The Application of XBRL in Enterprises’ Internal Control Report ()
1. Introduction
As an important part of modern enterprise management, internal control plays a key role in controlling various risks of enterprises, protecting the integrity and safety of their assets and improving their internal management. In recent years, with the occurrence of financial frauds in Enron, Worldcom and Xerox and control failures in some China’s enterprises, people have paid more attention to internal control of enterprises.
At the same time, XBRL (Extensible Business Reporting Language) has become a new disclosure form of network financial report. All countries in the world are actively seeking the application of XBRL. And how to apply XBRL to internal control report of enterprises, which has also caused people’s attention.
2. Research Status
2.1. The Development of Enterprises’ Internal Control
The COSO committee defines internal control as “company’s board of directors, management and others implement procedures to achieve the following goals: 1) the effectiveness and efficiency of operation; 2) the reliability of financial report; 3) complying with applicable laws and regulations.” And internal control in COSO report includes five elements: a) control environment; b) risk assessment; c) control activities; d) information and communication; e) internal monitoring.
In 2002, American government enacted the Sarbanes-Oxley Act. It involves all aspects of financial report and audit of enterprises. It rules that SEC should issue a new law and regulation to ask listed companies to disclose internal control report in their annual financial report. What’s more, companies’ internal control report should include a statement of responsibility that the management establish and maintain an appropriate internal control structure and an effectiveness evaluation to internal control report at the end of the fiscal year.
After the Sarbanes-Oxley Act was enacted, most countries and regions called for internal control of listed companies, and issued a series of laws and regulations about internal control system. To improve the overall sit- uation of companies’ internal control, so did China’s government. In June, 2006, Shanghai Stock Exchange released “Internal Control Guidelines for Listed Companies in Shanghai Stock Exchange” and State-Owned Assets Supervision and Administration Commission (SASAC) issued “Overall Risk Management Guidelines for Central Enterprises”. The Minisry of Finance of China set up Enterprise Internal Control Standard Committee in July, 2006. Besides, Shenzhen Stock Exchange released “Internal Control Guidelines for Listed Companies in Shenzhen Stock Exchange” in September, 2006.
On June 28, 2008, the Ministry of Finance, Securities Regulatory Commission, National Audit Office, Banking Regulatory Commission and Insurance Regulatory Commission of China jointly issued “Basic Norms for Enterprises’ Internal Control”. It pointed out that enterprises should set up and implement internal control, make self-assessment about the effectiveness of internal control and disclose annual self-assessment report. Besides, enterprises may hire accounting firms to audit the effectiveness of their internal control. It has been formally enforced in all listed companies since July 1, 2009. In April, 2010, five departments, such as the Ministry of Finance of China and so on, released “18 Applicable Guidelines for Enterprises’ Internal Control”, “Evaluation Guidelines for Enterprises’ Internal Control” and “Auditing Guidelines for Enterprises’ Internal Control”. They have been enforced in companies that listed in domestic and overseas on January 1, 2011 and in the main board of Shanghai Stock Exchange and Shenzhen Stock Exchange on January 1, 2012.
At the same time, domestic scholars also studied the disclosure of Chinese listed companies’ internal control report. Fang Hongxing and Sun He (2007) [1] make an empirical research about the information disclosure act and agent of internal control of non-fianancial listed companies in Shanghai Stock Exchange in 2006. They find that most companies don’t disclose their internal control information in accordance with the requirements of “guidelines” and few companies disclose it in detail. In addition, companies that listed in overseas, with large scale assets or with unqualified audit opinion given by auditors have strong motivation to disclose their internal control information.
Tian Gaoliang, Qi Baolei and Li Liuchuang (2010) [2] analyze self-assessment reports about internal control of 494 listed companies in Shenzhen Stock Exchange in 2008 by logit regression. They find that companies whose internal control exist defects face higher financial risks and more complex operating conditions. Besides, the auditing quality is negatively related to the defects of listed companies’ internal control.
Zhou Shouhua et al. (2013) [3] make a more comprehensive and detailed statistical analysis on all A-share listed companies in 2012 from aspects of evaluation report, evaluation defect, audit report, audit opinion, audit fee and consulting of internal control. This study finds that there are some problems on information disclosure and system construction of listed companies’ internal control. Finally, authors make some suggestions to deal with the above problems.
2.2. The Development of XBRL
In April, 1998, Charles Hoffman, an American accountant, put forward XBRL for the first time by combining accounting information with XML technology. The occurrence of XBRL solves the problems that the storage format of financial data is complex and varied and unfavorable to data exchange.
XBRL is a method to standardize definitions and expressions of business data and the latest technology of processing unstructured information. It includes XBRL Specifications, XBRL Taxonomy and XBRL Instance Document. XBRL Specifications define grammar rules of XBRL, which are made and maintained by XBRL international organizations. XBRL Taxonomy define financial concepts and their relationship, which are made by relevant departments according to national accounting standards. XBRL Instance Document are file carriers of describing financial reports. In other words, they are financial reports drawn up by enterprises.
There has been 15 years since the emergence of XBRL. It is widely used in many fields all over the world, such as in information sharing, financial supervision, government supervision and internal control field. SEC, FFIEC, EDINET, Tokyo Stock Exchange, Bank of Japan, CEBS, Royal Revenue and Customs of UK have been carried out related application of XBRL.
In December, 1999, XBRL format designer with an invitation of Professor Tang Yunwei came to Shanghai Dahua Accounting Firm. He made an academic exchange with experts of East China University of Science and Technology, University of Shanghai Science and Technology and Shanghai Accounting Association. Then, XBRL was gradually introduced to China. In March, 2002, Data Interface Specification of Accounting Software (local standard of Shanghai) was released. In the setting process of it, XBRL was quoted in the output of report format according to the principle of WTO. Since then until 2006, Securities Regulatory Commission of China, Shanghai Stock Exchange, Shenzhen Stock Exchange, some relevant academic experts and technical experts have devoted themselves to the development of XBRL in the process of introduction and preliminary application of it in China. At the same time, the Ministry of Finance of China also paid more attention to it. In 2007, the Ministry of Finance of China applied for joining XBRL International Alliance in the name of China Accounting Standards Committee. In 2008, it officially joined XBRL International Alliance. Later, the Ministry of Finance of China played a key role in the deepening application and generalization of XBRL. Many relevant policies on XBRL were successively released. Especially, the announcement of “CAS General Purpose Taxonomy” (October 19, 2010), “Extensible Purpose Taxonomy of Oil and Gas Industry” (December 16, 2011) and “Extensible Purpose Taxonomy of Banking” (December 24, 2012) was a big development of XBRL in China. It further regulated the disclosure of accounting information.
3. The Advantages of Using XBRL as a Disclosure Measure of Enterprises’ Internal Control Report
Fang Hongxing and Sun He (2007) [1] , Yang Youhong and Wang Wei (2008) [4] , Yang Youhong and Chen Lingyun (2009) [5] , Zhou Shouhua et al. (2013) [3] study the information disclosure of internal control report in annual report of listed companies from different aspects. They find that enterprises’ will of disclosing information about their internal control is not strong and those with imperfect internal control especially don’t take the initative to disclose it. What’s more, the requirements for enterprises to disclose their internal control are too general. It leads the different levels of detail among enterprises that are voluntary to disclose information of internal control in annual report. More importantly, listed companies disclose information of internal control with different standards. At the same time, certified public accountants audit internal control report with different basis correspondingly. Therefore, it brings trouble to the correct understanding of investors to listed companies’ internal control.
On the basis of an empirical study of listed companies’ internal control by Feng Jian and Cai Congguang (2008) [6] , we know that listed companies with better internal control have positive informativeness. Therefore, improving the disclosure of internal control helps listed companies convey correct information to the market and it also helps investors command listed companies. At the same time, it is beneficial for regulators to supervise listed companies by using information of their internal control. As an effective disclosing form of report, XBRL has been widely used in financial report of listed companies. So, there are some advantages of using XBRL as a disclosing measure to enterprises’ internal control report. For example, it can improve information transparency of enterprises, standardize the format of internal control report, improve the efficiency of information processing and government supervision, reduce the risk of auditing and so on.
4. Suggestions on Setting up XBRL Taxonomy about Internal Control Report
In the application and promotion of XBRL, XBRL taxonomy is the most important content of it (Gao Jinping, 2008; Yang Zhounan et al., 2010) [7] [8] and affects the application effect of XBRL (Bovee M. et al., 2002, 2005; Ying Wei et al., 2013) [9] -[11] . Therefore, setting up XBRL taxonomy about internal control report is the key to using XBRL as a disclosing measure of internal control report.
4.1. The Basis of Setting up XBRL Taxonomy about Internal Control Report
There are many ways to set up XBRL taxonomy.
1) Collecting annual reports of different companies and finding out common elements. Then, setting up XBRL taxonomy based on them.
2) Setting up XBRL taxonomy according to the financial report samples provided by four big accounting firms or other available report templates.
3) Being familiar with relevant accounting standards and setting up XBRL taxonomy by extracting mandatory disclosure and recommended disclosure of elements from them.
All above ways are not perfect. We should set up XBRL taxonomy by using several ways at the same time to ensure containing all needed elements. Therefore, we suggest key elements and labels of XBRL taxonomy about internal control report based on the requirements of “Basic Norms for Enterprises’ Internal Control” and actual situation of Chinese enterprises.
“Basic Norms for Enterprises’ Internal Control” (hereafter call it “Norms” for short) contains seven chapters and makes detailed regulations to enterprises’ internal control.
The first chapter is general principles. It states the purpose and applicable scope of “Norms”. Besides, it expounds principles and five elements of establishing and implementing effective internal control. It defines internal control as “the process of carrying out and achieving control goals by board of directors, board of supervisors, the management and all employees of enterprises”.
The second chapter is internal control environment. It requires enterprises to establish standardized corporate governance structure, rules of procedure, defined responsibility permissions, effective division of duties and balance mechanism in accordance with relevant national laws and regulations and charter of company. It also defines the rights and responsibilities of general meeting of shareholders, board of directors, board of supervisors and the management. Specifically, board of directors is responsible for establishing internal control system and implementing it effectively. Board of supervisors is responsible for supervising board of directors and the management is responsible for daily operation of enterprise according to its internal control system. In terms of auditing, this chapter requires enterprises to set up board of auditors. They are in charge of internal audit.
The third chapter is risk assessment. In this chapter, enterprises are required to assess risk in time, identify internal and external risk accurately, set corresponding risk tolerance and point out factors considered in the identification of internal and external risk. Besides, according to the possibility and impact of risk, enterprises should analyze and sort the identified risk, confirm the focused and prioritized risk and make corresponding countermeasures.
The fourth chapter is control activities. Enterprises should take various measures to control risk within the acceptable range. What’s more, they should specifically regulate how to control incompatible duties separation, authorized examination and approval system, accounting system, property protection, budgeting, operating and performance evaluation. At the same time, risk warning mechanism and emergency handling mechanism also should be set up.
The fifth chapter is information and communication. It requires enterprises to establish information and communication system. Enterprises should promote the integration and sharing of information by using information technology and set up anti-fraud mechanism to prevent unauthorized or illegal to embezzle assets, information disclosure fraud, abuse of power and so on. In addition, complaints system and whistleblower protection system also should be established for all employees.
The sixth chapter is internal monitoring. In this chapter, enterprises are required to stipulate the rights and responsibilities of internal audit institution and other internal organizations in internal monitoring and the judging standards of internal control weakness. Besides, enterprises should safekeep relevant records and documents in the establishment and implementation of internal control to ensure the process that can be verified.
The seventh chapter is bylaws. It makes supplementary interpretation and explanation for “Norms” and stipulates enterprises to implement “Norms” from July 1, 2009.
4.2. Preliminary Model of XBRL Taxonomy about Internal Control Report
This paper sets up the preliminary model of XBRL taxonomy about internal control report according to “Basic Norms for Enterprises’ Internal Control”, as shown in the following Tables 1-5.
5. Conclusions
In recent years, enterprises’ internal control has attracted widespread attention. Internal control plays a key role
Table 4. Information and communication.
in improving the internal management of enterprises, protecting the integrity of their assets, preventing and controlling various risks. COSO report and SOX act make requirements for enterprises to disclose information of internal control. The Ministry of Finance of China and other four departments jointly issued “Basic Norms for Enterprises’ Internal Control” in 2008. It requires listed companies to disclose self-assessment report and attestation report of internal control. But actually, there are some problems on the design and disclosure of internal control. The characteristics and application of XBRL offers a new opportunity for enterprises to strengthen their internal control.
Based on national laws and regulations of internal control, this article analyzes advantages of using XBRL as a disclosure measure of enterprises’ internal control report and sets up preliminary model of XBRL taxonomy about internal control report to provide a comparable basis for full implementing “Applicable Guidelines for Enterprises’ Internal Control”. The preliminary model is also the core and contribution of this article.
But this research is not in depth. With the continuous improvement of XBRL taxonomy, the interoperability of it is also growing constantly. In 2007, the Securities and Exchange Commission (SEC), Japan’s Financial Service Agency (FSA) and the International Accounting Standards Committee Foundation (IASCF) jointly launched “Interoperable Taxonomy Architecture”. Therefore, when we are setting up XBRL taxonomy about internal control, we should fully consider the interoperability of XBRL taxonomy. This is a direction of our further research.