Artificial Intelligence, Blockchain, Cloud Computing, Cyber Security, Data Analytics, Internet of Everything, Robotic Process Automation are the new buzz words in today’s times and are the new ABCDEs of this era. With investments and valuations in these emerging technologies (broadly referred to as Industry 4.0), skyrocketing, companies across the globe are striving hard to develop sustainable use cases to see how they can solve everyday challenges using these. At the same time, as auditors we need to be aware of how these new and disruptive technologies are entering the domain of finance in a big way. The future of Finance is technology driven, and this “Fin-Tech Era” requires accountants and auditors to upgrade their understanding of these technologies and to use them in their profession, and certainly it will become imperative to audit these technologies. The question is are we ready? This article provides an overview of these technologies from an accounting/auditing perspective.”
In April 2019, the Association of Chartered Certified Accountants (ACCA )surveyed members and affiliates about their understanding of terms such as artificial intelligence (AI), machine learning (ML), natural language processing (NLP), data analytics and robotic process automation (RPA). On average for any given term, 62% of respondents had not heard of it, or had heard the term but did not know what it was or had only a basic understanding. On average, only 13% of respondents claimed a ‘high’ or ‘expert level’ of understanding of these terms. There is a need for greater awareness of what these technologies are and their implications for the audit profession. Not just this, the Future of Jobs Report, 2018 by the World Economic Forum estimates that the “existing” roles of auditors and accountants are going to decline in the coming years unless they upskill themselves with the knowledge of new and emerging technologies.
Be that as it may, one also needs to keep in mind that the post COVID-19, is an era of digitisation and adoption of these emerging technologies. We are witnessing an aggressive penetration of technology and automation in our homes, offices, and personal life, and COVID-19 has only accelerated this adoption. In fact, many of the companies thank COVID-19 for bringing the digitisation drive in their businesses. Our offices are no exception to this. Starting with Work from Home Solutions, Remote accounting and audit, increased usage of cloud-based applications for our everyday tasks, strengthening Cyber Security framework, COVID-19 has done the initial push of technology adoption and maturity at our offices. At the same time, we need to understand that this is just a beginning. Perhaps a trailer! We need to take this further to quickly progress and adapt to the emerging technologies so that we as a profession are not just “Future-Ready” but are “Ready-Now” to remain “Relevant”. The need to upskill is not in the days to come but is “Right Now!”. Future is no longer Digital, “Digital is Now”!
Disruptive Technologies impacting Audit:
What are these disruptive technologies and why are they impacting our profession? Why is that we need to invest time in understanding them today, to be relevant today and tomorrow? Let us spend some time to understand these:
ARTIFICIAL INTELLIGENCE (AI)
Artificial intelligence (AI) is an advanced computer system that can simulate human capabilities, based on predetermined set of rules. Just as humans learn by their experiences, AI machines learn from large data sets to identify patterns. Some of the activities include Speech recognition, Learning, Planning, Problem solving etc. It is often described as ‘an evolving technology’ that is equipping computer systems with something akin to human intelligence. From an audit standpoint, it enables automatic analysis of entire population of data to assess risks, identify patterns or exceptions and non-conformities. Further it can help profile data based on specific patterns such as rounding-off of payments, cluster analysis, outlier analysis, sentiment analysis etc. At the same time auditors are freed from mundane tasks and can focus their time on deploying their skills, training, and judgement with respect to the nature, timing, and extent of procedures to evaluate critical controls and provide advisory services of value addition.
On the other end, AI in bookkeeping is helping to automatically analyse the transaction and record in the respective ledger. Other interesting use cases include AI-assisted transfer pricing benchmarking, Bots for reviewing contracts to check compliance with Accounting Standards (say Operating Lease vs Financial Lease), tools to profile risk etc. One such tool is Botkeeper which can automate accounting power by Machine Learning. Similarly, iManage can review 1000s of contracts and extract specific requirements using AI. Home grown company, Zoho’s ZIA is an AI assisted tool which can bring in automated analysis of data and acts as a second pair of eyes. Not to forget, Microsoft Excel’s “Ideas” uses AI to provide interesting, automated insights.
MACHINE LEARNING (ML)
A major challenge to the audit profession is to analyse more in limited time and yet keep up the quality of audit. The rapid growth in the volume of financial transactions and increasing sources of digital data give accountants a better possibility to form conclusions that can be generalised beyond the sample. Machine Learning coupled with Deep Learning has the added advantage to automatically “learn” from client’s data to identify interesting and innovative patterns. An example could be if a fraud or a suspicious behaviour is noted in a client or an industry, the same ‘model’ can be replicated and tested in another client automatically. Further, ML uses advanced statistical analyses to generate predictions or make decisions from the analysis of a large historical dataset. A classic example would be credit scoring decisions for loans. The accounting software company Xero has implemented ML to make coding decisions for invoices. ML ‘predictions’ can be both backward and forward-looking. It has clear applications in risk management and the detection of fraud and inaccuracy by comparing historical data sets with current data, which can help with risk assessment.
ROBOTIC PROCESS AUTOMATION (RPA)
RPA is often mistakenly thought of as a form of AI, but these ‘robots’ are software routines that are more like very sophisticated Excel spreadsheet macros. RPA is a software that can be easily programmed or instructed by end users to perform high-volume, repeatable, rules-based tasks in a world of discrete yet interdependent systems. RPA is commonly used where the process is entirely standardised based on pre-defined rules and the system can execute them automatically. An example of the same could be where the output of one financial process needs to be input into another, or where multiple sources of information need to be consulted etc. Such work is repetitive, mundane, time consuming and, when done by individuals, are prone to error. Examples include processing or verifying monthly GST Returns, periodic accounting, data entry by viewing physical documents, vouching of transactions, matching the ledgers to the financial statements based on the chart of accounts defined etc. The so called ‘robot’, which is a software program by itself, mimics the actions of a skilled person to perform multiple tasks based on experience and training. Because it mimics a process rather than analysing data, RPA itself is not AI. RPA offers many benefits as these robots work non-stop and are faster, more accurate and scalable.
Data Analytics is a combination of processes, tools and approach to access, analyse and audit digital data. Analytical tools and functions have long been applied to the financial data derived from accounting and operational systems. Most of us are already using data analytics as part of our audit processes to test the transactions. This has helped us to gradually move from traditional sampling techniques to more sophisticated techniques such as stratified sampling which can create various stratum based on predefined conditions. Using Analytics one can make the analysis of the historical data more insightful. Rather than sampling transactions data to test a snapshot of activities, we can now analyse all transactions processed, allowing us to identify anomalies/outliers and drill down to the items that show the greatest potential of being high risk. While “Analytics” have always been applied on data, mostly in the traditional approach, say to summarise, classify etc, the modern analytical tools are equipped with abilities to analyse larger sets of data and perform a variety of functions like Relative Size Factor (RSF), Benford’s Law, Fuzzy Match, automated “compute and compare” etc. These tools can be in the form of Excel Add-Ins like eCAAT, Fuzzy Match, Kutools or in the form of independent software like SoftCAAT, IDEA, ACL, Zoho Analytics. These tools also called as CAATTS (Computer Assisted Audit Tools & Techniques are gaining rapid adoption and are being used extensively to provide assurance/compliance/consulting services on digital data.
DRONE, INTERNET OF THINGS AND SENSOR TECHNOLOGIES
IoT, is a system of interrelated computing devices, mechanical and digital machines, that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. This sensor driven technologies have noticed increasing demand across the globe. From an audit angle, these can help transmit real time information, tracking inventory and assets, optimising efficiencies etc. Technologies such as the drone can help gathering evidence to support assertions and perform audit much faster and in real time. This could be used for physical verification of inventory or large warehouses, assessing the mines and quarries, audit of huge acres of lands, etc.
DISTRIBUTED LEDGER TECHNOLOGY (DLT)
DLT, a family of technologies that includes blockchain, is of great interest to both auditors and businesses. Imagine each transaction, is already “validated” prior to posting into the ledger, by way of a consensus mechanism from an external party, say a Vendor, a Bank, or the Customer. Does that not increase the confidence on the ledger and the system? To bring an additional level of security and integrity, these transactions are encrypted, and in read-only format, in an “append-only database”. That is blockchain for you. Block chain refers to the transparent, thrustless, and publicly accessible ledger that allows us to securely transfer the ownership of units of value using public key encryption which is backed by a consensus algorithm. The technology uses decentralized consensus to maintain the network, which means it is not centrally controlled by a bank, corporation, or government. In fact, the larger the network grows and becomes increasingly decentralized, the more secure it becomes. This technology aims to solve the trust deficiency between intermediaries and ensure only a single source of truth exists. In fact to a certain extent, Blockchain brings in a concept of “Triple Ledger Accounting” where a third component is added to the debit and credit system which brings the books together and helps in linking two separate double entries which can be potentially be viewed for external auditing purposes as well. While businesses find blockchain can enhance performance in areas where inefficiencies exist due to trust deficits, the auditors find the need for this to become the universal bookkeeping service, thereby removing the need to reconcile multiple databases of records and providing a perfect audit trail. A key principle of this technology is immutability which can help auditors to test audit assertions such as occurrence and cut-off with absolute certainty.
Although DLT has mainly come to prominence for its use in underpinning cryptocurrencies such as Bitcoin, it has many use cases in smart contracts. A smart contract is self-executing contract, the terms of which are written into code which, exists in a blockchain network and therefore shares the same characteristics of blockchain such as immutability, append only database etc. An example of this could be auto triggering of payments to farmers by an insurance company on the government declaring a drought. This could be further modified / enhanced by enabling sensors in the soil at different locations which transmit information to the insurance company on the soil dryness, lack of moisture, the time for which there was no watering etc. There are increasing use cases noted in Fin-Tech domains and in distributed finance (Di-Fi). This will bring in a change in perspective, where the audit of smart contracts themselves will soon be a requirement, as much as an audit of core banking operations is necessary.
Are these technologies free of Risks?
While these technologies are maturing by the day, with innovative and interesting use cases, we need to mitigate the risks and ensure that the required controls are in place while deploying technology. As auditors, it is important to understand these technologies and their impact on objectives of the organisation and the services they provide.
SA 315 – Identifying and Assessing the Risk of Material Misstatement Through Understanding the Entity and Its Environment, requires auditor to identify and assess the risk of material misstatement through understanding the entity and its environment. This is not just restricted to the business and legal structure, but also to understand the Information System and related business processes. COSO’s Internal Control Framework requires an organisation to specify objectives with sufficient clarity to enable the identification and assessment of risks relating to the objectives (Principle 6) and to select and develop general control activities over technology to support the achievement of objectives (Principle 11).
Risk Assessment and Audit
While emerging technologies can bring great benefits, they also come with a varied set of substantial risks. A core strength of our profession is in the assessment of risks and controls. Some of the areas where auditors should focus are:
1. Gain a holistic understanding of changes in the industry and the information technology environment to effectively evaluate management’s process for initiating, processing, and recording transactions and then design appropriate auditing procedures.
2. Clearly understand the problem statement in hand and see how the underlying technology helps to achieve the desired result. One needs to remember that these Technologies are one of the means of solving the challenge and not the ONLY means to solve.
3. Focus on the “top-down” approach to identify significant accounts and disclosures and their relevant assertions during the risk assessment process.
4. Auditors, as appropriate, should consider risks resulting from the implementation of new technologies and how those risks may differ from those that arise from more traditional, legacy systems. An example could be configuration of transactions on a blockchain or smart contract.
5. Auditors should consider whether specialized skills are necessary to determine the impact of new technologies and to assist in the risk assessment and understanding of the design, implementation, and operating effectiveness of controls, and where ever applicable, they should utilise the expertise of those possessing these skills.
Disruption creates opportunity:
Digital disruption is a strategic opportunity for all of us to adapt and grow, however not without risk. With the growth of automation, we will see some traditional revenue streams dry up as these services become increasingly commoditized by companies. Perhaps people might say I have a bot who does my bookkeeping! We need to work out what the newer business models are. Those who are willing to take the required risks in this transitional phase, will be rewarded with fantastic opportunities to provide innovative services. These new technologies also present opportunities for organisations to reskill their workforce by deploying relevant resources. This transition provides us with direction and an opportunity to step up to these interesting and new challenges.
How can CAs gear up for this challenge?
Some of the new technologies offered today have the potential to greatly improve our current offerings and the way we audit. Considering the stakes involved, it is important that we get it right. The following ideas and insights could be of help in making a start.
Every era is marked by a new discovery and an innovation. Starting from the steam engine to the era of integrated circuits, industries have had substantial transformation. The next era is that of Industry 4.0, which is the connected world where Technology can solve more complex challenges and yet be affordable. As professional and auditors who are skilled to meet the challenges not only of the present but also and of the future, we need to gear up to the needs of this digital era and be the change agent. Understanding technology, embracing the change, and being inquisitive would make us more tech-savvy and relevant in the days to come.
The tools and solutions mentioned are purely for educational purposes and the author does not have any interest in them or endorse them.
The author CA Narasimhan Elangovan, is a practising CA and partner KEN & Co. He is a GRC Professional, a Digital transformation catalyst and an author. He believes in the power of technology to solve everyday problems. He can be reached at [email protected]
1. ACCA Global
CA Narasimhan Elangovan, CISA, CDPSE, Partner KEN & Co.
Original Article published in ICAI October 2020 Edition. (https://resource.cdn.icai.org/61378cajournal-oct2020-9.pdf)