Save content
Have you found this content useful? Use the button above to save it to your profile.
Binary numbers scrolling across a digitally rendered bank vault

ISQM 1: New audit standard opens door for open banking


The new ISQM 1 auditing standard presents a huge opportunity for auditors to drive quality and efficiency improvements through the use of open banking tools.

13th Sep 2022
Save content
Have you found this content useful? Use the button above to save it to your profile.

Alongside the new auditing standards I already explored (ISA (UK) 240 related to fraud and ISA 315 identifying and assessing the risks of material misstatement), a significant new incoming legislation change is the International Standard on Quality Management (ISQM) 1.

ISQM 1 aims to strengthen audit quality through a more effective approach to quality management. This is in light of huge corporate failures in the UK and internationally, alongside the record £46.5m fines UK accountancy firms were subject to in 2021.

The change creates a huge opportunity to drive the adoption of open banking tools in audit, as doing so will help auditors improve quality and also generate wider benefits, including streamlining processes and increasing the scope of jobs. 

Open banking is one of the biggest breakthrough technologies for audit, as for the first time, auditors have access to standardised, transaction-level, third-party audit evidence from source in real time.

While revised ISA (UK) 240, ISA 315 and ISQM 1 all create a compelling opportunity for firms to adopt open banking tools, to improve audit quality and generate efficiencies there are some key considerations firms should make in light of the quality objectives of ISQM 1 when assessing which providers to adopt.

Double down on audit quality

Open banking presents a huge opportunity for the audit industry to innovate and adoption is growing. There are currently around six million users in the UK at an industry level, and if audit firms haven’t done so already they should explore the benefits and opportunities that open banking tools have created. 

Simon Kettlewell, director at HAT Group of Accountants, outlines some of the advantages from a practice perspective: “Historically, firms would have found it difficult to prove the data they were getting from clients was complete. Additionally, they couldn’t be certain data hadn’t been tampered with by clients. However, with the development of open banking tools, auditors now have full control of data and it becomes much easier for them to understand what is happening and product-related outliers and areas of focus.” 

Efficiencies from the automation and data analysis capabilities of open banking tools will free up the time of staff to focus on consistent application of ISQM 1’s enhanced requirements, as well as going beyond traditional sampling approaches with it being possible to analyse 100% of transactions and increasing quality. 

Directly regulated open banking tools 

The gold standard of open banking tools is those that are directly regulated. This is a subtle but important distinction to make.

Directly regulated account information service providers (AISPs) provide auditors with audit evidence directly from the bank, as opposed to other open banking tools that rely on AISPs as subprocessors to access data.

It’s harder to trace where subprocessors store their data and European audit clients may be nervous if it is held in data centres in America or China. 

Unregulated service providers that use subprocessors are dependent on the accounts they connect to, and in most instances focus on payments consumers and small businesses, so lack the corporate coverage required by auditors.

The direct bank relationship regulated service providers have is also vital for being able to resolve any issues such as data flow, and fix issues faster due to communication being direct. This allows auditors to provide a higher level of service.

Industry-specific directly regulated providers can go beyond the open banking requirements set for consumers by working with the banks to provide auditors with premium APIs to provide additional data points (IBAN numbers) that add value to audits.

Different service providers also have different business models, which can include them selling consumer data. Many will also be familiar with open banking provider Plaid, which was fined $58m for harvesting and selling consumers’ data.

Take action now

With ISQM 1 due to be introduced in December, it’s worth taking action now to seek out and incorporate tools to help you comply.

Auditors should look towards directly regulated and industry-specific open banking tools that solely provide auditors with client data as audit evidence and do not manipulate or sell that data. One of the certificates auditors can ask for is the Institute of Chartered Accountants in England and Wales (ICAEW) tech accreditation.


Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.