Twenty-one years ago, the U.S. Securities and Exchange Commission began the first of a series of “Internet Securities Fraud Sweeps”[1], bringing enforcement actions against individuals and companies across the United States for committing fraud over the Internet and deceiving investors around the world. The SEC’s Cyber Fraud website[2], set up as part of those sweeps and last updated in 2011, sounds as relevant today as it was then – especially when applied to cryptocurrencies.

I did not think that XBRL was going to be a solution to every problem; “pump and dump” and spam or most of the other exploits go beyond the domain. There was, however, one issue I hoped XBRL could make better: providing trust to the reader when corporate reporting data is included in a later report. This is the item I listed in my August blog entry of as yet unfulfilled goals for XBRL:

Setting data free; creating that “gossamer thread” so reported and assured facts can be traced from later re-publication back to some original source, including audit documentation

As an investor, you see a number on the Internet about a company’s performance.

Now you want to do some due diligence. You use your favorite search engine to try and find that company’s web site. You look for the investor relations pages. You try to find an entry or report that substantiates the information. You are probably interested in whether there is any additional context necessary to better understand it. (The old “numbers can jump when the company is a going concern” concern.)

Is the relevant report audited? By whom? With what opinion?

What if a number on a web page contained an unambiguous cross-reference back to its original, authoritative source with instantaneous access to necessary contextual information? That’s the goal.

Here’s what I wrote in 2007[3] for the World Wide Web Consortium on the topic:

The Case of the Sticky Assurance

An investor sees a press release with the quarterly sales results from a company they have considered investing in. The numbers look very promising; are they too good to be true? Are they what the company reported?

In the past, the investor would choose some more "authoritative" sources to verify the number. They would go to the EDGAR system and search for a filing from the company. Alternatively, they would try to find the investor relations section of the corporate web site to also look for the filing.

In the new authentic XBRL environment, the investor right-clicks on the number to see if there are any assurance attributes that have been provided. Indeed, the fact does have assurance attributes (as well as links to some analyst reports). The investor clicks to see that the number was drawn from the 10Q filed with the SEC (with the ability to drill to the text on the EDGAR site or to load the XBRL version of the 10Q into their [XBRL-enabled] spreadsheet). They can also see instantly from the signatures on the facts that the facts were signed by management and the external auditor, the level of assurance the auditor provided on the XBRL representation of the facts (either individually or pointing to the original document from which the individual fact was drawn) and also see the type of assurance that was provided on the source document represented by the XBRL document.

[1] https://www.sec.gov/reportspubs/investor-publications/investorpubscyberfraudhtm.html

[2] https://www.sec.gov/reportspubs/investor-publications/investorpubscyberfraudhtm.html

[3] http://www.w3.org/2007/xmlsec/f2f-2007-11-08/BusReq_711072.pdf