Won Gyun No

The Effect of First Wave Mandatory XBRL Reporting across the Financial Information Environment.

ABSTRACT: This study examines the effect of mandatory XBRL disclosure across various aspects of the financial information environment. Our findings show an increase in information efficiency, a dec...

Assurance on XBRL-Related Documents: The Case of United Technologies Corporation

ABSTRACT: The eXtensible Business Reporting Language (XBRL) was developed to provide financial information users with a standardized method to prepare, publish, and exchange business information in digital format. XBRL is being used around the world for financial reporting and government e‐filings. Although there has been growing awareness about assurance issues related to the use of XBRL, current audit practices and standards fall short of providing the needed guidance for the provision of assurance on XBRL‐Related Documents. In this paper, we report on a mock assurance engagement that we conducted on the XBRL‐Related Documents of United Technologies Corporations 10‐Q for the third quarter of 2005 and repeated on its 10‐Q for the third quarter of 2008 to identify the issues that companies and auditors might encounter if they are requested to provide assurance on XBRL‐Related Documents. We describe the assurance framework applied in the mock assurance engagement, present the findings from the examination...

XBRL Implementation: A Field Investigation to Identify Research Opportunities

ABSTRACT:  The Securities and Exchange Commission (SEC) recently mandated that publicly traded companies furnish their financial statements in XBRL format. However, researchers and practitioners question whether companies are adequately prepared to implement XBRL, and whether software tools and guidance exist to lead preparers through the process of creating XBRL-related documents. This paper describes how early mandate adopters implemented XBRL reporting. Four themes emerged from our analysis: management support and involvement, implementation approach, organizational readiness or expertise, and control over the XBRL reporting process. Our study contributes to a more complete understanding of how companies implement XBRL by providing a basis for accounting researchers to identify current implementation issues and future research opportunities. Furthermore, we provide educators with a characterization of how companies implement XBRL, thereby facilitating their classroom coverage of this important topic. D...

Assurance Reporting for XML-Based Information Services: XARL (Extensible Assurance Reporting Language)

Extensible Business Reporting Language (XBRL) is an XML-based method for financial reporting. XBRL was developed to provide users with an efficient and effective means of preparing and exchanging financial information over the Internet. However, like other unprotected data coded in XML, XBRL (document) files (henceforth, documents) are vulnerable to threats against their integrity. Anyone can easily create and manipulate an XBRL document without authorization. In addition, business and financial information in XBRL can be misinterpreted, or used without the organizations consent or knowledge. Extensible Assurance Reporting Language (XARL) was initially developed by Boritz and No (2003) to enable assurance providers to report on the integrity of XBRL documents distributed over the Internet. Providing assurance on XBRL documents using XARL could help users and companies reduce the uncertainty about the integrity of those documents and provide users with trustworthy information that they could place warranted reliance upon. A limitation of the initial conception of XARL was its tight linkage with the XBRL document and the comparatively primitive approach to codifying the XARL taxonomy. In this paper, we have reconceptualized the idea of XARL as a standalone service for providing assurance on potentially any XML-based information being shared over the Internet. While our illustrative application in this paper continues to be XBRL-coded financial information, the code that underlies this version of XARL is a significant revision of our earlier implementation of XARL, is compatible with the latest version of XBRL, and moves XARL into the Web services arena.

SEC's XBRL Voluntary Program on Edgar: The Case for Quality Assurance

XBRL (eXtensible Business Reporting Language) was developed to provide users with an efficient and effective means of preparing and exchanging financial information over the Internet. After years of development, XBRL is now in the implementation stage, with many companies, governments, regulators, and stock exchanges around the world implementing or planning to adopt XBRL for electronic filing of financial statements. In this paper, we examine the XBRL fillings in the SECs XBRL Voluntary Filing Program (VFP) on EDGAR from its inception to December 31, 2007 and report findings from our observations and validation tests. We identify persistent and increasing quality control and assurance issues pertaining to the filings under the VFP and discuss potential countermeasures needed to ensure that XBRL filings are reliable and gain user confidence and acceptance.

Internet Privacy in E-Commerce: Framework, Review, and Opportunities for Future Research

Increased Internet traffic and the sophistication of companies in tracking that traffic have made privacy a critical issue in electronic commerce (e-commerce). This has spawned a number of research works addressing Internet privacy from the perspectives of three main stakeholders - customers, companies and governments, as well as the interactions among them. The purpose of this paper is to analyze the extant studies and develop an understanding of the relationships among them. Accordingly, we review the research on Internet privacy in e-commerce that has been conducted in the fields of information systems, business, and marketing. We develop a framework for classifying the studies, review key findings, and identify opportunities for future research.

Internet Privacy Research: Framework, Review and Opportunities

Increased Internet traffic and the sophistication of companies in tracking that traffic have made privacy as a critical issue in electronic commerce (e-commerce), and in turn spawned a number of research works in the literature. Despite this, what is lacking is an effort to understand the relationships among the various studies. The purpose of this paper is to consider the fields of information systems, business and marketing, and provide a framework for the research works that have dealt with three main stakeholders, namely customer, company and government, as well as the interaction arising among them. We review the literature and identify opportunities for future research.

A Gap in Perceived Importance of Privacy Policies between Individuals and Companies

Although several studies have examined individuals’ privacy concerns and companies’ privacy policy disclosures, only a few studies examined whether customers’ privacy concerns are adequately addressed in companies’ privacy policy disclosures. This study investigates companies’ privacy policy statements and important privacy policies that individuals want to know. We examine the privacy policy statements of 136 companies from the U.S. and Canada and relate them to the results of a Web-based user survey of 210 respondents. Our findings reveal a difference in companies’ privacy policies between the U.S. and Canada and a gap between what privacy policies individuals value and what companies emphasize in their privacy policy statements.

SEC's cybersecurity disclosure guidance and disclosed cybersecurity risk factors

Cybersecurity risk disclosure has received great attention in the past several years, especially after the passage of the Securities and Exchange Commissions (SECs) cybersecurity disclosure guidance published on October 13, 2011. In this study, we examine the usefulness of cybersecurity-related risk factors disclosed in 10-K filings. We document that the presence of these risk factors in the pre-guidance period and length of these risk factors are related to future reported cybersecurity incidents. The association between the presence of cybersecurity risk disclosure and subsequently reported cybersecurity incidents becomes insignificant after the passage of the SECs cybersecurity disclosure guidance. Our findings, in general, support the SECs decision on emphasizing cybersecurity risk disclosure. However, SECs disclosure guidance may unintentionally encourage firms to disclose cybersecurity risks regardless of the level of risks.

Are External Auditors Concerned About Cyber Incidents? Evidence from Audit Fees

While the importance of addressing cybersecurity risks and cyber incidents is widely acknowledged, there is no explicit requirement by regulators or audit standard setters for auditors to do so. This paper investigates 1) whether external auditors respond to cyber incidents by charging higher audit fees, 2) whether they anticipate and price material cybersecurity risk before cyber incidents occur, and 3) whether increases in audit fees for firms experiencing a cyber incident in the current period are associated with subsequent cyber incidents. We define cyber incidents as cyber-attacks that are initiated by hackers as distinct from various other information security and privacy breaches where the consequences are far less severe than those resulting from attacks by hackers. We find that only cyber incidents are associated with increases in audit fees and that the association is driven by more severe incidents. We also provide some evidence that increases in audit fees are smaller for firms with prior cybersecurity risk disclosure after 2011 when the SEC issued cybersecurity disclosure guidance. Finally, larger increases in audit fees for firms experiencing cyber incidents in the current period are associated with a lower likelihood of subsequent cyber incidents.