15 November 2009

Where are the XBRL experts?

Summary:

The current population of XBRL experts is inadequate to propel XBRL from being a niche standard into the global, ubiquitous standard for business reporting. In addition, there does not appear to be the paradigm shift required to create the population of experts that will be required. For XBRL, the expression "do what you've always done, get what you've always got" could not be truer, and will not build the community of experts that will be required for growth and success.

The population:

There is no reliable estimate of the number of XBRL experts, developers, users or individuals with a solid understanding of either XBRL or the specification(s). At a best guess, I would put the numbers between 500 and, being generous, 1000. But maybe I'm wrong, maybe there are up to 1500 XBRL experts.

Adoption:

There is little question that adoption of XBRL is entering a new phase, with the number of jurisdictions growing and the number of projects and mandates expanding almost by the month. The dream of ubiquity may not be as far away as the XBRL community thinks, nor as close as it hopes. XBRL is more than just a standard for the tagging of business information; it is a "new" technology that requires an expanding based of trained and knowledgeable professionals.

Where are they?

Type "XML" into the search box on Monster.com, and even in the Great Recession, you get over 4000 job postings. Type "XBRL", and you get 20 postings. For the standard that is going to take over the world of business reporting, there appears to be very little demand. Is this another chicken-and-egg situation? Certainly the training and information is available; all the major vendors provide training courses, XBRL International (XII) and various jurisdictions run conferences that usually include training sessions. And of course there is Charlie Hoffman's new book, XBRL for Dummies.

What is the demand?

Very clearly the increasing number of mandates should be driving an increase in both the need for XBRL talent, and the number of people making personal decisions to study XBRL. In the United States the SEC mandate is up and running. This should grow demand.

In the United Kingdom, the HMRC (Her Majesty's Revenue and Customs) mandate comes into force in early 2011, so one would expect to see a ramping up of demand for expertise now, to ensure software and processes are available to business to meet that mandate. Instead we tend to see articles in which accountants and software providers complain that they will not have time or resources to meet the mandate.

In Japan, China, Korea, Singapore, Australia, France, Belgium and the Netherlands (to name just a subset) we see mandates or programs that will need experts to support.

A simple count of required public company filers in mandated jurisdictions gives us at least 20,000 companies that are or will be required to provide XBRL versions of financial statements. This number does not include the millions of non-public companies that will be required to provide XBRL based reports in various jurisdictions.

So clearly there is, or should be, a demand for at least an order of magnitude increase in the number of XBRL experts.

How to get there:

Clearly new thinking is required. The existing program of running conferences with the combined objectives of raising revenue and getting the word out is not working. The conferences have historically attracted up to 500 people, of which 50% are the same names. So twice annual international conferences are attracting maybe 500 new individuals to the XBRL community. National conferences seem to run at about the same numbers or less.

A goal of having a community of experts numbering in the 15,000 range will require far more training, greater outreach, and of course demand. And, certification. Unfortunately many XBRL jurisdictions have not been supportive of individual memberships. The argument at XBRL US and XII was two-fold; that individual members cost more to administer than we could ever charge, and that allowing individual members would stop large companies from becoming members - and it was the large companies that would pay the large dues. If the option existed for individual memberships, companies would have one or two people join. In the "early days" that might have been so. Today that is holding XBRL back.

Individual membership provides people with a personal and professional stake in the standard, and will support a massive growth in the total number of XBRL professionals. The current model of limiting (in many jurisdictions, but not all) membership to companies is acting as a break on wider adoption.

This means XBRL International will probably need to outsource management of any certification program. As an individual membership organization, I am confident that the AICPA, through its long association with XBRL, will be happy to provide a bid to manage any such program.

Certainly any certification program would imply an individual membership, or would certification be limited to individuals working for member organizaitons?

Recommendations:

These are just a few steps that XII & XBRL jurisdictions could take:


1. XBRL International should be running "virtual conferences" with minimal or no registration fee. These "virtual conferences" should focus on basic and intermediate training.

2. The pool of recorded webinars, seminars, and video should be radically expanded. There exists a set of video from the main stage at the 19th XBRL conference in Paris in June 2009. This is a start. XII should be uploading training video and including it on the Education and Training page.

3. XII should establish an individual membership category to expand the number of individuals who see themselves as having a personal and professional link to the XBRL standard. This could be done in the same way that the IIA (Institute of Internal Auditors) and ISACA (Information Systems Audit and Control Association) have national chapters, in which individuals have a local and international membership.

4. The XII concept of certification of XBRL professional should be studied. XII issued a survey on the value of such a certification. At the same time, a certification program with no one to certify would be a waste of time and money.

08 November 2009

Prediction time

Prediction: Only the first and second wave of XBRL filers will be required to perform "Detailed Tagging" of the notes to the financial statements.

Some background:

After the Enron and Worldcom frauds, the US government reacted swiftly by enacting the Sarbanes-Oxley (SOX) legislation. Some business hated SOX, some loved it (the accounting and internal control professions come to mind, as well as a number of software companies), many hated it but stayed quiet and simply waited to see what would happen.

SOX required, among other things:

  1. Certification by CEOs and CFOs on the accuracy of financial statements (section 302).
  2. Certification of the effectiveness of the systems of internal control (section 404).
  3. A requirement that the SEC perform a detailed review of all filers not less than once every 3 years, and every year for companies meeting a set of criteria.
  4. The PCAOB, with the mandate to review the effectiveness of audits performed by accounting firms.
  5. Auditing standards making authority vested with the PCAOB.

Of the five requirements above, we know that four are fully implemented (1, 2, 4 and 5).

Number 2 however has only been required and actualized by "Accelerated filers", or those companies with a market cap of over $75 million. The costs of implementation Section 404 was estimated by the SEC at an average of $93,000 per company. The actual costs far exceeded that, with estimates in the multiple-millions of dollars per company. The howls of protest - not by those that implemented - resulted in an ongoing deferment for smaller SEC registrants.

In June 2008 the SEC announced another one year extension for small businesses. SEC Press Release

There are now moved to permanently remove the Section 404 requirement for small filers. Melissa Klein Aguilar in ComplianceWeek writes: "The House Financial Services Committee formally approved an amendment this morning to exempt small companies from Section 404(b) of Sarbanes-Oxley." See the ComplianceWeek article.

Link to Detailed Tagging:

The logical step to deferment or exception for detailed tagging is clear.

Tagging of financial statements into the XBRL format is not difficult, but it does take some time (the first time). After all, you have a number of line items (and tables), and a number of elements, and you map one to the other.  Okay, it is not that simple, but fundamentally there is a clearly defined set of information that will need to be tagged, and that information is presented in such as way as to facilitate selection and tagging.

Detailed tagging of the notes to the financial statement is another issue entirely. The total effort required to accomplished detailed tagging of financial statements is not known. I have talked with a number of software provider who are also struggling with how they can streamline the detailed tagging of notes to the financial statements.

To perform the detailed tagging, each note and each paragraph within each note will need to be deconstructed. A set of sentences designed to convey a meaningful message is not the same as structured table or financial statement where each concept has its own line.

Certainly at least one company has already filed a "detailed tagged" version of their (Adobe), and they 1) have been providing XBRL to the SEC via the voluntary program since 2007 at least, and 2) have said that detailed tagging was "was extremely time-consuming."

Warning:

Detailed tagging is a year-2 event. It will involved significant additional effort. The good news is that filers will have a 30 day grace period for thier first detailed tagged filing (see page 24 of the Final Rule).

So, filers will have significantly more work to accomplish, with the same time to accomplish it as they have for their first filing.

Prediction:

  1. Expect comparisons between XBRL detailed tagging and SOX 404 (justified or not).
  2. Expect companies in recession (or coming out of it) to have resource constraints.
  3. Expect howls of protest when the actual workload is understood (or feared).
  4. Expect a sympathetic SEC to defer detailed tagging for non-accelerated filers.
Implications for Assurance:

The best news is that the notes to the financial statement are not currently audited. Certainly they are reviewed (or "read") to determine if there is anything in the notes that contradicts or is incompatible with the financial statements, but they are not audited. This means that the level of sampling or assurance that will need to be performed over the detailed tagged notes is minimal, and a "read" may be sufficient - when, or course, assurance actually is required.





06 November 2009

So, What about Assurance (or "Lord make me virtuous, but not yet")?

Originally posted: 2 November 2009


Probably the best place to start is by paraphrasing St Augustine: "Lord make me virtuous, but not yet". St Augustine was born in North Africa and lived for a time in Carthage. While his mother was a Catholic, his father was pagan, and he followed in his father's footsteps for much of his earlier life. Eventually he converted to Catholicism, and became one of the great leaders of the church.

XBRL is a business reporting language, and the first and primary application has always been the provision of financial statements by companies to users of financial and business information, be they investors, regulators, banks, etc. The provision of assurance over the financial statements, via the audit and audit report, represents the lifeblood of the accounting profession. Isn't it amazing then that the accounting industry did not raise howls of protest to the SEC's specific statement that XBRL versions of financial statement do not require assurance.

There seems to be two potential reasons for this:

1. The SEC has stopped believing in assurance, or
2. The accounting industry simply does not know how to provide assurance over XBRL.

The first is, well, silly.
 XII Assurance Working Group

The Assurance Working Group is included in the list of working groups on the XII website, complete with it charter and purpose. Lets listen in for a moment. ( or you read it yourself. scroll down to the Assurance WG.). I especially like the deliverables, and the dates of the meetings that the deliverables will (future tense) be prepared. Frankly, you have to wonder why they even bother any longer...



The objective of the Assurance Working Group (AWG) is to support the IAASB in the development of relevant standards and guidance for the audit profession surrounding the use of XBRL for company reporting.  In working with the IAASB, the working group will support the standards development process through the collaborative development of the deliverables outlined below for use by the IAASB, the audit profession and other relevant capital market participants.  The AWG works in close collaboration with the International Auditing and Assurance Standards Board (IAASB) of IFAC.

The AWG will provide the following deliverables:


- A discussion paper for use by the IAASB at their meeting in Lima early March 2005 and/or by the Steering Committee of the IAASB at their meeting in Rome mid June 2005.
- A white paper reflecting risks and opportunities related to XBRL as well giving advice on how to move forward on this issue.
- Recommendations for the IAASB, which will make it possible for them to issue auditing standards.
Proactively inform the IAASB of relevant technical matters.
- Respond to technical matters referred to it by the IAASB.
- Recommendations for educational materials and delivery resources to enhance the awareness among the audit profession and the stakeholders regarding the assurance issues associated with the use of XBRL.




The good news: Now, in 2009, 4 years leter, the IAASB says they will look at XBRL. Progress!




The second is a little more problematic. After all, the accounting industry has been the primary champion for XBRL for a decade. You would think that with a 10 year head start, they would by now know how to do what is after all, their core competency. And you would think that XBRL International would have paid more attention to the issue. Frankly, XBRL International and the accounting industry have failed to cater for what is arguable one of the most important aspects of XBRL - assurance over the information provided in the XBRL format.

Of course this will now generate a number of e-mails (hopefully headed off by this comment) reminding people that the AICPA and the CAQ (Center for Audit Quality - of the AICPA) both recently published guidance on how accountants and auditors can provide assurance over XBRL. But in both cases, the assurance provided is based on Agreed Upon Procedures, and therefore is for internal use only - not much good for an investor. Why don't we move to AUPs for all assurance/audit. It would certainly save businesses globally a huge amount of money, and in most cases could actually be performed by internal resources. But my guess is that this would not satisfy regulators or investors.

Mind you, supporting #1 and #2 above, here is an extract from page 3 of the CAQ's submission to the SEC's proposed rule mandating XBRL:

"We fundamentally believe that independent assurance on XBRL documents would add value by increasing reliability and enhancing public confidence in financial reporting, as it does today. However, we also acknowledge that some, including the Commission and the SEC's Advisory Committee on Improvements to Financial Reporting (CIFiR), are concerned that the cost and time incurred to obtain such assurance might outweigh the benefits to preparers and users."

It almost makes you wonder if the same couldn't be said about the audit in general. Adds value, but concerned that the cost and time might outweigh the benefits.

But, lets return to the SEC for a moment. The SEC specifically exempted XBRL from assurance, and provided a two-year window of litigation relief. And this is for information that the SEC says will benefit investors. So if there another explanation? Maybe the SEC is losing faith with the accounting industries ability to define or deliver assurance, at least over the future of information for investors?

But there is a kicker - the SEC did also say that litigation relief is only provided if companies can demonstrate a "good faith effort" to ensure their XBRL is error-free. So what is a "good faith effort". Cleverly this allows the AICPA and accounting firms both the time to test their own XBRL assurance processes in private. It was interesting to sit in on one of the post first-wave webcasts, and the hear David Blaszkowsky of the SEC's OID say that he was pleased that companies in the first wave had demonstrated a "good faith effort". I can only surmise that companies are requesting and receiving assurance in the form of the Agreed Upon Procedures framework provided by the AICPA. But alas, as the AUP if for internal use only, we cannot know that.

Unfortunately this leaves the second tier and smaller accounting firms with no opportunity to test-drive assurance over XBRL, gives the markets no assurance that the XBRL is actually being audited, at the same allowing the accounting firms to generate some of the XBRL-based fees they have been so desperate to find.

This certainly will give the big accounting firms a benefit. Imagine being a large SEC registrant currently audited by a "second tier" firm (firms like Grant Thornton, Crowe Chizek, Eisner, Moss Adams, McGladrey, BDO, Baker Tilly (Virchow Krause),  etc) and having to provide XBRL to the SEC, and to demonstrate a "good faith effort". You current second-tier firm has no experience providing assurance over XBRL, but the big-4 who are selling auditing services to you do have that experience. It is the classic FUD marketing play - Fear, Uncertainty and Doubt. "Certainly your current accountants should be able to provide assurance - that so important "good faith effort", but we not sure what actual experience they have doing that. I sure hope they don't use you as the test case. Of course, we've been doing this for a year now, and have smooth and streamlined processed to ensure the costs are managed and minimized. Would you like to see a proposal?"

Finally, the true costs of XBRL implementation remain hidden.

===

Comments:

From: Dennis Santiago
Message:

So ultimately you're observing that the process as it is evolving creates a defacto four LLP oligarchy that places the other 2,000+ PCAOB registered public company accounting firms at a structural disadvantage vis-a-vis one of the lucrative sources of income in the auditing industry.

Sounds like someone needs to wake up at the SEC and the PCAOB. It's clearly not in the public interest to have yet another regulatory process captured by the industry being regulated, and certainly not by 4 out of 2,000+ of that business. I guess I'm still idealistic enough to believe that the outcome of major public benefit initiatives should be commoditized across the entire serving industry and not hyperconcentrated into a source for supernormal returns for a chosen few. It's important to remind the people who swore profusely that they were doing XBRL for altruistic reasons that the world hasn't forgotten those words and will hold them to that promise.

I really believe in computer architecture constructs like XBRL as helpful content capture and organizing mechanisms that can assist in improving transparency. But if all that's done here is to morph a minor variation of XML technology into a barrier to entry that undermines all the good it can bring. It will doom the process to a decade of scandal as 2,000 disenfranchised registered audit firms make their voices heard.

Solution? The SEC should mandate that XBRL assurance is not required, taking the franchise profits off the table, until at least 25% of PCAOB registered firms have achieved "good faith" capability.

Thanks for your continued efforts to keep the XBRL process on good foundations Dan.

Dennis




From: Andrew Chilcott

Message:

The question of assurance goes further than the SEC filings. If the filer was to decide to publish the XBRL instance document on their investor relations web site and allow an RSS Feed, how would the recipient of that instance document be able to trust the contents.

XBRL sits on top of XML and can leverage other XML technologies like XML Signatures. In my opinion the instance document should be digitally signed by both the Company and the Auditor. We then get to the question of do we trust the certificate? Who is the Certification Authority? Shouldn't AICPA issue a root certificate that can be used to certify any particular firm of auditors that are it's members; and the SEC a root certificate that can be used to authenticate the companies that are obliged to report to it.

Pretty basic stuff




From: Jerry Trites

Message:

The Assurance Wroking Group did issue its White paper on November, 2006. It can be read at http://www.xbrl.org/Announcements/Interactive-Data-Assurance-2006-11-10.pdf.
Members of the group did a presentation at the Istanbul conference that year and also made representations to the IAASB at about the same time.



From: Dennis Santiago
Message:
Andrew,

It should be noted that AICPA is an industry association, it's an NGO. They have no authority to regulate or certify. The root certificate for public company audit firms you speak of should properly come from the PCAOB.

Dennis