Share this content
Tags:

Rise of the real time audit

18th Dec 2015
Share this content
Network technology
iStock_Shulz

If you’ve been reading the flurry of “top tech trends for 2016” articles which inevitably accompany the approaching New Year, you may have encountered the term “blockchain”.

It’s an idea extracted from the online cryptocurrency Bitcoin. The blockchain is a distributed consensus system, which is a fancy way to describe what is essentially a shared ledger where the records are agreed by all its users.

In Bitcoin transactions, the blockchain enables a person to check the Bitcoins being spent haven’t been spent before. “By sending Bitcoins to someone you simultaneously create a record of that transfer,” explains Roger Willis, an entrepreneur and former member of EY’s forensic data analytics and audit teams.

“The shared ledger is powerful because it is cryptographically authorised by the payer, and cryptographically signed off by the mediator. So bitcoin is a triple entry system: There are three parties involved in the transaction.”

For accounting - and very specifically audit - the interesting element of this arrangement is how the blockchain merges the transaction and the record of the transaction. Willis, and many others, believes this triple entry system has an application in the paper currency, real world of audit.

“When a transaction occurs, all the data required to audit that transaction already exists,” he said. “In theory, both parties to a transaction should be posting equal and opposite journals; revenue, expense etc. This fact can be leveraged to allow them to share one journal – in the shared ledger – which they both point to from their private ledgers.”

With triple entry accounting, you would complete a transaction and simultaneously record it in a shared ledger. Once that happens, it’s necessary to ensure that that data can’t be changed. The key is a technology that’s been around for a while. “We would need digital signatures,” explained Willis. “Companies would publish their public keys to a certificate authority - like the ICAEW, perhaps - which would attest to their identity. When a transaction is agreed, companies use their private keys to digitally sign the transaction data. The existence of digital signatures from both parties implies that the transaction data is agreed upon.”

Triple entry accounting was first postulated in 2005 by Ian Grigg, a pioneer in financial cryptography currently working at R3, a finance tech firm based in New York. At first glance, the problem with Grigg’s idea was that digital signatures would have to attain widespread acceptance as secure. However, Grigg dismissed this back in 2005: “The digital signature is capable of creating a record with a strong degree of reliability,” wrote Grigg. “A digital signature can be relied upon to keep a record safe, as it will fail to verify if any details in the record are changed.”

The world envisioned by Grigg would fundamentally alter the way audit is done. “When a company’s auditors wish to perform substantive audit work, they can quickly validate the digital signatures on the transaction records using the public key records,” said Willis. “It’s indelible audit evidence. In theory, one can audit 100% of revenue and expenses, for multiple companies, in literally a split second because the companies are capturing, signing and agreeing all the data at the time of transaction.”

Not only would this eliminate the dependence on statistical probability in auditing, it would also create companies that are continually auditable. An auditor would be able to parachute into a mess and quickly ascertain the facts. The benefit to corporate governance is clear - vide KPMG’s currently unravelling HBOS mess.

The idea of the database mapping keys to identities is a fascinating one. It doesn’t have to be central. It could be held in a block chain, i.e. a completely decentralised public ledger. But this would require the use of a cryptocurrency, which is not a necessity, either: A central database is just as feasible. “We would still need someone to verify identities of companies,” said Willis. “It could be anyone trustworthy: Companies House, FCA, ICAEW or a consortium perhaps.”

The consortium Willis alludes to is a database that’s owned by a group of accounting firms or auditors. “They control it and they code the database and all the software around it. They then charge firms to put their transactions into it, or maybe it’s included into part of the audit cost.”

For auditors, this database would be a powerful tool. “If all the transactions you’ve recorded in your ledger are in the shared ledger, everything’s fine. If there are more transactions in the SRL, then you’ve got a completeness issue. If there’s less transactions, you’ve got an existence issue.

“It would simplify the tedious task of validating whether a transaction is real or not. No more painstaking wait for third party verification.

Triple entry accounting has substantial hurdles blocking its path, however. “You need to train auditors, you need to integrate with legacy ERP software, which is very expensive”, said Willis. “Also, one needs to incentivise companies to participate given that it takes them time to integrate the software/change their workflows”.

But it’s fast gaining acceptance in the finance industry. According to Santander, distributed ledger technology could save banks £10-13bn per annum by 2022. And the bank has also just launched a distributed ledger start-up challenge.

Grigg’s current company R3 has signed 42 financial institutions to its distributed ledger technology. "Ledgers for financial instruments are of much attention at the moment – R3, DigitalAsset, NASDAQ Linq are building them for equities and other financial instruments for the benefit of banks. However, it seems VCs and developers have overlooked accounting," said Willis.

“If you ask the regulators, they’ll say audit is of poor quality,” he continued. “Reasonable assurance isn’t good enough. There are countless audit failures that could’ve been stopped with better procedures and better collection of audit evidence.”

Tags:

Replies (5)

Please login or register to join the discussion.

Adrian Pearson
By Adrian Pearson
23rd Dec 2015 08:41

A need already met
No need for new technology as suggested above. If all companies moved to exclusive use of Bitcoin for transactions, and make their public keys public, then all of the benefits for audit accrue automatically. Auditors have all of the verification they need in the Bitcoin blockchain.

This particular wheel has already been invented. There is only a need to invent something else if companies insist on continuing to use fiat currencies.

No "trusted third parties" are needed if the existing Bitcoin protocol is used. That was and is its main benefit.

Thanks (0)
Replying to I'msorryIhaven'taclue:
Francois
By Francois Badenhorst
23rd Dec 2015 11:40

True - but

There's the small matter of having to convince to move to the exclusive use of Bitcoin for transactions. That won't be easy (if it is indeed possible at all). 

Thanks (0)
Adrian Pearson
By Adrian Pearson
23rd Dec 2015 12:41

Agreed

Yep and there is the issue of the blockchain ledger being public - so the transparency and verifiability from an audit point of view extends to everyone - which might not go down well in boardrooms :)

Thanks (0)
Replying to lionofludesch:
Francois
By Francois Badenhorst
23rd Dec 2015 12:47

Exactly

Adrian Pearson wrote:

Yep and there is the issue of the blockchain ledger being public - so the transparency and verifiability from an audit point of view extends to everyone - which might not go down well in boardrooms :)

I'd say this tech is making quite a few people very uncomfortable!

Thanks (0)
avatar
By carnmores
10th May 2016 13:00

i am still confused and so i suspect is everyone else

Thanks (0)