ISO 5405:2024

International
Standard
ISO 5405
First edition
Audit data collection extension —
2024-05
Government regulated financial
reports and payroll
Extension de collecte de données d'audit — Rapports financiers et
fiche de paie réglementés par le gouvernement
Reference number
© ISO 2024
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Modules, tables and fields . 2
4.1 General .2
4.2 Naming conventions .2
4.3 Government regulated financial reports module .3
4.3.1 General .3
4.3.2 GRFR_Report_Header .4
4.3.3 GRFR_Report_Body .5
4.4 Payroll module . .6
4.4.1 General .6
4.4.2 PAY_Payroll_Period .7
4.4.3 PAY_Payroll_Item .8
4.4.4 PAY_Payslips .9
4.4.5 PAY_Payslip_Detail .10
Annex A (informative) Guidance on how to use government regulated financial reports module .12
Annex B (informative) Guidance on how to use payroll module .15
Bibliography .18

iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 295, Audit data services.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

iv
Introduction
Government financial audit usually starts with reviewing and analysing statutory financial accounting
statements; for example, these regulated reports are established following country specific rules for data
aggregation according to statutory taxonomy and rules known as local chart of accounts. In some countries,
governments enforce the use of the local statutory chart of accounts (e.g. China, France, Philippines, Spain),
in some others, the companies must provide as part as audit data a mapping between their corporate chart
of account and the local statutory chart of account (e.g. Mexico). This is key to allowing government to run
audit consistently across several companies and years when the corporate chart of accounts can be different
or fluctuate significantly over time. As the financial and accounting statements reflect the financial status
and operating results of the enterprise in a certain period, the key questionable points can be identified
through the data analysis of the financial and accounting statements; then the auditors can carry on the
further review with the clear auditing directions, in which the efficiency of audit work can be improved a lot.
The payroll audit mainly focuses on the following objectives: the correctness, the compliance and
justifiability and so on. The key to achieving these objectives is the obtainment of the complete payroll
items and data. With the payroll items and data, the auditors can easily identify the abnormal errors, the
compliance issues and insufficient justifications.
Targeted as one of the extensions of ISO 21378, the financial report and payroll data interface output
files are integrated to the current data interface output files of ISO 21378 to provide auditors with more
comprehensive audit data collection. The intention is not to replace the existing best practices for some
countries of obtaining the specific parts of the audit data (e.g. financial statements, vouchers, transactions),
but to provide them with a more comprehensive and consistent choice of collecting the audit data. It’s useful
not only for auditing multinational companies across the countries, but also for data sharing and audit
cooperation across the different government authorities in different countries as well audit data collection.

v
International Standard ISO 5405:2024(en)
Audit data collection extension — Government regulated
financial reports and payroll
1 Scope
This document provides the solution for auditors to obtain the regulated financial report data and the
payroll data. This document is applicable for government audits, as well as external independent audits and
internal audits.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 8601-1, Date and time — Representations for information interchange — Part 1: Basic rules
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
data
set of values of qualitative or quantitative variables
3.2
data element
basic unit of identifiable and definable data (3.1)
[SOURCE: ISO 2146:2010, 3.4, modified — The admitted term "element" has been deleted.]
3.3
data interface
set of rules that relate two independent systems in a way that allows cross-system interactions
3.4
primary key
minimum set of attributes that uniquely specify a record in a table
3.5
reference identifier
foreign key
one or a group of attributes that corresponds to a primary key (3.4) in another relation
[SOURCE: ISO/IEC 20944-1:2013, 3.14.4.15, modified — The preferred term "reference identifier" has been
added; the original preferred term "foreign key" has been changed to an admitted term.]

4 Modules, tables and fields
4.1 General
ISO 21378 covers the main business modules of the accounting system and the main business processes in
the enterprise production and supply chain. There are eight modules: base, general ledger (GL), accounts
receivable (AR), sales (SAL), accounts payable (AP), purchase (PUR), inventory (INV), property, plant, and
equipment (PPE). The document formulated in this document is an extension of ISO 21378, including two
modules: government regulated financial reports (GRFR) and payroll (PAY).
Figure 1 shows the relationship between the contents of ISO 21378 and this document.
Figure 1 — The business flow of ADCS module
— The contents in the dotted box in Figure 1 are those in ISO 21378.
— The contents outside the dotted box in Figure 1 are the contents of this document.
4.2 Naming conventions
The naming conventions aim to help readers to have a clear understanding of each table and data element.
They also conform to the requirements of major accounting and enterprise resource planning (ERP) systems
and databases. The following generic conventions are applied to all names for tables and data elements.
a) The length of the table or data element name shall be no more than 30 characters.
b) The abbreviation can be used if the length of a table name or data element name is longer than
30 characters. International commonly used abbreviations are allowed, such as ERP.
c) Underline is used to separate words in a table name or data element name. Each table name or data
element name shall contain only alpha-numeric characters and the underline characters.
d) The first letter of each word in the table name and data element name shall be in upper case.
The abbreviated terms used in the ISO 21378 are listed in Table 1.

Table 1 — Abbreviated terms in ISO 21378
Abbreviation Full name
ADCS Audit data collection standard
AP Accounts payable
AR Accounts receivable
BAS Base
CUR Currency
ERP Enterprise resource planning
GRFR Government regulated financial reports
ID Identification
INV Inventory
PAY Payroll
PK Primary key
PPE Property, plant and equipment
PUR Purchase
REF Reference identifier
SAL Sales
4.3 Government regulated financial reports module
4.3.1 General
The data disclosed in the government regulated financial reports is the data that must be disclosed according
to the legal requirements of various regulatory authorities in various countries and regions. The purpose
of this document is to standardize the reporting data output, not to replace or complete the regulatory
reporting. This document does not clearly define the data format of a specific report, but defines specific
data contents. The source of financial data often comes from the general ledger system. Each financial
statement specifically reflects one or more financial data that a financial entity must disclose at one or more
time points.
The data of financial statements can be generated from GL data of general ledger, such as by extracting the
data from GL_Trial_Balance.
Complex financial statements, such as consolidated financial statements, may be extracting the data from
GL modules in more than one ERP system. At the same time, it also supports report level data adjustment to
finally form reports that meet the requirements of laws and regulations.
The tables within the GRFR module and selected key fields used for interactions with the BAS modules are
illustrated in Figure 2.
Key
Components Connections and lines
table in the GRFR module table within the GRFR module
table in the BAS module reference relationship
L1 table containing information that the auditor should leverage when auditing
Figure 2 — Table relationship diagram of the GRFR module
4.3.2 GRFR_Report_Header
The report header contains data with unique attributes in this table. Each report has only one header, see
Table 2. Table 2 is level 1.
Instructions on how to implement the GRFR report header structures (described in 4.3.2) are detailed in
Annex A.
Table 2 — GRFR_Report_Header
No. Name Data-type Representation Description Level
1 Report_ID String %60s Unique identifier for the report. 1
Typically auto-generated by the system.
2 Report_Name String %80s Name of the report. 1
3 Report_Description String %200s Free-form description of the entire indi- 2
vidual report as described by the report
header.
4 Reporting_Entity_Code String %25s Unique reporting entity Code. 1
Shall match the Business_Segment_Code
in the BAS_Business_Segment table.
5 Reporting_Entity_Name String %80s Name of the reporting entity. 1
Shall match the Business_Segment_Name
in the BAS_Business_Segment table.
6 Fiscal_Year String %4c Fiscal year in which the calendar date 1
occurs.
The year shall be shown in four digits
as YYYY, which is part of the extended
format and the YYYY-MM-DD from ISO
8601-1.
7 Reporting_Period_Type String %60s Reporting period type is used to iden- 1
tify the span of time for the report.
EXAMPLE Monthly, quarterly, annu-
ally.
TTabablele 2 2 ((ccoonnttiinnueuedd))
No. Name Data-type Representation Description Level
8 Reporting_Period_BEG_ Date %10c Calendar beginning date of the report. 1
Date
EXAMPLE YYYY-MM-DD.
9 Reporting_Period_END_ Date %10c Calendar ending date of the report. 1
Date
EXAMPLE YYYY-MM-DD.
10 Reporting_Curren- String %3c Code for the currency (in accordance 1
cy_Code with ISO 4217).
Shall match Currency_Code in BAS_
Currency table.
11 Reporting_Language_ String %60s Reporting Language Code. 2
Code
12 Regulations String %60s Accounting rules or regulations name 2
that the report complies with.
13 Person_In_Charge_Of_ String %200s Name of the person in charge of enter- 2
Enterprise prise.
14 Accounting_Supervisor String %200s Name of the accounting supervisor 2
who is in charge of the report submis-
sion.
15 Created_By String %200s Name of the person or user who creat- 2
ed the report.
The primary key and reference identifiers, with the related referenced fields and tables, for Report_Header
are listed in Table 3.
Table 3 — Identifiers in GRFR_Report_Header
No. Name Identifier Referenced field Referenced table
1 Report_ID PK not applicable not applicable
4 Reporting_Entity_Code REF Business_Segment_Code BAS_Business_Segment
10 Reporting_Currency_Code REF Currency_Code BAS_Currency
4.3.3 GRFR_Report_Body
The report body contains at least one or more financial data. Each report can have one or more report
bodies. Each report body shall contain at least one financial item and data. Each financial data has a unique
time attribute (Report_Item_Qualification) and a unique property attribute (Report_Item_ID and Name).
And it can distinguish whether this value is balance attribute or amount attribute through item attribute
(Report_Item_Value_Type), see Table 4. Table 4 is level 1.
Instructions on how to implement the GRFR report header structures (described in 4.3.3) are detailed in
Annex A.
Table 4 — GRFR_Report_Body
No. Name Data-type Representation Description Level
1 Report_ID String %60s Unique identifier for the report. 1
Shall match the Report_ID in the Re-
port_Header table (see
...