xAudit: Auditing Representation in XBRL Based Documents
In their paper; xAudit: Auditing Representation in XBRL Based Documents; Allison Ramon Araújo de Santana, Paulo Caetano da Silva, Márcio A. Pereira da Silva, and Maurício Codesso explain how audits can be made more efficient and more effective leveraging machine-readable information. Here is the abstract of the paper:
Most financial documents are presented to governments and governors in computer language (e.g., XBRL). Information acquired from said reports should be free from faults, omissions and fraud, making it trustworthy to the point of supporting strategic decisions by the organizations that receive them. Although XBRL technologies present financial data and its accounting semantics, the auditing techniques used (which make this data even more trustworthy) are not stored or listed in the XBRL taxonomies. This fact makes it difficult to perform the auditing of these files, given that it’s up to the auditor to apply the concepts of auditing manually, without the assistance of the automated auditing process. With the continuous auditing it’s more and more possible to avoid the recidivism of fraud or even to identify it more quickly. Despite many auditing operations being performed under the XBRL perspective, it has not yet been defined a standard for the auditing of XBRL files. This paper proposes the establishment of a link database (Linkbase, in XLINK language), based on the XBRL specifications, which has been named xAudit, for the listing and storing of auditing techniques in XBRL taxonomies. To do so, a solution has been created, based on the XBRL definitions and auditing-specific regulations. Using xAudit, people try to solve the shortage for a standard for XBRL auditing. Some important points of the auditing process are raised in the present article. Using xAudit, it’s expected that organizations can achieve improved results, real-time verification and accurate data analysis.
Here is other information that I provided related to the audit of XBRL-based information.
In my view, there are important distinctions that need to be kept in mind.
The first distinction is the difference between the "syntax" piece (i.e. what syntax) and the "logic" piece need to be kept separate in ones mind. The logic is explained in my document that explains what is necessary to communicate semantics (i.e. the logic) between two parties.
The second distinction is the difference between the "facts" that are reported within a report and the "financial report logic" itself which is about the consistency, completeness, and precision of the terms, associations, assertions, and facts WITHIN some report. You can have a report that is consistent, complete, and precise; but the FACTS are fraudulent. You could also have a report where the fact are 100% true and fair, but the report is incomprehensible.
The point is, when thinking about "audit" of "XBRL" if these things are separated appropriately, a proper system can be created. If you don't separate these concerns appropriately, you are likely to create an incomprehensible mess.
So, the best way to figure out what xAudit (or whatever it will end up being called) should be and what the possibilities are is to build a prototype. Here you go: (this is my initial, very, very early prototype)
- XBRL taxonomy schema for xAudit (Prototype)
- Human readable rendering of the above XBRL taxonomy schema and relations (Prototype)
- Audit Tests Modeled in DMN (Prototype)
- xAudit arcroles for representing audit tests (Prototype)
- Audit checklist (Prototypes as XBRL definition linkbase)
- Audit checklist + MINI labels (easier to read, same as above)
- Audit checklist human readable view (use this if you don't have an XBRL taxonomy tool)
- Sample XBRL instance (Prototype, checklist used to test this report)
- Next step: Add audit risk.
Heck, if we create a modern approach to financial reporting, we need a modern approach to auditing. The AICPA has their "dynamic audit initiative". We have rudamentary AI assisted audits. Anyone want to help reinvent the audit? Give me a shout.
OMG has some business process model documentation that is referenced. See BPMN and and BPM on the OMG web site. BPMN by example. BPMN example. Others are Decision Model and Notation. XPDL, XML Process Definition Language. ISO 19011:2018 Guidelines for auditing management systems. International Standards on Auditing. International Auditing and Assurance Standards Board (IAASB).
########################
XBRL, How it Implies the Audit Process
Business Process Model and Notation (Wikipedia)
Reader Comments