“convergence, communication and interactive data” december 3-6, 2007 vancouver, british...
TRANSCRIPT
![Page 1: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/1.jpg)
“Convergence, Communication and Interactive Data”December 3-6, 2007
Vancouver, British Columbia, Canada
![Page 2: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/2.jpg)
Internal Reporting Track XBRL application to Internal
Controls
December 4th, 2007Yuji Furusho
CISA (Certified Information Systems Auditor)Fujitsu Limited
![Page 3: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/3.jpg)
Background Annual documentation and evaluation of Internal Controls are
“formal activities” for listed companies in the following countries:◦ U.S. - Sarbanes and Oxley Act (so-called SOX)◦ Canada - Bill-198 / Regulation 52-109◦ Japan - Financial Products Exchange Act (so-called J-SOX)◦ Korea, France, etc.
Evaluation of Internal Controls in accordance with the significance of the impact on the financial statements is key.◦ This means that evaluation of the internal controls should
be consistent with the significance of related accounts, and therefore consistent with the ultimate impact in the financial statements.
- 1 -
![Page 4: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/4.jpg)
Basic Idea 1 Enterprise Model – connecting FS, GL, and
business process
Financial Statement (PL) sales (BS) A/R (BS) inventory ┆
General Ledger
Hardware sales Maintenance sales ┆ ┆ ┆
Sales Process- Head Quarter- related accounts:
(n) risk (n) control ┆
(PL) sales
Software sales
Software sales
Sales Process- North Region- related accounts:
(n) risk (n) control ┆
Software sales
A/R - Software
A/R - Software
- 2 -
![Page 5: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/5.jpg)
Basic Idea 2 Internal Control Taxonomy to handle non-financial
business process information. ◦ Definition of “Control Objective”, “Risk”, and
“Control Activity” in a business process. ◦ “Design effectiveness”, “Operational
effectiveness”, and “Remediation plan/status” as values.
◦ Utilization of “COSO elements” For comprehensive Risk/Control identification. For focusing not only “Risk” but also “Opportunity”.
- 3 -
![Page 6: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/6.jpg)
Internal Control Taxonomy Architecture
Instance Document
locationprocess
coso: activity
(n) subprocess
Fixed element
s
COSO element
s
related acct
key controlresult (score)
result (narrative)
remediation
status
issue
F,O,C,S
Internal Control Dimension
(n)control activityrelated
assertion(n)control activity
・ incomplete evidence・ control exception ( exception on
approval, processing, etc.)
assertion
- 4 -
Company
Extension
(n)risk (n)risk
(n)control objective (n)control objectiveF,O,C
![Page 7: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/7.jpg)
COSO Taxonomy – activities in COSO tool 25 activities illustrated in COSO tool.
1/Activity : INBOUND2/Activity : OPERATIONS 3/Activity : OUTBOUND 4/Activity : MARKETING AND SALES 5/Activity : SERVICE 6/Activity : PROCUREMENT 7/Activity : TECHNOLOGY DEVELOPMENT 8/Activity : HUMAN RESOURCES 9/Activity : MANAGE THE ENTERPRISE10/Activity : MANAGE EXTERNAL RELATIONS11/Activity : PROVIDE ADMINISTRATIVE
SERVICES 12/Activity : MANAGE INFORMATION TECHNOLOGY13/Activity : MANAGE RISKS 14/Activity : MANAGE LEGAL AFFAIRS
15/Activity : PLAN16/Activity : PROCESS ACCOUNTS PAYABLE 17/Activity : PROCESS ACCOUNTS RECEIVABLE 18/Activity : PROCESS FUNDS19/Activity : PROCESS FIXED ASSETS 20/Activity : ANALYZE AND RECONCILE21/Activity : PROCESS BENEFITS AND RETIREE INFORMATION 22/Activity : PROCESS PAYROLL 23/Activity : PROCESS TAX COMPLIANCE 24/Activity : PROCESS PRODUCT COSTS 25/Activity : PROVIDE FINANCIAL AND MANAGEMENT REPORTING
- 5 -
![Page 8: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/8.jpg)
Basic Idea 3 Using element / value to “link” taxonomies;
◦ FR taxonomy and GL taxonomy“xbrlinfo” elements in GL taxonomy
◦ GL taxonomy and IC (Internal Control) taxonomy“relatedAccount” element in IC taxonomy
sales: “682,xxx”
GL xbrlinfo:
FR sales:
xbrlinfo: “sales”
taxonomy
instance
accountMainID: “EX00100”
IC relatedAccount:
GL accountMainID:
relatedAccount: “EX00100”
taxonomy
instance
- 6 -
![Page 9: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/9.jpg)
Implementation Model The following “FS – GL (Trial Balance) – IC” model
has been adopted for Proof-of-Concept.
Financial Statement (PL) sales (BS) A/R (BS) inventory ┆
General Ledger
┆
Journal Entry
┆
Trial Balance (by location)
(PL) sales (BS) A/R (BS) inventory ┆
Internal Controllocation x process related accounts (n) risk (n) control ┆
locationdefinition
acct-processmappingDefinition
using Dimension
alTaxonomy
aggregation
- 7 -
![Page 10: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/10.jpg)
IC Taxonomy Architecture 1 Overall Structure
Process Information• Process• Location• Related Accounts etc.
Sub-Process Information• Control Objective• Risk• Control Activity• Key Control etc.
n
1
Evaluation and Remediation• Design Effectiveness• Operational Effectiveness• Remediation Plan
etc.
11
- 8 -
![Page 11: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/11.jpg)
IC Taxonomy Architecture 2 “Process Information” section
Process Information
process
location
related accounts
Sales Process
Software Service Dept.
Sales, Account Receivable
【 Sample 】
- 9 -
![Page 12: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/12.jpg)
IC Taxonomy Architecture 3 “Sub-Process Information” section
Sub-process AX05_Sales & billing
Step Safaia/FOCS sales: COSO elements
activity
PROCESS ACCOUNTS RECEIVABLE
sub-activity
-
controlobjective
Accurately record all authorized sales returns and allowances and only such returns and allowances
risk
Inaccurate input of data
control activity(sample)
Mail customer statements periodically and investigate and resolve disputes or inquiries, by individuals independent of the invoicing function
section
- financial reporting- operation- compliance
section
- safeguarding asset
assertion
risk-risk ID-risk
assertion
control activity-control ID -control-control method (manual/auto)-evidence/related documents
- 10 -
![Page 13: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/13.jpg)
IC Taxonomy Architecture 4 “Sub-Process Information” section – “risk”
risk
COSO elements
company expansion assertion
risk ID risk existence complete-ness
rights and obligation evaluation allocation
and cut-off
presentation and
disclosure
Inaccurate input of data
Rxxxxxx
--- ------ --- ------------------ ------- --------- ----------- - -- --- -------.
Y Y
- 11 -
![Page 14: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/14.jpg)
IC Taxonomy Architecture 5 “Sub-Process Information” section – “control activity”
control activty
(sample)
control activity
control ID control
method of controlperson
in charge
evidences related manuals and rule documets assertion
manual automatic
Mail customer statements periodically and investigate and resolve disputes or inquiries, by individuals independent of the invoicing function
Cxxxx
--- ---- -- ---- ---------- -- - ----- -------------- --- -------- ------- --.
Y Leader of xxx Dept
1. Request Form
1) ------------2) ----- ------3) ---------
-existence-complet- eness-rights and obligation-evaluation-allocationand cut-off-Presenta- tion anddiscloture
- 12 -
![Page 15: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/15.jpg)
IC Taxonomy Architecture 6 “Evaluation and Remediation” section
design effectiveness
- date- person in charge of evaluation- results - score- results - narrative
key control
- yes / no (Boolean)
operational effectiveness
- date- person in charge of evaluation- population- number of samples - results - score- results - narrative
remediation
- person in charge of evaluation- summary- due date
- 13 -
![Page 16: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/16.jpg)
IC Taxonomy - Technical Consideration Use of “dimensionItem”
◦ Multi dimension of “Control Objective”, “Risk”, and “Control Activity”
Use of Reference Link◦ Use of “part element”, setting Boolean value;
Control objective: F/R, O/R, C, S/A Assertion: Ex, C, R/O, Ev, A/C, P/D Type of Control: Manual, Automatic
- 14 -
assertion – E/O
- yes / no (Boolean)Risk Reference Link
Evaluation
Control Objective 1 Risk 1 Control Activity 1
Control Activity 2
Risk2 Control Activity 3
![Page 17: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/17.jpg)
Merit of Enterprise Model Consistent and effective risk management for Financial Reporting
by balancing financial risk significance and control importance.
FR to GL
GL to IC
- 15 -
![Page 18: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/18.jpg)
Merit of Enterprise Model - Scenario 1 Identify and understand internal control implications on
significant accounts – (Where and what kind of issues, etc. )
Financial Statement Internal Control▷ ▷ ▷
A/R Location A: A/R
Location B: A/R
15 %
75 %
process department
score issue
- 16 -
![Page 19: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/19.jpg)
Merit of Enterprise Model - Scenario 2 Identify and understand accounts affected by internal
control issues.
Internal Control Financial Statement▷ ▷ ▷
Location A: A/R
Location B: A/R
A/R
15 %
75 %
process department
score issue
deficiencies
- 17 -
![Page 20: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/20.jpg)
Merit of XBRL application Flexible definition and evaluation through taxonomy.
1. Relationship among “Control Objective”, “Risk”, and “Control Activity” using dimensional model
Evaluation of “Control Objective” and “Control Activity” relationship, skipping “Risk” element, or evaluation of “Risk” and “Control Activity” relationship, skipping “Control Objective”
2. “Risk” or “Control Activity” evaluation with respect to specific “Control Objective”
A company may want to focus on “Financial Reporting” objective, while other may want to include “Operational Effectiveness” objective.
3. Identification of compensating controls “Control Activity” relevant to “Risk” by evaluating
“Related Assertion”
- 18 -
![Page 21: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/21.jpg)
Merit of XBRL application 1 - dimensional model Dimensional definition of “Control Objective”, “Risk”, and
“Control Activity”.
- 19 -
![Page 22: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/22.jpg)
Merit of XBRL application 2 - focusing on “Control Objective” Flexible evaluation of “Risk” and “Control Activity” focusing
on “Control Objective” – Company may want to focus on “Financial Reporting” for SOX auditing purpose.
- 20 -
Financial Reporting - yes / no (Boolean)Control Objective Reference Link Operational Effectiveness - yes / no (Boolean)
Compliance - yes / no (Boolean)
Safeguarding Asset - yes / no (Boolean)Control Objective Reference Link
COSO Taxonomy
Company Extension
“part” element
“part” element
![Page 23: “Convergence, Communication and Interactive Data” December 3-6, 2007 Vancouver, British Columbia, Canada](https://reader030.vdocuments.us/reader030/viewer/2022032604/56649e5d5503460f94b5559b/html5/thumbnails/23.jpg)
Merit of XBRL application 3 – compensating control Compensating controls may be identified through “assertion”
attributes assigned to “Risk” and “Control Activity”.◦ In cases of effectiveness failure of key controls,
compensating controls may be identified along with assertions assigned to them.
Risk
E/OY
CY
V/AY
R/O-
P/D-
assertion
Control 1 - key
E/OY
CY
V/A-
R/O-
P/D-
related assertion
E/OY
CY
V/A-
R/O-
P/D-
related assertion
failure
Find “Compensating control”Control 2 – non-key
- 21 -