Standards don't become standard practice overnight. That is certainly true for the eXtensible Business Reporting
Language (XBRL), a standard format for the electronic financial reporting of business information that got its start in 1998.
So far, the biggest push domestically for XBRL financial reporting has come from the U.S. Securities and Exchange Commission (SEC), which under former chairman Christopher Cox championed the standardized format and is phasing in an XBRL mandate for financial statements. European Union countries, as well as China and Japan, have had XBRL mandates in place for several years.
While such major software vendors as SAP AG and Oracle Corp. are incorporating XBRL into their enterprise resource management applications, and any number of companies sell XBRL tagging and retrieval tools, the private sector has been slow to invest much time or effort into using the electronic reporting standard, according to early adopters. A new XBRL taxonomy that's coming soon for governance, risk and compliance (GRC) may help accelerate adoption, however.
Find technologists and financial experts who have played around with XBRL reporting, however, and usually two points come up: Its usefulness extends well beyond financial reports, and it remains a hard sell to management.
A chicken-and-egg question
"Intuitively, you know that XBRL can be used for a multitude of purposes," said John Stantial, assistant controller at United Technologies Corp., the Hartford, Conn.-based manufacturer whose products range from Carrier air conditioners and Otis elevators to Sikorsky helicopters.
However, convincing upper management to invest in the standard remains a hard sell, Stantial said, not only because the format "is hard to explain" to people who haven't actually used it, but also because examples of companies using XBRL for internal purposes are so scarce.
"It is still kind of an arcane concept to 99.9% of the people, including our senior management, who, when you mention XBRL, really only understand it as something we have to do for the SEC," Stantial said.
"It is hard from a hypothetical basis to say, 'I can take this tool and can apply it this situation and get these results in this amount of time and for this amount of cost,'" Stantial said. "It's kind of a chicken-and-egg question," he said, that XBRL supporters can't get the approval to spend money to do something unless they can already show it works without spending money.
Intuitively, you know that XBRL can be used for a multitude of purposes. … It is still kind of an arcane concept to 99.9% of the people, including our senior management.
John Stantial, assistant controller, United Technologies Corp.
Stantial began seeing the possibilities of XBRL about five years ago, when United Technologies joined the SEC's voluntary XBRL program. "We were one of the first ones in," he said. The company's team "pushed all the angles" on XBRL for SEC reporting, including some that were not required.
"We went ahead and tagged things like Management's discussion and analysis (MD&A), which you didn't have to. We had it audited, just to see what that would be like, and so forth," Stantial said, adding that when the SEC finally mandated XBRL for certain kinds of financial reporting for the nation's largest companies, "it was no big deal for us."
Stantial now is exploring using XBRL to streamline the data United Technologies collects from its worldwide businesses for the company's annual reports. Now each business collects the data from its own systems, compiles it into something like Excel and uploads it into a homegrown system. Developing the XBRL tags for the 100 to 200 data points needed, and setting these tags atop whatever system each business uses "will take out a lot of manual effort" and reduce errors, he said. He also is investigating how XBRL could be used to give the company better visibility into its working capital around the world.
Companies will find all kinds of ways to use XBRL reporting once they start using it, according to Stantial. "The whole concept of XBRL was never really designed just for the SEC," he said.
XBRL for governance, risk and compliance
XBRL also may be quite helpful for companies determined to improve and integrate their GRC efforts.
At least that is the view of the nonprofit Open Compliance & Ethics Group (OCEG), a Phoenix-based think tank that has joined the international effort to leverage XBRL for business and other kinds of reporting. Later this quarter, in fact, the OCEG is launching a beta version of its GRC-XML taxonomy, a common language for risk and controls that leverages the XBRL standard.
"How is a GRC-XML taxonomy going to help a given corporation? Any company that wants to be able to integrate the documentation and the reporting of controls with the systems that test and measure the effectiveness of those controls will be helped," said Said Tabet, co-chair of the OCEG Technology Council.
Externals auditors, who today rely mainly on mountains of raw data and paper documentation to do their jobs, also will be helped by a GRC program that leverages a common language of risk and controls, according to Tabet. And those are just two scenarios.
The OCEG, whose primary mission is provide guidelines and standards for enhancing GRC processes, asserts that its GRC-XML taxonomy gives a corporation the potential to:
- Standardize on a common language of risk and control
- Compare the results of risk and control initiatives between companies
- Integrate information between various GRC systems
Any CIO moving to a new enterprise architecture aimed at breaking down information silos needs to look at how the GRC-XML standard fits in to that strategy, according to Tabet.
The future of XBRL?
Early adopters said they expect the internal use of XBRL to accelerate over the next several years but ramp up slowly. Even the SEC regulatory impetus took a lot of time, Stantial said.
"When you think of how long it took to get the rule out -- all told, close to 10 years. Even with the four years of a voluntary filing program, out of 10,000 public registrants, only some 140 or so companies participated over the entire span of four years," Stantial pointed out. The largest companies began filing last year, and another wave starts this year, but many companies still hope the mandate goes away, in Stantial's view.
"If you have that much natural apathy in the marketplace, it is really hard to take that quantum leap to the next," Stantial said.
Once a sizeable number of companies meet the mandate and use XBRL reporting, however, the standard should sell itself, Stantial and other adopters said. Analysts will understand how the standard allows them to slice and dice data from many companies, and companies will find ways to use it internally.
"Once you have a constant stream of reliable data, four quarters, eight quarters worth, then the analysts can start linking their models, because you have a consistent supply of a wide base of information. Then I think you'll see this take a quantum leap forward then," Stantial said.