Although more organizations around the world are using XBRL, many internal auditors are still unaware of the benefits this markup language for the electronic communication of business information has to offer.


Keeping up-to-date with the latest audit and reporting techniques can be daunting. As a result, internal auditors may miss out on key developments that can provide substantial benefits not just to them, but to the organizations they work for. Such is the fate of XBRL in the internal audit community. Although the benefits of XBRL — which stands for extensible business reporting language — have been well reported and documented by various publications and Web sites (refer to the Additional Resources section of this article), many internal auditors are still unaware of what XBRL is, how it works, and how it can benefit their work.


According to XBRL International, a consortium of more than 500 companies and agencies worldwide that build XBRL and promote and support its adoption, XBRL is a language that helps organizations prepare, analyze, and communicate business and financial information electronically. "I always tell people that XBRL is three things," says Eric E. Cohen, XBRL technical leader for PricewaterhouseCoopers (PwC) and one of the original founders of XBRL. According to Cohen, XBRL is:

  1. A global, collaborative effort that enables those interested in the business reporting supply chain to agree on how to better communicate business reporting information to each other.
  2. A technical specification and extensions on how to use extensible markup language (XML) — a language that enables information and services to be exchanged by means of user- and industry-specific tags — to represent data with a specific set of syntax, taxonomies, and instance documents.
  3. A group of people coming together representing different aspects of the business reporting supply chain to define taxonomies and create instance documents for their specific industries.

"XBRL is an Internet-based information standard that enables a seamless flow of information within the entire business reporting supply chain, both for private and public organizations and for internal and external reporting," adds Mike Willis, a partner with PwC and the founding chairman of XBRL International. "It can also be customized for unique situations and reporting concepts. Because it is a standard, it allows information to be more easily accessed for comparative purposes."

Its Uses
Originally, XBRL was created to help companies save costs and streamline their processes for collecting and reporting financial information. "XBRL was developed because it was too hard — actually it was nearly impossible — to take information from a financial report and reuse it," says Charles Hoffman, director of industry solutions and financial reporting for XBRL software provider UBmatrix, who is considered by many as the founding father of XBRL. "By getting global agreement on the different taxonomies, XBRL enables organizations to exchange financial information without any problems." Consumers of financial data, including investors, analysts, financial institutions and regulators, can receive, find, compare and analyze data much more rapidly and efficiently if it is in XBRL format.

In the United States, the use of XBRL has been championed by the U.S. Securities and Exchange Commission (SEC) under the leadership of Chairman Christopher Cox. In September 2006, the SEC allocated US $54 million to upgrade the agency's public company disclosure system from a form-based electronic filing cabinet to a dynamic, real-time search tool with interactive XBRL capabilities. This upgrade has enabled companies to report their financial information to the SEC on a voluntary basis using XBRL. Regulatory agencies that have already mandated the use of XBRL in the United States include the Federal Deposit Insurance Corp., the Federal Reserve, and the Comptroller of the Currency. As of 2006, more than 8,200 U.S. financial institutions were using XBRL to submit quarterly reports to banking regulators.

XBRL use around the world is also widespread. Besides the United States, countries where XBRL projects are being actively implemented include Australia, Belgium, China, Germany, Italy, Japan, Korea, The Netherlands, Singapore, South Africa, Spain, Sweden, and the United Kingdom. The Bank of Spain, for instance, developed an XBRL-based Financial Information Exchange System, while in The Netherlands, the Dutch Ministry of Finance is using XBRL to present the country's national budget to large audiences in an interactive and transparent way. (For more information on how XBRL is being used around the world, visit and

However, XBRL can be used for more than just financial reporting. "That's a common misconception," Hoffman emphasizes. "A lot of the use of XBRL has been regulator-driven by the finance sector, but there's just as much of a business case for organizations to use XBRL for internal purposes. As the name implies, XBRL can be used for all kinds of business reporting."

Many companies, particularly those that grew through acquisitions or mergers, need to exchange information from application to application in an easy way. "By tagging data, XBRL allows this exchange of information to become seamless," explains Glen Gray, Ph.D., a professor in the accounting and information systems department with California State University at Northridge and a member of XBRL International. "Therefore, if the entire organization tags their information in the same way, it becomes a lot easier to find this information, download it, and use it."

In addition, many organizations already have a variety of XML initiatives to move data from one place to another. For these companies, using XBRL can be seen as an extension of XML. "XBRL is XML — it represents a very specific and standard way of using XML so the learning curve isn't steep if the organization is already exchanging data with XML," Gray says. For example, an organization that uses XML to tag data online has to decide how to name each information element (i.e., Company A could use net income while Company B uses net.income when tagging the same information). As a result, the tags used could present problems when consolidating data or when exchanging information from one company to another because they are named differently. However, XBRL provides a standard way of tagging information so each company uses the same tag, say net income, for the same information. "By tagging the XML data in a standard way, XBRL enables companies to more effectively consolidate internally and externally different subsidiaries into one set of statements," Gray adds.

How It Works
The concept of XBRL is simple. Instead of treating information as a block of text, such as a printed document, XBRL provides an identifying tag for each individual information element that can be read by any computer (e.g., "company net profit" has its own unique tag). XBRL tags enable automated processing of business information by computer software, which cuts manual data re-entry and comparison activities. This enables computers to recognize the information in a XBRL document, select it, analyze it, store it, exchange it with other computers, and present it automatically to users in a variety of ways. Hence, XBRL expedites the handling of business information, reduces errors, and permits automatic checking of information.

As mentioned previously, XBRL consists of:

  • The XBRL specification, a technical explanation of what XBRL is and how it works, which sets out the framework of XBRL and explains in detail the syntax and semantics of XBRL taxonomies and instance documents.
  • XBRL taxonomies, documents that describe the key data elements to be included in an XBRL instance document for the purpose of a particular type of financial reporting. Several taxonomies have already been issued, including those for reporting specific generally accepted accounting principles (GAAPs); those used for tax, statutory, and statistical reporting; and the XBRL Global Ledger (GL) — a single, holistic, global framework of taxonomies that represents data fields in a typical enterprise resource planning (ERP) system. (For more information on XBRL GL read "Understanding the XBRL Global Ledger" sidebar.)
  • XBRL instance documents, a collection of data elements that are tagged according to the concepts found in the taxonomy being used. For instance, suppose Company ABC is preparing financial statements in accordance with Canadian GAAPs. The company will prepare an instance document that contains the amounts for specific items and link those items to the category under the appropriate Canadian GAAP taxonomy.
  • XBRL style sheets, which are used to produce reports. Because instance documents are a collection of data and explanatory tags, they are not arranged in a user or reader-friendly manner. Therefore, if a company wishes to prepare a printed financial statement, it may use a style sheet that links the instance document to the financial report so it can generate the financial report.

Understanding the XBRL Global Ledger

The XBRL Global Ledger (GL) taxonomy is used to represent data from a transaction, such as an invoice, purchase order, or check, and follows that information as part of the business reporting process as data gets entered into a subsystem and moves from a transaction to a journal entry, from a journal entry to a trial balance, and finally to an end report.

"XBRL is about the standards used to improve the process of collecting and preparing data to improve end reports. This is where XBRL GL comes in," Eric E. Cohen explains, the major driving force behind the creation of XBRL GL. "Right now, companies use proprietary middleware or custom interfaces to move data along the audit information supply chain. With XBRL GL, there is a standard, holistic, generic data model available to represent that data."

A good example of how XBRL GL can act as a data hub for the use of consuming applications was the implementation of XBRL GL by Wacoal Corp. (PDF), an apparel manufacturer and marketer in Kyoto, Japan. Wacoal used XBRL GL to improve the quality of financial data available to key decision makers and streamline the financial reporting cycle by connecting its 32 independent legacy applications in a seamless data flow. Other examples of XBRL use in the private sector include Microsoft Corp.'s tagging of financials and footnotes in XBRL and United Technologies Corp.'s participation in the U.S. Securities and Exchange Commission XBRL Voluntary Filing Program.

Furthermore, XBRL can handle data in different languages and accounting standards and can be adapted to meet different requirements and uses. Data can be transformed into XBRL by suitable mapping tools or it can be generated in XBRL by the software being used. As Willis notes, "XBRL enhances the flow of information through the entire business reporting supply chain. There are many pervasive supply chain problems that exist today due to the lack of an open information standard and the reliance on proprietary formats to exchange information between parties," he explains. "Hence, organizations should use XBRL to reduce the friction associated with moving information from one application to another, as well as to articulate analytical, control, and processing concepts across a broad range of applications."


XBRL enables organizations to share data electronically in a secure and trusted manner. "This means organizations don't need to worry about data conversions or supplying data to others who would then try to interpret it," explains Peter Millar, director of product marketing for ACL Services Ltd. and a member of XBRL International. "Data errors can be introduced whenever there is a data conversion process. However, if there is a trusted, standardized way to share information electronically, data corruption risks or losses are decreased, which, in turn, increases data integrity when sharing information." As a result, XBRL allows organizations to securely share electronic data by using a specific taxonomy, thus reducing data conversion risks.

Besides streamlining the data exchange process and reducing data conversion risks, XBRL benefits internal auditors in their day-to-day work. "Organizations need to accumulate data from different business units," Millar continues. "When data is sent to the internal audit department in a standardized format, the work of internal auditors is streamlined, thus enabling them to dive into their work as opposed to spending a lot of time with data imports and conversions and trying to rationalize data from different sources."

According to both Willis and Cohen, one of the reasons XBRL was developed was to enhance the flow of information throughout the business reporting supply chain. "There are many pervasive supply chain problems that exist today due to the lack of an open information standard and the reliance on proprietary formats to exchange information between parties," says Willis. These problems include:

  • The distortion and omission of information.
  • High access and analysis costs.
  • Untimely reporting and analysis processes.
  • Poor information quality.
  • Infrequent information updates.
  • Low information volumes.
  • Lack of implicit relationships between reported concepts and relevant resources (e.g., instructions, standards, regulations, and data interpretations).
  • Validation and analysis problems on the consumer side.

"XBRL enhances the work of internal auditors by addressing these pervasive information problems and enabling them to do more at a lower cost," Willis adds. For instance, XBRL allows auditors to:

  • Conduct continuous compliance assessments and analyses, rather than manual statistical sampling and manual testing of controls, which pave the way for the use of continuous auditing within the organization.
  • Apply transparent rules and formulas to a wide range of analytical models rather than developing individual rules for different audit analyses.
  • Use predictive analysis techniques that are enabled by a seamless, low cost access to data.
  • Automate audit trails, drilldown information searches, and access different applications.
  • Use more explicit relationships between testing concepts and related compliance policy.

In addition, XBRL enables internal and external auditors to review business information from remote locations. "Imagine that you are an auditor working for the Federal Deposit Insurance Corp., which regulates banks all across the U.S. and you get a report that states something is wrong with a bank," Hoffman explains. "Instead of sending the auditor on a plane ride, he could simply get more information about the report online by accessing the information electronically via a Web service."

Additional Resources

To learn more about XBRL, auditors can visit the following Web sites or read the articles listed below:

  • XBRL International, this nonprofit consortium began in 1998 to promote and support the adoption of XBRL. The Web site offers information about all aspects of XBRL, including the latest news and case studies from organizations that have implemented this reporting language all over the world.
  • XBRL US. This Web site offers information about the different adoption initiatives of XBRL in the United States. For a complete list of XBRL jurisdictions around the world, visit
  • "Are You Ready for XBRL?" by David Coderre. This article, published on the Sept. 15, 2004 issue of ITAudit, discusses the major driving forces behind the creation of XBRL and its benefits as an audit tool.
  • "Introduction to XBRL" by Eric E. Cohen. Also published on ITAudit, this article provides a preliminary discussion of XBRL.
  • A 2006 report from Reuters that uses XBRL reporting elements. The report can be downloaded from the Reuters Web site (PDF). To view all XBRL reporting element details, scroll down to the report's last page and download the five different attachments provided. In addition, users can mouse over a specific reporting concept to view the relevant XBRL taxonomy context.
  • Transforming Financial Information — Use of XBRL in Federal Financial Management (PDF). This whitepaper addresses the current status toward the adoption of XBRL Web services in the finance community.
"Within the human body, there is a circulatory system, and blood at the toe has the same content as blood at the finger. By using XBRL GL to integrate disparate systems, a company can have a similar situation — internal auditors can test data anywhere along the information supply chain, using the same tools and seeing the same data model," Cohen expands. "Thus, XBRL allows auditors to set up standard tests using products like ACL or Excel, apply business rules across the organization, and work on exceptions through triggers and alarms, reducing the amount of manual checking they engage in."

XBRL also can be used to overcome many of today's audit and control problems, reducing the risks associated with manual entry and re-entry of information, increasing integration, and permitting the use of centralized and standardized rules and tests. "With XBRL GL, auditors can pull information from disparate systems in a single standardized form, potentially in real-time, which simplifies the audit process and enables auditors to review more data in more detail and more frequently," Cohen says.


XBRL is a markup language for the electronic communication of business information that streamlines the process of sharing data from one application to another or from one business unit to another. "XBRL was developed because it solves the problem of data transfer among different applications both internally and externally," Hoffman comments. "Therefore, organizations should use XBRL if they want to do something better, faster, or cheaper than what they are doing right now."

A major misconception is that XBRL has to be implemented by the IT department. As Hoffman explains, "XBRL is a business tool. There is no reason why an internal audit department can't experiment with new prototypes. That's how people check things out and see if they are worthwhile." Therefore, auditors should use XBRL to determine if it is beneficial to their work. "Auditors first need to understand XBRL," concludes Gray. "Once auditors understand how it works and its benefits, they can form the business case for its use."

Taking this first step will enable auditors to enhance the way business information is accessed, shared, and reported. "Internal auditors should see XBRL as an opportunity to reduce the risks associated with the misinterpretation of information and to make organizations more efficient. This will help them to add value to the organization and become agents of change," Millar concludes.


Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.





To make something bold:
<strong>Text to bold</strong>

To make something italic:
<em>Text to italicize</em>

To make a hyperlink:
<a href="URL">Text to link</a>


Subscribe_June 2014