I took that plan to Washington. I said, “Okay, realistically we might need more like $4.5 million”.

    In the end, the numbers that I have heard for the actual cost of the US GAAP Taxonomy range between $12 and $18 million. That is 4 to 6 times the Domain Working Group’s estimate, and these were the taxonomy development experts. Even the higher number ($4.5 million) was low by 3 to 5 times.

    The costs of the NTP (Netherlands Taxonomy Project) are not public, but also probably significant exceed common assumptions. It certainly took longer than expected.

    The FDIC, one of the most successful XBRL projects to date, imposed a one-year postponement on their go-live date to ensure everything had been adequately tested.

    So every time someone suggests that “this is a great application for XBRL”, consider the cost and time, and ask them who will fund the taxonomy development.

    Some examples of XBRL for Everything:

    Over the years there have been some interesting suggested use-cases for XBRL. I think my favorite was from earlier this year, when it was suggested that XBRL tagging of information in containers could be used to help thwart Somali pirates. If you take a look at this site (http://www.marinetraffic.com/ais/), you'll see where a huge number of ships are at any moment in time. Notably missing is any information from the Arabian Sea and Indian Ocean. My guess is that ships passing through this area do not want their location known, and they certainly do not want to broadcast their cargo to pirates or land-based handlers of the pirates.

    Another is the idea, long held and promoted, that XBRL can be used to at or near the transaction level. Of course, this potential use-case is strongly defended in the XBRL community, because to fail to support this use-case would be a de-facto acknowledgement that XBRL is not the right answer to every question. When you are a hammer, everything looks like a nail. Now, I know that saying this will result either in angry responses, or pouting grumpiness from a few proponents of the concept of XBRL-GL. Get over it. XBRL as an international organization has paid lip-service to XBRL-GL for a decade, yet not a single ERP vendor of any market size has indicated any intention to implement (if any have, the XBRL world certainly is keeping quiet about it). If any smaller ERP vendor has indicated such an intent, we as a community have not made enough noise about that.

    Today, to accomplish the dream of using XBRL-GL for internal (and external) audit analytics, the user must first convert the data into XBRL- GL, or import into an analytic tool that supports XBRL-GL. How much easier to simply import the data based on the file formats provided by IT or by the client.

    So the alternatives are?

    XBRL proves itself most valuable as a boundary standard, where multiple reporting entities need to provide information to a common consumer or consumers of that information.

    The FDIC provides a great example XBRL as an optimal standard for data collection. The FDIC collects quarterly "Call Reports" from approximately 8000 (and falling) banks in the United States. In October 2005 the FDIC went live with their XBRL enabled CDR (Central Data Repository) system. The software vendors who provide the front end software used by banks to create "Call Reports" were required to build the FDIC's taxonomy into their applications, and to use the XBRL to pre-validate the information provided by the banks.

    The FDIC was able to use this improved process to dramatically reduce the numbers of errors, and to increase the numbers of banks per FDIC analyst. The FDIC has gained significant efficiency benefits from their XBRL implementation. In this case, XBRL is being used very specifically to enable a many-to-one boundary reporting process and content improvement.

    The FDIC provides access to the collected information in three formats, each of which contains the same data.  Downstream consumers of the information may take XBRL, SDF (Structured Data Format - basically a CSV/flat file) or human readable PDF files from the FDIC.

    IRA (Institutional Risk Analytics) is a user of FDIC data. IRA performs analysis of banks and runs its own "stress tests", and provides a score for each bank, along with comprehensive analysis driven by their models. IRAs banking data is used by a number of significant entities to analyse bank performance, and by a very large number of individuals who purchase IRAs reports on their individual banks.

    Here's the rub - IRA does not use the FDIC's XBRL feed. I talked with Dennis Santiago, CEO of IRA, about his data choices. He sad to me "Dan, why would I make a choice to spend more programmer time and company money on a complex standard when I can get the data as a flat file and directly import and use that data. It does not make economic sense for me to use the XBRL. I know that data in the flat file will be as clean as the XBRL; it comes from the same source."

    "We tried taking the XBRL, but we just had to spend too much effort stripping it back to flat files so that we could run computations and analysis against the data. We were already, and still are taking flat files from other data providers. Taking the flat files from a trusted entity dramatically speeds up our processing, reduces our storage, and has zero negative impact on the quality of our product. If anything, attempting to remain current with an ever evolving taxonomy imposes simply too high a price on our business."

    Recommendations:

    XBRL is a standard, it is not a hammer. We need to stop looking at every situation as a nail.


    • There are plenty of valid examples of reporting situations for which XBRL is the perfect answer. And while some might not be terribly happy about it, the iXBRL requirement from HMRC is probably one of those examples. XII and the jurisdictions should be looking for such projects and programs.
    • The SEC should consider following the FDIC's example, and provide multiple formats to consumers of the XBRL data is provided by filers. Is there a more "trusted" or "trustable" entity then the SEC for data? In which case, a "flat file" from the SEC in a defined format should work wonders for a large number of users of that information, and like IRA, they may be able to make quicker, more efficient use of that data available from the SEC.
    • XII should, through its working groups, develop a model for the effective estimation of the true costs and time required to develop a taxonomy that can then be used as input for projects considering an XBRL solution.

    15 November 2009

    Where are the XBRL experts?

    Summary:

    The current population of XBRL experts is inadequate to propel XBRL from being a niche standard into the global, ubiquitous standard for business reporting. In addition, there does not appear to be the paradigm shift required to create the population of experts that will be required. For XBRL, the expression "do what you've always done, get what you've always got" could not be truer, and will not build the community of experts that will be required for growth and success.

    The population:

    There is no reliable estimate of the number of XBRL experts, developers, users or individuals with a solid understanding of either XBRL or the specification(s). At a best guess, I would put the numbers between 500 and, being generous, 1000. But maybe I'm wrong, maybe there are up to 1500 XBRL experts.

    Adoption:

    There is little question that adoption of XBRL is entering a new phase, with the number of jurisdictions growing and the number of projects and mandates expanding almost by the month. The dream of ubiquity may not be as far away as the XBRL community thinks, nor as close as it hopes. XBRL is more than just a standard for the tagging of business information; it is a "new" technology that requires an expanding based of trained and knowledgeable professionals.

    Where are they?

    Type "XML" into the search box on Monster.com, and even in the Great Recession, you get over 4000 job postings. Type "XBRL", and you get 20 postings. For the standard that is going to take over the world of business reporting, there appears to be very little demand. Is this another chicken-and-egg situation? Certainly the training and information is available; all the major vendors provide training courses, XBRL International (XII) and various jurisdictions run conferences that usually include training sessions. And of course there is Charlie Hoffman's new book, XBRL for Dummies.

    What is the demand?

    Very clearly the increasing number of mandates should be driving an increase in both the need for XBRL talent, and the number of people making personal decisions to study XBRL. In the United States the SEC mandate is up and running. This should grow demand.

    In the United Kingdom, the HMRC (Her Majesty's Revenue and Customs) mandate comes into force in early 2011, so one would expect to see a ramping up of demand for expertise now, to ensure software and processes are available to business to meet that mandate. Instead we tend to see articles in which accountants and software providers complain that they will not have time or resources to meet the mandate.

    In Japan, China, Korea, Singapore, Australia, France, Belgium and the Netherlands (to name just a subset) we see mandates or programs that will need experts to support.

    A simple count of required public company filers in mandated jurisdictions gives us at least 20,000 companies that are or will be required to provide XBRL versions of financial statements. This number does not include the millions of non-public companies that will be required to provide XBRL based reports in various jurisdictions.

    So clearly there is, or should be, a demand for at least an order of magnitude increase in the number of XBRL experts.

    How to get there:

    Clearly new thinking is required. The existing program of running conferences with the combined objectives of raising revenue and getting the word out is not working. The conferences have historically attracted up to 500 people, of which 50% are the same names. So twice annual international conferences are attracting maybe 500 new individuals to the XBRL community. National conferences seem to run at about the same numbers or less.

    A goal of having a community of experts numbering in the 15,000 range will require far more training, greater outreach, and of course demand. And, certification. Unfortunately many XBRL jurisdictions have not been supportive of individual memberships. The argument at XBRL US and XII was two-fold; that individual members cost more to administer than we could ever charge, and that allowing individual members would stop large companies from becoming members - and it was the large companies that would pay the large dues. If the option existed for individual memberships, companies would have one or two people join. In the "early days" that might have been so. Today that is holding XBRL back.

    Individual membership provides people with a personal and professional stake in the standard, and will support a massive growth in the total number of XBRL professionals. The current model of limiting (in many jurisdictions, but not all) membership to companies is acting as a break on wider adoption.

    This means XBRL International will probably need to outsource management of any certification program. As an individual membership organization, I am confident that the AICPA, through its long association with XBRL, will be happy to provide a bid to manage any such program.

    Certainly any certification program would imply an individual membership, or would certification be limited to individuals working for member organizaitons?

    Recommendations:

    These are just a few steps that XII & XBRL jurisdictions could take:


    1. XBRL International should be running "virtual conferences" with minimal or no registration fee. These "virtual conferences" should focus on basic and intermediate training.

    2. The pool of recorded webinars, seminars, and video should be radically expanded. There exists a set of video from the main stage at the 19th XBRL conference in Paris in June 2009. This is a start. XII should be uploading training video and including it on the Education and Training page.

    3. XII should establish an individual membership category to expand the number of individuals who see themselves as having a personal and professional link to the XBRL standard. This could be done in the same way that the IIA (Institute of Internal Auditors) and ISACA (Information Systems Audit and Control Association) have national chapters, in which individuals have a local and international membership.

    4. The XII concept of certification of XBRL professional should be studied. XII issued a survey on the value of such a certification. At the same time, a certification program with no one to certify would be a waste of time and money.

    08 November 2009

    Prediction time

    Prediction: Only the first and second wave of XBRL filers will be required to perform "Detailed Tagging" of the notes to the financial statements.

    Some background:

    After the Enron and Worldcom frauds, the US government reacted swiftly by enacting the Sarbanes-Oxley (SOX) legislation. Some business hated SOX, some loved it (the accounting and internal control professions come to mind, as well as a number of software companies), many hated it but stayed quiet and simply waited to see what would happen.

    SOX required, among other things:

    1. Certification by CEOs and CFOs on the accuracy of financial statements (section 302).
    2. Certification of the effectiveness of the systems of internal control (section 404).
    3. A requirement that the SEC perform a detailed review of all filers not less than once every 3 years, and every year for companies meeting a set of criteria.
    4. The PCAOB, with the mandate to review the effectiveness of audits performed by accounting firms.
    5. Auditing standards making authority vested with the PCAOB.

    Of the five requirements above, we know that four are fully implemented (1, 2, 4 and 5).

    Number 2 however has only been required and actualized by "Accelerated filers", or those companies with a market cap of over $75 million. The costs of implementation Section 404 was estimated by the SEC at an average of $93,000 per company. The actual costs far exceeded that, with estimates in the multiple-millions of dollars per company. The howls of protest - not by those that implemented - resulted in an ongoing deferment for smaller SEC registrants.

    In June 2008 the SEC announced another one year extension for small businesses. SEC Press Release

    There are now moved to permanently remove the Section 404 requirement for small filers. Melissa Klein Aguilar in ComplianceWeek writes: "The House Financial Services Committee formally approved an amendment this morning to exempt small companies from Section 404(b) of Sarbanes-Oxley." See the ComplianceWeek article.

    Link to Detailed Tagging:

    The logical step to deferment or exception for detailed tagging is clear.

    Tagging of financial statements into the XBRL format is not difficult, but it does take some time (the first time). After all, you have a number of line items (and tables), and a number of elements, and you map one to the other.  Okay, it is not that simple, but fundamentally there is a clearly defined set of information that will need to be tagged, and that information is presented in such as way as to facilitate selection and tagging.

    Detailed tagging of the notes to the financial statement is another issue entirely. The total effort required to accomplished detailed tagging of financial statements is not known. I have talked with a number of software provider who are also struggling with how they can streamline the detailed tagging of notes to the financial statements.

    To perform the detailed tagging, each note and each paragraph within each note will need to be deconstructed. A set of sentences designed to convey a meaningful message is not the same as structured table or financial statement where each concept has its own line.

    Certainly at least one company has already filed a "detailed tagged" version of their (Adobe), and they 1) have been providing XBRL to the SEC via the voluntary program since 2007 at least, and 2) have said that detailed tagging was "was extremely time-consuming."

    Warning:

    Detailed tagging is a year-2 event. It will involved significant additional effort. The good news is that filers will have a 30 day grace period for thier first detailed tagged filing (see page 24 of the Final Rule).

    So, filers will have significantly more work to accomplish, with the same time to accomplish it as they have for their first filing.

    Prediction:

    1. Expect comparisons between XBRL detailed tagging and SOX 404 (justified or not).
    2. Expect companies in recession (or coming out of it) to have resource constraints.
    3. Expect howls of protest when the actual workload is understood (or feared).
    4. Expect a sympathetic SEC to defer detailed tagging for non-accelerated filers.
    Implications for Assurance:

    The best news is that the notes to the financial statement are not currently audited. Certainly they are reviewed (or "read") to determine if there is anything in the notes that contradicts or is incompatible with the financial statements, but they are not audited. This means that the level of sampling or assurance that will need to be performed over the detailed tagged notes is minimal, and a "read" may be sufficient - when, or course, assurance actually is required.





    06 November 2009

    So, What about Assurance (or "Lord make me virtuous, but not yet")?

    Originally posted: 2 November 2009


    Probably the best place to start is by paraphrasing St Augustine: "Lord make me virtuous, but not yet". St Augustine was born in North Africa and lived for a time in Carthage. While his mother was a Catholic, his father was pagan, and he followed in his father's footsteps for much of his earlier life. Eventually he converted to Catholicism, and became one of the great leaders of the church.

    XBRL is a business reporting language, and the first and primary application has always been the provision of financial statements by companies to users of financial and business information, be they investors, regulators, banks, etc. The provision of assurance over the financial statements, via the audit and audit report, represents the lifeblood of the accounting profession. Isn't it amazing then that the accounting industry did not raise howls of protest to the SEC's specific statement that XBRL versions of financial statement do not require assurance.

    There seems to be two potential reasons for this:

    1. The SEC has stopped believing in assurance, or
    2. The accounting industry simply does not know how to provide assurance over XBRL.

    The first is, well, silly.
     XII Assurance Working Group

    The Assurance Working Group is included in the list of working groups on the XII website, complete with it charter and purpose. Lets listen in for a moment. ( or you read it yourself. scroll down to the Assurance WG.). I especially like the deliverables, and the dates of the meetings that the deliverables will (future tense) be prepared. Frankly, you have to wonder why they even bother any longer...



    The objective of the Assurance Working Group (AWG) is to support the IAASB in the development of relevant standards and guidance for the audit profession surrounding the use of XBRL for company reporting.  In working with the IAASB, the working group will support the standards development process through the collaborative development of the deliverables outlined below for use by the IAASB, the audit profession and other relevant capital market participants.  The AWG works in close collaboration with the International Auditing and Assurance Standards Board (IAASB) of IFAC.

    The AWG will provide the following deliverables:


    - A discussion paper for use by the IAASB at their meeting in Lima early March 2005 and/or by the Steering Committee of the IAASB at their meeting in Rome mid June 2005.
    - A white paper reflecting risks and opportunities related to XBRL as well giving advice on how to move forward on this issue.
    - Recommendations for the IAASB, which will make it possible for them to issue auditing standards.
    Proactively inform the IAASB of relevant technical matters.
    - Respond to technical matters referred to it by the IAASB.
    - Recommendations for educational materials and delivery resources to enhance the awareness among the audit profession and the stakeholders regarding the assurance issues associated with the use of XBRL.




    The good news: Now, in 2009, 4 years leter, the IAASB says they will look at XBRL. Progress!




    The second is a little more problematic. After all, the accounting industry has been the primary champion for XBRL for a decade. You would think that with a 10 year head start, they would by now know how to do what is after all, their core competency. And you would think that XBRL International would have paid more attention to the issue. Frankly, XBRL International and the accounting industry have failed to cater for what is arguable one of the most important aspects of XBRL - assurance over the information provided in the XBRL format.

    Of course this will now generate a number of e-mails (hopefully headed off by this comment) reminding people that the AICPA and the CAQ (Center for Audit Quality - of the AICPA) both recently published guidance on how accountants and auditors can provide assurance over XBRL. But in both cases, the assurance provided is based on Agreed Upon Procedures, and therefore is for internal use only - not much good for an investor. Why don't we move to AUPs for all assurance/audit. It would certainly save businesses globally a huge amount of money, and in most cases could actually be performed by internal resources. But my guess is that this would not satisfy regulators or investors.

    Mind you, supporting #1 and #2 above, here is an extract from page 3 of the CAQ's submission to the SEC's proposed rule mandating XBRL:

    "We fundamentally believe that independent assurance on XBRL documents would add value by increasing reliability and enhancing public confidence in financial reporting, as it does today. However, we also acknowledge that some, including the Commission and the SEC's Advisory Committee on Improvements to Financial Reporting (CIFiR), are concerned that the cost and time incurred to obtain such assurance might outweigh the benefits to preparers and users."

    It almost makes you wonder if the same couldn't be said about the audit in general. Adds value, but concerned that the cost and time might outweigh the benefits.

    But, lets return to the SEC for a moment. The SEC specifically exempted XBRL from assurance, and provided a two-year window of litigation relief. And this is for information that the SEC says will benefit investors. So if there another explanation? Maybe the SEC is losing faith with the accounting industries ability to define or deliver assurance, at least over the future of information for investors?

    But there is a kicker - the SEC did also say that litigation relief is only provided if companies can demonstrate a "good faith effort" to ensure their XBRL is error-free. So what is a "good faith effort". Cleverly this allows the AICPA and accounting firms both the time to test their own XBRL assurance processes in private. It was interesting to sit in on one of the post first-wave webcasts, and the hear David Blaszkowsky of the SEC's OID say that he was pleased that companies in the first wave had demonstrated a "good faith effort". I can only surmise that companies are requesting and receiving assurance in the form of the Agreed Upon Procedures framework provided by the AICPA. But alas, as the AUP if for internal use only, we cannot know that.

    Unfortunately this leaves the second tier and smaller accounting firms with no opportunity to test-drive assurance over XBRL, gives the markets no assurance that the XBRL is actually being audited, at the same allowing the accounting firms to generate some of the XBRL-based fees they have been so desperate to find.

    This certainly will give the big accounting firms a benefit. Imagine being a large SEC registrant currently audited by a "second tier" firm (firms like Grant Thornton, Crowe Chizek, Eisner, Moss Adams, McGladrey, BDO, Baker Tilly (Virchow Krause),  etc) and having to provide XBRL to the SEC, and to demonstrate a "good faith effort". You current second-tier firm has no experience providing assurance over XBRL, but the big-4 who are selling auditing services to you do have that experience. It is the classic FUD marketing play - Fear, Uncertainty and Doubt. "Certainly your current accountants should be able to provide assurance - that so important "good faith effort", but we not sure what actual experience they have doing that. I sure hope they don't use you as the test case. Of course, we've been doing this for a year now, and have smooth and streamlined processed to ensure the costs are managed and minimized. Would you like to see a proposal?"

    Finally, the true costs of XBRL implementation remain hidden.

    ===

    Comments:

    From: Dennis Santiago
    Message:

    So ultimately you're observing that the process as it is evolving creates a defacto four LLP oligarchy that places the other 2,000+ PCAOB registered public company accounting firms at a structural disadvantage vis-a-vis one of the lucrative sources of income in the auditing industry.

    Sounds like someone needs to wake up at the SEC and the PCAOB. It's clearly not in the public interest to have yet another regulatory process captured by the industry being regulated, and certainly not by 4 out of 2,000+ of that business. I guess I'm still idealistic enough to believe that the outcome of major public benefit initiatives should be commoditized across the entire serving industry and not hyperconcentrated into a source for supernormal returns for a chosen few. It's important to remind the people who swore profusely that they were doing XBRL for altruistic reasons that the world hasn't forgotten those words and will hold them to that promise.

    I really believe in computer architecture constructs like XBRL as helpful content capture and organizing mechanisms that can assist in improving transparency. But if all that's done here is to morph a minor variation of XML technology into a barrier to entry that undermines all the good it can bring. It will doom the process to a decade of scandal as 2,000 disenfranchised registered audit firms make their voices heard.

    Solution? The SEC should mandate that XBRL assurance is not required, taking the franchise profits off the table, until at least 25% of PCAOB registered firms have achieved "good faith" capability.

    Thanks for your continued efforts to keep the XBRL process on good foundations Dan.

    Dennis




    From: Andrew Chilcott

    Message:

    The question of assurance goes further than the SEC filings. If the filer was to decide to publish the XBRL instance document on their investor relations web site and allow an RSS Feed, how would the recipient of that instance document be able to trust the contents.

    XBRL sits on top of XML and can leverage other XML technologies like XML Signatures. In my opinion the instance document should be digitally signed by both the Company and the Auditor. We then get to the question of do we trust the certificate? Who is the Certification Authority? Shouldn't AICPA issue a root certificate that can be used to certify any particular firm of auditors that are it's members; and the SEC a root certificate that can be used to authenticate the companies that are obliged to report to it.

    Pretty basic stuff




    From: Jerry Trites

    Message:

    The Assurance Wroking Group did issue its White paper on November, 2006. It can be read at http://www.xbrl.org/Announcements/Interactive-Data-Assurance-2006-11-10.pdf.
    Members of the group did a presentation at the Istanbul conference that year and also made representations to the IAASB at about the same time.



    From: Dennis Santiago
    Message:
    Andrew,

    It should be noted that AICPA is an industry association, it's an NGO. They have no authority to regulate or certify. The root certificate for public company audit firms you speak of should properly come from the PCAOB.

    Dennis