Rise of the real time audit
It’s an idea extracted from the online cryptocurrency Bitcoin. The blockchain is a distributed consensus system, which is a fancy way to describe what is essentially a shared ledger where the records are agreed by all its users.
In Bitcoin transactions, the blockchain enables a person to check the Bitcoins being spent haven’t been spent before. “By sending Bitcoins to someone you simultaneously create a record of that transfer,” explains Roger Willis, an entrepreneur and former member of EY’s forensic data analytics and audit teams.
“The shared ledger is powerful because it is cryptographically authorised by the payer, and cryptographically signed off by the mediator. So bitcoin is a triple entry system: There are three parties involved in the transaction.”
For accounting - and very specifically audit - the interesting element of this arrangement is how the blockchain merges the transaction and the record of the transaction. Willis, and many others, believes this triple entry system has an application in the paper currency, real world of audit.
“When a transaction occurs, all the data required to audit that transaction already exists,” he said. “In theory, both parties to a transaction should be posting equal and opposite journals; revenue, expense etc. This fact can be leveraged to allow them to share one journal – in the shared ledger – which they both point to from their private ledgers.”
With triple entry accounting, you would complete a transaction and simultaneously record it in a shared ledger. Once that happens, it’s necessary to ensure that that data can’t be changed. The key is a technology that’s been around for a while. “We would need digital signatures,” explained Willis. “Companies would publish their public keys to a certificate authority - like the ICAEW, perhaps - which would attest to their identity. When a transaction is agreed, companies use their private keys to digitally sign the transaction data. The existence of digital signatures from both parties implies that the transaction data is agreed upon.”
Triple entry accounting was first postulated in 2005 by Ian Grigg, a pioneer in financial cryptography currently working at R3, a finance tech firm based in New York. At first glance, the problem with Grigg’s idea was that digital signatures would have to attain widespread acceptance as secure. However, Grigg dismissed this back in 2005: “The digital signature is capable of creating a record with a strong degree of reliability,” wrote Grigg. “A digital signature can be relied upon to keep a record safe, as it will fail to verify if any details in the record are changed.”
The world envisioned by Grigg would fundamentally alter the way audit is done. “When a company’s auditors wish to perform substantive audit work, they can quickly validate the digital signatures on the transaction records using the public key records,” said Willis. “It’s indelible audit evidence. In theory, one can audit 100% of revenue and expenses, for multiple companies, in literally a split second because the companies are capturing, signing and agreeing all the data at the time of transaction.”
Not only would this eliminate the dependence on statistical probability in auditing, it would also create companies that are continually auditable. An auditor would be able to parachute into a mess and quickly ascertain the facts. The benefit to corporate governance is clear - vide KPMG’s currently unravelling HBOS mess.
The idea of the database mapping keys to identities is a fascinating one. It doesn’t have to be central. It could be held in a block chain, i.e. a completely decentralised public ledger. But this would require the use of a cryptocurrency, which is not a necessity, either: A central database is just as feasible. “We would still need someone to verify identities of companies,” said Willis. “It could be anyone trustworthy: Companies House, FCA, ICAEW or a consortium perhaps.”
The consortium Willis alludes to is a database that’s owned by a group of accounting firms or auditors. “They control it and they code the database and all the software around it. They then charge firms to put their transactions into it, or maybe it’s included into part of the audit cost.”
For auditors, this database would be a powerful tool. “If all the transactions you’ve recorded in your ledger are in the shared ledger, everything’s fine. If there are more transactions in the SRL, then you’ve got a completeness issue. If there’s less transactions, you’ve got an existence issue.
“It would simplify the tedious task of validating whether a transaction is real or not. No more painstaking wait for third party verification.
Triple entry accounting has substantial hurdles blocking its path, however. “You need to train auditors, you need to integrate with legacy ERP software, which is very expensive”, said Willis. “Also, one needs to incentivise companies to participate given that it takes them time to integrate the software/change their workflows”.
But it’s fast gaining acceptance in the finance industry. According to Santander, distributed ledger technology could save banks £10-13bn per annum by 2022. And the bank has also just launched a distributed ledger start-up challenge.
Grigg’s current company R3 has signed 42 financial institutions to its distributed ledger technology. "Ledgers for financial instruments are of much attention at the moment – R3, DigitalAsset, NASDAQ Linq are building them for equities and other financial instruments for the benefit of banks. However, it seems VCs and developers have overlooked accounting," said Willis.
“If you ask the regulators, they’ll say audit is of poor quality,” he continued. “Reasonable assurance isn’t good enough. There are countless audit failures that could’ve been stopped with better procedures and better collection of audit evidence.”