« Home »

Embedded Compliance

UK Publication Accountancy Age is celebrating its 40th birthday, so it asked the ‘experts’: What will the next 40 years hold for the profession?

Ted Awty audit partner, KPMG, offered this:

Common reporting internationally will drive consistent global approaches. IT developments are key. We shall see comprehensive embedded audit tools highlighting control compliance and exceptions, running irrespective of year ends. These could extend along the entire supply chain in many industries and will deal with all of the information at the core of reporting. Beyond this the use of judgment in many areas will remain and the auditor will need to be equipped to identify, test and confirm these judgments. With common international reporting and a global IT infrastructure, the profile of an auditor should be more consistent across the world leading to a global qualification and an auditor population that has shifted towards the main global economic centres of the day.

So what’s that got to do with XBRL?

One of the ‘next-gen’ additions to ERP systems is undoubtedly embedded auditing and compliance capabilities as the demands of governance, risk and compliance (GRC) on businesses worldwide become more onerous. The trouble is that applying auditing and compliance rules engines to financial data in ERP systems that are not consistently organized is tricky because charts of account and financial reporting rollups/categories are generally not standardized across organizations even within a single country (yes, I’m aware of the French Plan Comptable, which predates the idea of an XBRL GL by over 50 years). So enabling these controls to work across an entire supply chain of business partners as envisioned by Awty seems a long way off.

BTW – If you are not familiar with embedded compliance, take a look at this PWC diagram. And don’t blame me if that doesn’t help.

I suggest that the embedding of automated audit and compliance controls into ERP systems would be made a lot easier if XBRL tagging was being used at least at the GL account level based on accepted taxonomies. That way a homogenous rules engine could be built that can be applied across heterogenous ERP systems. And being a compliance auditor will become cool.

OK. Maybe that will take rather longer than 40 years.

Update 08 Jan 2010

If you want to find out more about Colm’s FinRep project (see his comment below) there’s a very detailed PDF here. Slide 41 of the PDF has a useful one page overview of XBRL content and context that’s worth a look if you are still puzzled by the concept of XBRL as a data tagging system.



This entry was posted on Wednesday, January 6th, 2010 at 4:16 am and is filed under Compliance, XBRL. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  • Colm O hAonghusa

    I trust the 'embedding' will be done outside/above each ERP system so as you can replace the erp without having to redo the 'embedding' . Here in Europe we are beginning to use the formula link-base in the new FinRep Taxonomy.
    Based on first examples the formula link-base is a very powerful addition to the arsenal of XBRL tools.

    However the auditing wont get any easier as the audit will need to verify that all the processes aka 'compliance formulas' are internally correct and are mapped to the correct inputs

    Auditing and Compliance work will never be cool until management is transparently and effectively penalized for breaches.

    For example, if a dealer breaches a credit limit he should be sacked.

  • Stewart McKie

    Colm – Thanks for your comment. The point I was trying to make is that compliance rules engines can sit above, and work more effectively with, disparate ERP systems assuming they can expect the data they are testing for compliance is standardized in some way (i.e. through taxonomy-based XBRL tagging). That way, the same engine (and rule set) can be applied to different ERP systems and datasets because it has a 'context layer' to work through. It's not about the engine being embedded per se but the data context being embedded via XBRL.