
                              XBRL and Encryption


                               Eric E. Cohen, CPA

                             Dr. Aaron J. Ferguson

XBRL

?    The AICPA's XBRL project
?    XML-based (Extensible)
?    Financial and business reporting vocabularies
?    Business Reporting
?    Reporting Language
?    Required and generally practiced disclosure


Organization

?    Started by AICPA
?    Now a 70+ organization consortium
?    Stakeholders in the business reporting marketplace
Participants in XBRL.org Today


Developer Stakeholders: ERP

?    ACCPAC
?    ACL
?    Best
?    Caseware
?    eLedger
?    ePace
?    Epicor
?    FRx
?    Great Plains
?    Hyperion
?    Lawson
?    MIP
?    Navision
?    Netledger
?    Oracle
?    PeopleSoft
?    Sage
?    SAP


XBRL Working Model:  Strategic Direction

Instant Information

?    Speeding up the information pipeline
?    Analyzed and prepared by finance efficiently
?    Exchanged with trading partners reliably
?    Published by investor relations easily
?    Analyzed by wall street quickly
?    Retrieved by investors simply
Today: Convolution

Process Benefits:

Lowering Financial Reporting Cost

?    Today's external reporting processes
?    Rework and delay
?    Ad hoc and non repeatable
?    No path forward
Process Benefits:

Lowering Financial Reporting Cost

?    Common interchange format and storage is good information management
practice
?    Reduces redundancies & discrepancies
?    Repeatable processes using tools
?    A platform for continuous reporting
Roadmap for FR Taxonomies

XBRL Taxonomies Under Development


?    Commercial and Industrial Companies, US GAAP - Published
?    Federal Departments, US
?    Mutual Funds, US
?    Financial Institutions, US
?    Commercial and Industrial, IASC
?    Commercial and Industrial, German GAAP
XBRL Taxonomies Under Development

?    Commercial and Industrial, Canadian GAAP
?    Commercial and Industrial, Australian GAAP
?    Commercial and Industrial, New Zealand GAAP
?    Commercial and Industrial, Singapore GAAP
?    Financial Institutions, Australian GAAP
?    Public Sector, Australian GAAP
?    General Ledger Transactions
XBRL Development & Adoption


                            Put It All Into Action!


Instance Document

?    Representing data
?    Measurable aspects of reporting entities
?    At instant or for a period
?    Flexible and adaptable
?    For present and future needs
Instance Document

?    Can express
?    A single item (e.g., funds) or multiple financial statements
?    Good news?
?    So flexible you can do anything
?    Bad news?
?    So flexible you can do anything
?    Challenges
?    Not traditional hierarchical, DTD-based, element-oriented, but
attribute-oriented, XSchema used to supply vocabularies, structure
XBRL Instance Document

XBRL Taxonomy Schema

Encryption scenario

?    Published taxonomies are public. Company XYZ extends public schema with
custom taxonomy. How can this information be kept private?
?    GL detail taxonomy provides greater detail than CI taxonomy. How to make CI
detail available to all, but GL only available to managers?
?    Prior published data is public, but this year's data is private ? not yet
published, being worked out. How can we make sure this year's info is kept
private?
Encryption questions

?    XBRL Schema controlled by Namespaces
?    How can Namespaces be used to control access?
?    XBRL hierarchy controlled by extensions to XML Schema
?    How can information be limited by "levels"?
?    How can XML Schema be encrypted; how can encrypted data be validated
against XML Schema
?    XBRL is controlled by attributes
?    How fine will attribute level encryption work?
?    XBRL is multinational
?    Export limitations
Encryption questions

?    XBRL may be used for real time feeds to analysis tools or web sites or be
static
?    Different needs for encryption?
Other questions

?    Patents
?    AES (www/nist.gov/aes/), Triple DES, method agnostic
?    Export rules
?    Streaming XML (as may be used in continuous auditing) versus "Archived" or
file-oriented (XPath node sets)
Trade Offs

?    Processing speed, data size (transmission speed, potential problems with
limited memory in WAP/PDA devices), speed of encryption/decryption, complexity
of parser programming needed to manage or recognize encrypted data, knowing how
to handle encrypted data, can it be decrypted, should it be decrypted, should
the decrypted results be left in cache or memory]
Other questions

?    Time/date authentication
?    PMI requirements
?    Tracking the original specified recipientU
?    User interface issues
?    Compression and encryption
?    Validating against DTD/Schema
?    Encryption and virus scares
?    Encryption and decryption using XSL and other XML-standard tools only
Other questions

?    Red herring into files to mask encrypted XML
?    Can we ensure that no one makes changes to namespaces?
?    Passwords be available for individuals, groups, companies, devices, roles,
mailing lists
?    Move beyond elements and attributes to other information? If we have an
attribute lang="en" and wish to lock people out by the value of the lang
attribute?
?    Does that mean we have to lock them out be element values as well?
Questions?

?    Eric E. Cohen, CPA
?    PricewaterhouseCoopers LLP
?    117 Rossiter Road, Rochester NY 14620-4127 USA
?    716.271.4070
?    Internet
?    Eric.E.Cohen@us.pwcglobal.com