Reporting Package Hash Generator
For the identification of a Reporting Package based on the requirements published by ESMA, the Royal Netherlands Institute of Chartered Accountants has developed a tool. This tool can be used by the organization responsible for drawing up the Reporting Package and the audit firm in charge of auditing the Reporting Package. If the Reporting Package does not change, the tool will always calculate the same hash. This hash can be used in communication to identify the Reporting Package and to determine that the content of the Reporting Package was not changed.
In a permission letter for the client, it must be stated clearly what the audited object is, and it must be certain that this object has not been modified. In the paper world this is done so by authenticating each separate page of the audit object and to link the auditor’s opinion and audit object to each other. The reason for doing this, is that in case of doubt, it can be determined what the original audit object was.
In this case the audit object is an ESEF-filing. This a Reporting Package, saved as a ZIP-file, which contains, based on a prescribed structure, multiple files. These files represent the issuer’s XBRL Inline document and the issuer’s taxonomy. Since an ESEF-filing is digital, authenticating the audit object is no longer possible in the old way.
Authenticating digital files is done by the method of creating hashes. Creating a hash is a mathematical operation on a file which results in a unique string of characters. Every time the same mathematical operation is conducted on the file, the result remains the same. If something changes in the file, the result will be different. By adding the hash to the auditor’s opinion, the audit object can be authenticated, and it can be determined whether the audit object has changed or not.
The Reporting Package Hash Generator tool is initially being released as Proof-of-Concept. The main objectives are that the tool must be reliable, platform independent, open source and flexible. The latter because there are no experiences with Reporting Packages yet and that the tool can be adapted to specific wishes.
More information about the Proof-of-Concept, including the technical agreements for creating the hash can be found in the document below.
Download Reporting Package Hash Generator tool
The Reporting Package Hash Generator tool is available as a complete setup or as a lightweight installation. We advise to use the complete setup to install the Reporting Package Hash Generator tool. If this is not possible (for example there are no sufficient rights to install programs), the lightweight installation could be used. The lightweight installation contains only the files of the program itself. Placing the files in a directory should be enough to start the tool by clicking on the executable.
The sources for the Reporting Package Hash Generator tool are being published by the Royal Netherlands Institute of Chartered Accountants under the terms of the GNU General Public License.
The available sources (C# and VB.NET) are at this moment only available as Microsoft Visual Studio projects. We are investigating the use GitHub or something like that for publishing the sources. We also encourage software developers the recreate the tool in other program languages.