What Companies Should Know About XBRL Tagging

The digital revolution in financial reporting is underway! Oh, um—you haven’t noticed yet?

The revolution began in earnest one year ago, when the Securities and Exchange Commission enacted a phased-in requirement that all registrants start filing financial statements using XBRL, a computer language to let software pluck out individual pieces of financial data and display them to investors. Accelerated filers with more than $5 billion in market capitalization began using XBRL for periods after June 15, 2009. Other accelerated filers will begin using XBRL for periods after June 15 of this year, and the rest will follow in 2011.

This mandate follows other regulators such as the Federal Deposit Insurance Corp., the U.S. Office of the Controller and others that have been requiring for the filing of call reports in the banking industry. The FDIC required bank call reports to be submitted as an XBRL-tagged document in 2005, so it could validate the data more quickly. The SEC also had a voluntary XBRL filing program since 2005. About 140 companies participated.

The technical process of converting financial data into XBRL hinges on a taxonomy of accounting terms, matching each particular item in U.S. Generally Accepted Accounting Principles to a “tag” in XBRL. The current U.S. GAAP taxonomy has 15,000 distinct elements, as diverse as the range of financial statements out there. Still, XBRL also provides companies the ability to “extend” or create their own tag, should some piece of financial data in their reports not quite fit anything else in the taxonomy.

In concept, XBRL is useful because it provides a format for establishing common definitions and contexts for business data. That is, if several companies all report the same financial metric but in different ways, investors using XBRL-tagged documents should be able to obtain comparable information regardless of where in the financial report that piece of data exists.

All that makes it sound like XBRL has real benefits for investors, analysts, and other users of financial statements—but so far, the regulators have been the primary users of the data. Regulators and stock exchanges around the world have recognized that requiring XBRL can make analysis and review of filings easier and more effective. The SEC mandate even outlined the benefits of XBRL to regulators; they acknowledge that using XBRL can help them review more filings (and to meet their requirement to review every registrant every three years). Using XBRL can lower the SEC’s costs and improve its effectiveness and business processes.

The first year of XBRL adoption requires companies to tag items in the basic financial statements as well as to “block tag” the footnotes as one whole item. Second-year reporting, however, requires detailed tagging of the information in the footnotes—and that is expected to be a much more intensive and time-consuming effort than the first year. Recent surveys indicate that the initial XBRL filing took roughly 120 hours, with subsequent filings taking about 40 hours. Estimates are that the detailed tagging will add back another 100 hours in the first filing and 50 hours in each subsequent filing.

The early adopters of XBRL had several tactics at their disposal, from doing the tagging in-house to outsourcing the effort. Those that chose to outsource the effort generally used their financial printers.

Even if a company chooses to outsource the effort, management must understand the specifics of the SEC mandate, and the responsibility for compliance still remains with management. While outsourcing was a popular choice for many companies (more than half, according to a recent survey by the AICPA and XBRL.org) because it saves costs, it is a riskier proposition since you don’t necessarily have full control of your data. Verifying the accuracy of the filing is also more difficult—and remember, you are still responsible for it. It’s imperative that someone internal at your company knows enough about XBRL to be able to confirm the accuracy of the filing.

Keeping the effort in-house does give companies complete control of the filing, but the initial costs may be higher than outsourcing. Over time, however, the implementation of XBRL may be better integrated into your financial reporting process.

Most companies view implementing XBRL as a compliance effort. Senior management see it as a cost with no apparent benefit, and at most companies XBRL is still a “bolt-on process” that happens only after financial statements are prepared for filing. So, really, all of the effort is currently incremental.

It seems to me that investors and other users of financial information should have been the group driving the adoption, in contrast to the reality that the SEC, FDIC, and other regulators drove it instead. Interestingly, the SEC mandate touts all the benefits of XBRL to investors and users’ financial statements—we just don’t hear the same enthusiasm from the actual investors and users themselves. It may take time (quite a bit of time) to gain acceptance as more companies begin using the technology.

Even if a company chooses to outsource the effort, management must understand the specifics of the SEC mandate, and the responsibility for compliance still remains with management.

Currently companies do not need to have outside auditors provide assurance on the XBRL filings, but auditing standards have been (and continue to be) developed should that requirement ever be imposed. In fact, if the whole point of XBRL is to benefit investors, analysts, and other users, it’s hard to believe that audits of tagging will not be required at some point in time. The potential for material misstatement of XBRL-tagged information without assurance to the tagging process is a real concern, especially since so many companies outsource the effort.

As early as 2005, the CPA Journal published an article noting, “The potential market for XBRL instance document assurance is unlimited, ranging from mid-size organizations that receive a variety of information from multiple reporting entities to internationally diverse Fortune 100 companies to government reporting entities.”

In the long run investors will probably demand assurance on the tagging. The Public Company Accounting Oversight Board issued guidance in 2005 on auditor engagements regarding XBRL, which relies on the auditor agreeing on a paper version of the XBRL-related documents to the information in the official filing. Several procedures were recommended, including a comparison of the data elements in the XBRL document to the official SEC filing, verification that the data elements have not been changed, deleted, or summarized in the XBRL documents, evaluation of whether the XBRL documents comply with the appropriate XBRL specifications and taxonomies, evaluation of whether any company extensions of the taxonomy are consistent with the requirements, and testing whether data elements in the XBRL documents are matched with appropriate tags in accordance with the applicable taxonomy.

It should also be noted that the Auditing Standards Board passed Interpretation 5, “Attest Engagements on Financial Information Included in XBRL Instance Documents” as part of its Statement on Standards for Attestation Engagements (SSAE) 10. The interpretation provides users of XBRL instance documents the assurance that the documents comply with technical specifications and taxonomies.

Note that all the current guidance on providing assurance on XBRL focuses on comparing the furnished XBRL data to the filed “human readable” filings. One has to wonder if we will eventually need guidance on a data-centric approach to providing assurance on the accuracy of the XBRL tags themselves?

The International Federation of Accountants and other accounting organizations are also discussing the topic to decide on a common approach for XBRL auditing standards. First, you need to ensure the correct taxonomy was used. Then you need to ensure that any extensions or customization of the taxonomy is complete, accurate, and correct. The source data also needs to be reliable. At the same time we need to confirm that appropriate internal controls were in place to ensure that the file is complete, accurate, and timely. Will an internal controls certification also be required on the XBRL-related data as well?

Because of all of the financial reporting scandals, investors and users of financial statements have become increasingly skeptical of information provided by management. If XBRL is used as intended—principally for purposes of investors and others analysis—there will likely be increasing pressure from users of the data to accept it at face value with some sort of assurance as to its accuracy. Perhaps management will initially be required to attest to its accuracy under existing requirements for the basic financial statements? Ultimately, the information may be required to be fully audited to provide extra assurance as to its completeness, accuracy, and reliability.