ISO 21378:2019

INTERNATIONAL ISO
STANDARD 21378
First edition
2019-11
Audit data collection
Collecte des données d’audit
Reference number
©
ISO 2019
© ISO 2019
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved

Contents Page
Foreword .vi
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Modules, tables and fields . 3
4.1 General . 3
4.2 Naming conventions . 4
4.3 Representation and datatype of data elements . 6
4.4 Base module . 8
4.4.1 General. 8
4.4.2 BAS_Business_Segment . 8
4.4.3 BAS_Business_Segment_Hierarchy . 8
4.4.4 BAS_Employee . 9
4.4.5 BAS_User .10
4.4.6 BAS_Customer_Type .11
4.4.7 BAS_Customer .12
4.4.8 BAS_Supplier_Type .15
4.4.9 BAS_Supplier .16
4.4.10 BAS_Chart_Of_Accounts .18
4.4.11 BAS_Accounting_Period .20
4.4.12 BAS_Journal_Entry_Type .20
4.4.13 BAS_Bill_Type .21
4.4.14 BAS_Settlement_Method .22
4.4.15 BAS_Currency.22
4.4.16 BAS_Measurement_Unit .23
4.4.17 BAS_Payment_Term .24
4.4.18 BAS_Project .24
4.4.19 BAS_Bank_Account .25
4.4.20 BAS_Tax_Regulatory .26
4.4.21 BAS_Tax_Type .27
4.4.22 BAS_Customized_ACC_Segment .28
4.4.23 BAS_Customized_ACC_Value .29
4.4.24 BAS_Profile .30
4.4.25 Base standard data questionnaire .32
4.5 General Ledger module .33
4.5.1 General.33
4.5.2 GL_Trial_Balance .34
4.5.3 GL_Details.37
4.5.4 GL_Source .42
4.5.5 GL_Account_Segment .43
4.5.6 GL_Accounts_Period_Balance .45
4.5.7 GL standard data profiling report .48
4.5.8 GL standard data questionnaire .49
4.6 Accounts Receivable module .50
4.6.1 General.50
4.6.2 AR_Open_Accounts_Receivable .51
4.6.3 AR_Cash_Received . .55
4.6.4 AR_Cash_Application .59
4.6.5 AR_Adjustments .62
4.6.6 AR_Adjustments_Details.68
4.6.7 AR standard data profiling report .72
4.6.8 AR standard data questionnaire .73
4.7 Sales module .73
4.7.1 General.73
4.7.2 SAL_Contracts .74
4.7.3 SAL_Contracts_Details .76
4.7.4 SAL_Orders .79
4.7.5 SAL_Orders_Details .81
4.7.6 SAL_Invoices_Generated .84
4.7.7 SAL_Invoices_Generated_Details .89
4.7.8 SAL_Shipments_Made .92
4.7.9 SAL_Shipments_Made_Details .95
4.7.10 SAL standard data profiling report .97
4.7.11 SAL standard data questionnaire .98
4.8 Accounts Payable module .99
4.8.1 General.99
4.8.2 AP_Open_Accounts_Payable .99
4.8.3 AP_Payments_Made .103
4.8.4 AP_Cash_Application .107
4.8.5 AP_Adjustments .111
4.8.6 AP_Adjustments_Details .117
4.8.7 AP standard data profiling report .121
4.8.8 AP standard data questionnaire .122
4.9 Purchase module .122
4.9.1 General.122
4.9.2 PUR_Requisitions .123
4.9.3 PUR_Requisitions_Details .124
4.9.4 PUR_Contracts .126
4.9.5 PUR_Contracts_Details .128
4.9.6 PUR_Orders.131
4.9.7 PUR_Orders_Details .134
4.9.8 PUR_Invoices_Received .138
4.9.9 PUR_Invoices_Received_Details .142
4.9.10 PUR_Materials_Received .146
4.9.11 PUR_Materials_Received_Details .149
4.9.12 PUR standard data profiling report .151
4.9.13 PUR standard data questionnaire .153
4.10 Inventory module .153
4.10.1 General.153
4.10.2 INV_Location .154
4.10.3 INV_Product_Type .155
4.10.4 INV_Product .156
4.10.5 INV_On_Hand .159
4.10.6 INV_Transaction .162
4.10.7 INV_Physical_Inventory .167
4.10.8 INV_Period_Balance .170
4.10.9 INV standard data profiling report .172
4.10.10 INV standard data questionnaire .173
4.11 Property, Plant and Equipment module .173
4.11.1 General.173
4.11.2 PPE_Type .174
4.11.3 PPE_Master .175
4.11.4 PPE_Addition .178
4.11.5 PPE_Removal .181
4.11.6 PPE_Change .184
4.11.7 PPE_Department_Allocation .187
4.11.8 PPE_Depreciation_Method .187
4.11.9 PPE_Depreciation .188
4.11.10 PPE standard data profiling report .191
4.11.11 PPE standard data questionnaire .192
iv © ISO 2019 – All rights reserved

5 Syntax/technical format .193
5.1 General .193
5.2 Characteristics of flat files .193
5.3 Extension .193
5.4 Conventions of folder naming and file naming .193
5.5 Data file format convention in flat files .194
6 Transport/handling and versioning .195
6.1 Character encoding conventions .195
6.2 Versioning.196
6.3 Multi-platform and multi-system data transfer.196
6.4 File compression .196
Annex A (informative) Guidance on how to use the business segment table structure to
customize the extraction standard for client-specific needs .198
Annex B (informative) Guidance on how to use Account Segment .203
Bibliography .207
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www .iso .org/ patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to the
World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso .org/
iso/ foreword .html.
This document was prepared by Project Committee ISO/PC 295, Audit data collection.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www .iso .org/ members .html.
vi © ISO 2019 – All rights reserved

Introduction
Accounting and Enterprise Resource Planning (ERP) software packages are widely used in businesses
and by various government organizations to manage and track business processes, post transactions
and produce financial reports. Because of the nature of the information contained within the ERP
systems, the data are also leveraged by internal and external auditors to assess the business controls,
processes and financial reporting. There are numerous ERP packages that are used by businesses and
government organizations, which can vary greatly in design (e.g. interfaces, data content, data formats,
operational reports, management reports, financial reports). These and other design differences
present challenges in the collection of data for auditing supervision management purposes.
This document aims to resolve the common problems that auditors face when requesting data to
perform their audit procedures. The information contained within this document will help to improve
the accessibility and transparency of audit data, standardize the process of collecting audit data, avoid
duplicate efforts and save resources. The worldwide standardization of audit data content and formats
will enhance the effectiveness and efficiency of government, internal and external audits, and provide
benefits to related stakeholders.
This document focuses on major business modules of accounting and ERP systems that are typically
used in various organizations. These modules relate to major business processes, including the areas of
purchase, sales, inventory, fixed assets and financial reporting, with the aim to identify and specify the
data elements and file formats needed for auditing.
This document facilitates the use of analytics and enables regulatory bodies to better fulfil their
supervision responsibilities, external auditors to better perform their tasks of assurance, and internal
auditors to assist management in making more informed decisions.
The clauses in this document, including the Base (see 4.4), General Ledger (see 4.5), Accounts Receivable
(see 4.6), Sales (see 4.7), Accounts Payable (see 4.8), Purchase (see 4.9), Inventory (see 4.10) and
Property, Plant and Equipment (see 4.11) modules:
— provide guidelines and specifications for obtaining accounting data;
— define the content requirements of accounting data elements (e.g. fields and tables grouped into
modules);
— define the format requirements of data elements;
— specify data interface output files;
— provide thoughts for customizing the standard to meet the needs of the business structure and
process variances that can occur in some organizations.
INTERNATIONAL STANDARD ISO 21378:2019(E)
Audit data collection
1 Scope
This document establishes common definitions of accounting data elements and provides the
information necessary to extract relevant audit data.
NOTE For the purpose of this document, "audit" refers to an examination of an entity’s financial and financial
related records in order to check that they are fairly presented.
This document is applicable to the bridging of understanding among auditors, auditees, software
developers and IT professionals, and creating a mechanism for expressing the information, common
to accounting, in a manner independent of accounting and ERP systems. This document serves as a
foundation for local data extraction efforts in the areas of general ledger, accounts receivable, sales,
accounts payable, purchase, inventory, and property, plant and equipment.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 3166-1, Codes for the representation of names of countries and their subdivisions — Part 1: Country codes
ISO 3166-2, Codes for the representation of names of countries and their subdivisions — Part 2: Country
subdivision code
ISO 4217, Codes for the representation of currencies
ISO 8601-1, Date and time — Representations for information interchange — Part 1: Basic rules
ISO 9362, Banking — Banking telecommunication messages — Business identifier code (BIC)
ISO/IEC 14957:2010, Information technology — Representation of data element values — Notation of
the format
ISO 17442, Financial services — Legal entity identifier (LEI)
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminological databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
data
set of values of qualitative or quantitative variables
3.2
accounting data
transactions from ledgers and journals that support the financial statements
3.3
data element
basic unit of identifiable and definable data (3.1)
[SOURCE: ISO 2146:2010, 3.4, modified — The admitted term "element" has been deleted.]
3.4
data file
collection of data (3.1) records having a homogeneous structure
[SOURCE: ISO 14825:2011, 3.1.2, modified — The word "related" and the note to entry have been
deleted.]
3.5
data interface
set of rules that related two independent systems in a way that allows cross-system interactions
3.6
data profiling
activities that are performed to understand the data structures (3.8) and system rules that affect the
extraction of audit data (3.1)
3.7
data questionnaire
supplemental information related to the system or auditee
3.8
data structure
framework comprising a number of data elements (3.3) in a prescribed form
[SOURCE: ISO 21007-1:2005, 2.16, modified —"element" has been deleted from the term.]
3.9
primary key
minimum set of attributes that uniquely specify a record in a table
3.10
reference identifier
foreign key
one or a group of attributes that corresponds to a primary key (3.9) in another relation
[SOURCE: ISO/IEC 20944-1:2013, 3.14.4.15, modified — The preferred term "reference identifier" has
been added.]
3.11
functional currency
medium of exchange of value, defined by reference to the geographical location of the monetary
authorities responsible for it, of the primary economic environment in which the entity operates
[SOURCE: ISO 4217:2015, 3.2, modified — "functional" has been added in the term and "of the primary
economic environment in which the entity operates" has been added at the end of the definition.]
3.12
local currency
medium of exchange of value, defined by reference to the geographical location of the monetary
authorities responsible for it, of the local economic environment in which a distinct and separable
business unit is physically located, but not necessarily the economic environment where it operates
[SOURCE: ISO 4217:2015, 3.2, modified — "local" has been added to the term and the text after the
second comma has been added to the end of the definition.]
2 © ISO 2019 – All rights reserved

3.13
reporting currency
medium of exchange of value, defined by reference to the geographical location of the monetary
authorities responsible for it, in which financial statements are presented
[SOURCE: ISO 4217:2015, 3.2, modified — "reporting" has been added to the term and the text after the
second comma has been added to the end of the definition.]
3.14
transaction currency
medium of exchange of value, defined by reference to the geographical location of the monetary
authorities responsible for it, for exchange or transfer of goods, services or funds
[SOURCE: ISO 4217:2015, 3.2, modified — "transaction" has been added to the term and the text after
the second comma has been added to the end of the definition.]
3.15
process flow
depiction of the steps in an accounting workflow, including the related data (3.1) and activities
3.16
syntax
set of rules, principles and processes that govern the data structure (3.8)
4 Modules, tables and fields
4.1 General
The Audit Data Collection Standard (ADCS) covers the main business modules of accounting and ERP
systems and the main business processes in the enterprise production supply chain. The ADCS has
eight modules: Base (BAS), General Ledger (GL), Accounts Receivable (AR), Sales (SAL), Purchase (PUR),
Accounts Payable (AP), Inventory (INV) and Property, Plant and Equipment (PPE). According to the
information system condition, the ADCS supports collecting information from either partial modules or
all of them.
The modules within this document and select business events that demonstrate interaction points
between the modules are shown in Figure 1. Note that the connectors for the interactions are high level
representations and are not meant to depict all related attributes. Data transmission is defined as a
process in which the data of business modules could be transformed into general ledger.
Key
Components Connections and lines
modules of the ADCS  process flow
Figure 1 — Business modules in the ADCS
There is a total of 71 tables specifying data elements with structures in the ADCS: 52 tables are level 1
and 19 tables are level 2. The designation difference is based on the use of the information by auditors.
Level 1 tables are defined as tables containing information the auditor should leverage when auditing.
However, depending on the system, this information may not be available. The level 2 table designation
indicates that these tables contain information that the auditor can leverage if the scope of the audit
requires this type of data.
Within each table, fields are also labelled as level 1 or level 2. Similarly to the table designations, level 1
fields are defined as fields containing information the auditor should leverage when auditing and where
the data are available within the system. The level 2 field designation indicates that these fields contain
information that the auditor can leverage if the scope of the audit requires this type of data.
There are situations where level 2 tables contain level 1 fields. This scenario indicates that this type of
information may not be needed in some audit situations. However, if the data in the table are deemed
to be required by the auditor, the level 1 fields within the level 2 table should be included as they are
key fields for the use of the information. Additional information for dealing with fields not available is
presented in 5.5.
A questionnaire, located at the end of each module, includes supplemental questions about the data
that are essential for an understanding of the use of the data. The answers to the questionnaire are
commonly provided by accounting or finance personnel, with input from IT personnel.
4.2 Naming conventions
The naming conventions aim to help readers to have a clear understanding of each table and data
element. They also conform to the requirements of major accounting and ERP systems and databases.
The following generic conventions are applied to all names for tables and data elements.
a) The length of the table and data element name shall be no more than 30 characters.
b) The abbreviation will be used if the length of a table name or element name is longer than
30 characters. International commonly used abbreviations are allowed, such as ERP.
4 © ISO 2019 – All rights reserved

c) Underline is used to separate words in a table name and data element name. Each table name and
data element name shall contain only alpha-numeric characters and the underline characters.
d) The first letter of each word in the table name and data element name shall be in upper case. Any
abbreviated term shall be in upper case.
The abbreviated terms used in the ADCS are listed in Table 1.
Table 1 — Abbreviated terms
Abbreviation Full name
ACC Account
ADCS Audit Data Collection Standard
ADJ Adjustment
AP Accounts Payable
AR Accounts Receivable
ASCII American Standard Code for Information Interchange
BAS Base
BEG Beginning
BIC Business Identifier Code
CFO Chief Financial Officer
CNY Chinese Yuan
CRLF Carriage-Return Line-Feed
CSV Comma Separated Values
CUR Currency
CUS Customer
ERM Enterprise Resource Management
ERP Enterprise Resource Planning
EUR Euro
FIFO First In, First Out
FOB Free On Board
FS Financial Statement
GB Gigabyte
GL General Ledger
IBAN International Bank Account Number
ICBC Industrial and Commercial Bank of China
ID Identification
INV Inventory
IT Information Technology
JE Journal Entry
LEI Legal Entity Identifier
LIFO Last In, First Out
MS-DOS Microsoft Disk Operating System
NTFS New Technology File System
NUM Number
NY New York State
ORG Organization
OS Operating System
PK Primary Key
Table 1 (continued)
Abbreviation Full name
PO Purchase Order
PPE Property, Plant and Equipment
PRV Province
PUR Purchase
REF Reference Identifier
RFC Request For Comments
SAL Sales
SAP Systems Applications and Products in data processing
SQL Structured Query Language
TB Terabytes
TIN Tax Identification Number
TRX Transactional
UOM Unit of Measurement
US United States of America
USD U.S. Dollars
UTC Coordinated Universal Time
UTF-8 8-bit Unicode Transformation Format
WIP Work In Progress
Special naming conventions for table names include:
— each table name contains no more than three underlines;
— each table name is presented as “module (each table belongs) abbreviation + underline + table
description”.
Special naming conventions for data elements include:
— each element name contains no more than four underlines;
— words in element name shall appear in normal word order (e.g. modifiers before nouns);
— the last word of element name is the keyword;
— if there is a number in the element name, the number shall be combined with the previous word
without underlining. The number shall be expressed as an integer, such as the data element Tax1_
Type_Code.
4.3 Representation and datatype of data elements
The representation of a data element defines its length and precision. The representation shall be
designed in accordance with ISO/IEC 14957, ISO 4217 and ISO 8601-1. Datatype constrains the value
that a data element might take. The ADCS supports the common datatypes of Date, String, Decimal, etc.,
to facilitate outputting data from a database and importing data into a database.
Each representation is introduced by the character %. The details are listed in Table 2.
6 © ISO 2019 – All rights reserved

Table 2 — Representation specifications and samples
Representation Description
%ns describes a sequence of characters, of which the maximum length is n. Left justified;
no leading or trailing blank spaces.
%ns
EXAMPLE  %6s describes “123”, “123abc”, but not “abcdefg”.
%nc describes a sequence of characters, of which the length is exactly n. Left justified; no
leading or trailing blank spaces; the string length shall be n.
a)  %1c represents an indicator type.
b)  %3c represents currency.
EXAMPLE  USD = US dollars, CNY = Chinese yuan.
c)  %6c represents time zone as “±hh:mm”.
%nc
EXAMPLE  Newfoundland’s time zone = −03:30, Beijing’s time zone = +08:00.
d)  %8c represents time in 24-hour time (hh: mm: ss).
EXAMPLE  1:00 PM = 13:00:00.
e)  %10c represents calendar date as YYYY-MM-DD.
EXAMPLE  March 8, 2017 = 2017-03-08.
%m.nf describes an optionally signed floating-point number, of which the maximum
length of decimal is n, and the maximum length of integer is (m-n-1). Left justified; no
leading or trailing blank spaces. Decimal symbols shall be included and displayed with a
dot (“.”). Decimals shall be used for non-integers.
%m.nf
Negative numbers shall be indicated with a minus sign (–) immediately preceding
the number. Percentages shall be represented as decimals, where 100 % = 1.00 and
10 % = 0.10.
%nd describes an optionally signed decimal integer, of which the maximum length is n.
%nd Left justified; no leading or trailing blank spaces. Negative numbers shall be indicated
with a minus sign (–) immediately preceding the number.
Datatypes included in this document are listed in and shall conform to Table 3. The specific requirements
for these elements are not listed in the subsequent tables.
Table 3 — The datatypes and corresponding representations
Datatype Representation ISO standard adoption
Represent date in YYYY-MM-DD format (in accordance with ISO 8601-1).
Date %10c
EXAMPLE  %10c describes "2010-05-01", but not "2010-5-01".
Represent time in 24-hour time in hh: mm: ss format (in accordance
with ISO 8601-1).
Time %8c
EXAMPLE  1:00 PM = 13:00:00.
Represent a sequence of characters, of which the maximum length is n
(in accordance with ISO/IEC 14957:2010).
String %ns
EXAMPLE  %6s describes "123", "123abc", but not "123abcd".
Represent an optionally signed floating-point number, of which the
maximum length of decimal is n, and the maximum length of integer
is (m-n-1) (in accordance with ISO/IEC 14957:2010).
Decimal %m.nf
EXAMPLE  %11.6f describes "4.527125", "8692.52", but not
"4.5271258" or "86926.52".
Represent an optionally signed decimal integer, of which the
maximum length is n (in accordance with ISO/IEC 14957:2010).
Integer %nd
EXAMPLE  %4d describes "32", "3482", but not "34875".
Table 3 (continued)
Datatype Representation ISO standard adoption
Represent a two-valued logic data, of which the length is exactly 1
(in accordance with ISO/IEC 14957:2010).
Boolean %1c
EXAMPLE  %1c describes "1" or "0", which means True or False.
4.4 Base module
4.4.1 General
The Base (BAS) module contains basic information that is used across multiple modules. Its content
includes data related to business units, payment terms, projects, bank accounts and currency. Other
modules (e.g. GL, AR, SAL, AP) should be used in conjunction with this module.
4.4.2 BAS_Business_Segment
The BAS_Business_Segment (see Table 4) and the BAS_Business_Segment_Hierarchy (see Table 6) have
been designed to tabularize the portions of an organizational chart that is reflected in the business
transactions as structural units, e.g. business unit, department, cost
...