The transparency afforded by XBRL, or eXtensible Business Reporting Language, could have alerted financial institutions to the dangers lurking in complex credit derivatives, says Philip Moyer, chief executive of Edgar Online, which sells an XBRL filing service. "In the asset-backed security market, it's exceptionally difficult to find out what loans sit in portfolios," he says. "It's like going to the grocery store and not being able to read a product's ingredients." It was this lack of clarity, most experts agree, that precipitated the global economic meltdown. Applying XBRL to risk reporting means that specific tags can be assigned to basic terms used in describing risk and internal control frameworks, like BASEL II and COSO ERM (Committee of Sponsoring Organizations' Enterprise Risk Management integrated framework), says Michael Rost, vice president of marketing at governance, risk and compliance (GRC) technology provider Paisley.
As a result, XBRL "has the potential to be a standardized, generic and holistic way of representing risk and control information internally across business silos and externally to provide increased transparency and comparability between companies," he says.
First, however, industry standard groups have to drive creation of common specifications. The Open Compliance and Ethics Group (OCEG), a nonprofit organization devoted to spreading GRC applications, has been working on a risk taxonomy since it received the green light from XBRL International in September to use the language.
Testing is currently in progress and the catalog of classifications according to a pre-determined system could be ready by the end of the year, says Lane Leskela, OCEG vice president for technology programs.
"Currently, the risk taxonomy focuses on operational risks such as catastrophic loss risk, financial markets risk, sovereign/political risk, capital availability risk and board effectiveness risk," Leskela explains.
That's because the taxonomy grew from work to improve the capture of information used in internal audits. Using XBRL, qualitative risks and controls can also be tracked for operational non-financial processes, such as compliance with legal obligations, internal fraud and business execution risks, she says.
Once the risk taxonomy passes the use tests, it will be reviewed by XBRL International's Technical Standards Board and Taxonomy Recognition Review Committee. If approved, the related documents will be freely available through the OCEG and XBRL International website.
How soon XBRL will be widely adopted depends on whether companies find the current financial crisis sufficient motivation to improve risk reporting or need a regulatory push.