The audit profession is beginning to get to grips with the practical implications of new technology. According to Sage, 58% of accountancy professionals are expecting to automate some tasks using Artificial Intelligence (AI) within the next three years. And where the rest of the profession leads, audit is bound to follow. Auditors will at least need to be able to audit advanced technologies, and most firms are looking to use tools like data mining, robotic process automation (RPA), and Machine Learning (ML) to deliver higher quality, more efficient and insightful audits.
It’s easy to think about audit ethics as being timeless and objective. But auditors have a professional code of ethics for a practical reason: trust. The organisations we audit and the users of financial statements both need to know they can trust us, or our opinions aren’t worth the paper (or pixels) they are printed on. We have the ethical principles we have because – in the environment, audit has existed in for the past several decades – objectivity, confidentiality, professionalism, technical competence, and integrity combined have all been essential and enough – necessary and sufficient – to deliver that trust.
But the times, they are a-changing. And these changing times have been tough for auditors so far. Scandal after scandal after scandal has hit firms, and there is now a critical mass of calls for a re-establishment of audit ethics and trust-enhancing structural changes for the profession. Most observers and commentators blame audit failings on ethical failings: large firms being too dependent on non-audit fees from audit clients to risk upsetting them. Firms facing dramatic drops in profitability skimping on work and papering over worrying evidence to avoid loss-making engagements. Failure to perform basic audit procedures. All of this is fair, but it presumes that the failure is in our application of audit principles. What if the problem though is not just in the application, but in the principles themselves?
There has been a root-and-branch change within finance functions: the way we create, record, and account for business activities now has been fundamentally altered by technology. Businesses now, even small and medium-sized entities (SMEs), are managed using data. Everything that management wants to know it can track, and management can intervene immediately if they spot a problem – indeed some firms are using predictive technologies so they can intervene before a problem materializes. The volume of evidence that auditors have to consider is increasing exponentially; business controls are increasingly automated, increasingly technological. This makes audit harder to perform: to audit an FTSE 200 company, you need the systems to be able to handle the level of data and technological complexity you’re going to find in that firm. Only the really big players can audit at this scale because only they have the resources. This makes it too easy for the biggest audit firms to slip up on ethics.
Within 10 years some of us will be performing a highly-automated, always-on, data-led audit. Instead of starting with the financial statements and testing samples, auditors will be using machine-vision to confirm 100% of basic transactions to e-invoices. Organisations like Engine B will perform the heavy lifting of surfacing client data in an easy-to-use format, unleashing the latent power of data in audit. Audit firms are increasingly going to want to be able to benchmark client behaviour to help identify risks and anomalies, and we will soon have the theoretical capability to compare a customer’s accounts against the risks identified in the audit elsewhere in the supply chain. We’ve only begun to scrape the surface of what’s possible, and until the data is ‘freed’ from financial systems for analytics we will only see a fraction of that change. And already with the change we have, audit ethics is struggling to survive.
Put bluntly: they aren’t working. The principles we have were designed for the audit of the last century, and we haven’t yet developed the understanding or the safeguards needed to deliver trust in the 21st century. How, for example, is objectivity impacted if the auditor can accurately predict ahead of time that management’s going concern assessment looks risky under 20% of potential future scenarios? Does the auditor tell management about the risk if they haven’t identified that a risk exists? What about at 45%? 75%?
But more than that: our principles aren’t serving us well because they are individually focused. It is closing the stable door after the horse has bolted to rely on individual ethics where only a tiny number of firms are truly competitive because of technological and resource capacity. And regardless of the changes made to individual firms, with audit profitability predicted to decrease to increasingly unsustainable levels especially for mid-tier or lower top-tier firms, competition in the market is not going to improve. Asking auditors to be ethical when they must cut costs to remain in business, but where there’s not really any competition for their work is flogging a dead horse.
Technology offers opportunities here as well as costs. Analytics that track every click will help make sure nothing has been swept under the rug. Automating laborious, routine work will allow firms to spend more time focused on real risks without increasing costs. All of this restructures the incentives towards higher quality audit.
But to truly futureproof, we need to ‘disrupt’ our ethics in the same ways technology is disrupting ways of working. That is, we need to go back to first principles and ask ‘what will truly deliver trust in this new environment?’ And the answer to that is ethics that draws on the community response as well as the individual responsibility. If we’re able to move to a common data standard and extraction platform real competition can be reintroduced to the audit market in a way that helps firms of all sizes.
Just like open banking has improved the banking experience for millions of customers, ‘open audit data’ (for want of a better phrase) offers shareholders the chance to choose auditors who will robustly challenge management, gives scope for each audit team to benchmark against anonymised industry standards, and helps each auditor and audit firm by sharing the most immediate knowledge about, for example, newly emerging forms of fraud. Our duty of confidentiality is always going to be paramount, but a new virtue of privacy-respecting collaboration might just be the key to making audit fit for the 21st century.
If you would like to find out more about how our audit Common Data Model and knowledge graphs work together, watch our video, which delves into how a combination of these two technologies transform professional services processes.