The corporate failures and changes that our profession was faced with of late ushered in a new era for us. We had to adapt and be agile and resilient whether we liked it or not. Some might say it was for the worst; others may just see the light at the end of the tunnel or the opportunity in all of this
The financial future is exciting, and we can all play an integral part in it. As the accountancy profession, we were constantly reminded over the past few years that our proposed and predicted future is no longer a fairy tale, nor is it very far away.
The past couple of years were littered with corporate failures close to home which meant that we have to do introspection of our profession and our role in it now and in the future. Accountability has become a reality for many of us, whether in business, internal or external audit, and where our predecessors were in breach of their duties and responsibilities, we had to take the brunt. The responsibility is a shared one and we are all in this together.
A clean, fresh rebuild is needed for corporate reporting and audit reform
Our profession in general has suffered immense reputational damage and experienced a complete shift in how our services are delivered. With all the changes in standards and legislation, the intricacies and complexities have doubled over the past few years. Whether we like it or not, we are all responsible for the profession’s future and we can only really achieve success by working together to build the future we want to be a part of.
Our focus and energy will need to be divided across many disciplines across our service lines to rebuild the CA(SA) designation into a robust, credible, future-ready and trustworthy machine where all parts work toward a common goal. I believe this goal finds its roots in ethics, governance, responsibility, accountability, transparency, trust, quality and efficiencies. These are some of the principles that the profession was built on, and they are as important today as they were 30 years ago. We have just not always adapted to the changes in business and technology like we should have.
One of the key enablers of corporate reporting and audit reform lies in technology and its application in a truly credible, robust and transparent combined assurance model that benefits management, key stakeholders, internal and external audit equally. If we as role-players in the financial reporting ecosystem all sat down around the table, we would discover that we all essentially want and need the same thing: the right information we can trust, as quickly and efficiently as possible. This will drive our decision-making, monitoring, governance and reporting in business and, if managed correctly, can test our controls, mitigate our business and audit risks, and give us all assurance around the information that our key stakeholders entrusted us with at the end of the day.
Practicalities around a combined assurance model
A combined assurance model starts with all parties coming to the proverbial table and working together to achieve an effective control environment, with all control objectives addressed around an optimised and consistent flow of credible and trustworthy business and financial information. This, coupled with continuous internal and external audit processes in place, can result in an environment where all parties can benefit from the same stream of information because we all had an independent and critical part to play in establishing this work product.
This model should be risk and controls focused, automated and continuous. The full population of transactional data can be assessed and analysed continuously during the financial year to identify control failures and anomalies and respond accordingly from both the business side and audit side of things.
Technologies exist today that can enable every business and firm, regardless of its scale, to achieve this common goal. It just requires a true mind shift and a focus on digital transformation in all lines of service. This is easier said than done, but we are not moving forward at the pace we could be because of our risk-averse nature and our tendency to cling to the tried and trusted methodologies of the past. We also tend to focus all our energy on our own individual silos instead of coming together and planning how a model like this could be effective and beneficial for us all in the future. This model can also be managed in a cost-effective way and if that cost is shared among beneficiaries of the model, a return on investment could also be realised sooner than expected.
Compound data growth gives birth to new risks
With the surge and increase of data production in all parts of business, we are seeing exponential growth in the size and complexity of financial data as well. Our newly qualified accountants are also not automatically proficient in data analytics and data science and therefore we will find ourselves more and more out of depth with the methodologies we will need in the future to drive effective decision-making, governance, reporting and assurance in general. Our legacy methodologies are no longer truly effective in providing us with enough assurance to opine on the financial information generated, disclosed and reported on. No longer will a sample of 100 items be enough to test a billion transactions generated on a client’s system. Assurance would need to be obtained with a well-designed, automated, continuous process of evidence gathering, anomaly detection and robust analytics applied to the transactional population.
And those in business would need to understand the backbone of their data to generate efficient reporting to address all risks and objectives as part of the finance function. This means our profession as a whole needs to adapt and become more technologically proficient. The concept of future information risk also comes into play here. Future information risk lies in the principle that we are not consuming or analysing data efficiently and effectively enough which results in issues that exist today only being identified and addressed in the future. An example of this would be a control failure in the system that occurred months ago only being caught after the close of the financial year because we are playing catch-up on our testing or reporting and not picking these issues up as and when they happen.
As compound data growth is spiralling out of our control, we would need to employ technologies to assist us with this kind of monitoring so that human intuition and sound judgement are only applied in areas where they should be.
The importance of risk management
Understanding business and audit risks is key in ensuring that the technologies applied can truly work on our behalf to manage and mitigate risks, identify control failures and anomalies in transactional data and help us focus on the areas we should be focusing our energy on. The involvement of risk management as a key stakeholder in this process is imperative. All stakeholders would need to agree on risk appetite and business should be aiming for consistency in reactions to control failures.
A process like this should also be driven from the top, where the true financial mandate lies. Without buy-in and a focused drive from the top in business and assurance, the battle will be over long before it starts.
The audit expectation-performance gap multiplied by digital transformation
The audit expectation-performance gap finds its roots in the difference between the perceived performance of auditors and society’s expectation of auditors. This gap consists of a performance gap and a reasonableness gap. The performance gap is made up of possible deficiencies in the performance of an audit as well as possible deficiencies in auditing standards or the methodologies applied in line with the standards. Secondly, we have unreasonable expectations from society making up the reasonableness gap. In my opinion, a lot of our reputational damage over the past few years can be contributed to the unreasonable expectations society places on auditing in general, but the bigger issue lies in our performance gap increasing due to the growth and complexities in financial data. This gap is getting out of hand at an astounding pace, and we need to adapt to this change as a top priority. This might result in an increase in audit scope, but the solution does not necessarily lie in an increase in sample sizes on manual controls or substantive testing.
Throwing more time or more people at the problem will not solve it. The only way for us to close this gap is to employ a combination of people, process and technology, with technology being the key factor in creating efficiencies that can scale.
The decision-making process behind the technologies applied
Many businesses have failed during this process by trying to plug the holes in their organisations with a different technology or system for every business process. The result is often a complex network of technologies that are fit for purpose in each silo or application but difficult to adapt, refresh and integrate. This is also to the detriment of the management and governance around information technology in business. One of the aims in future-proofing a business is to simplify your architecture first.
It is also important to make technology decisions around integration and accessibility. Knowing your enterprise resource planning, point-of-sale, payroll, inventory management and other systems can all integrate with back-end connectors or application programming interfaces is key to driving the automation of governance, monitoring and reporting. When it comes to accessibility, the cloud is the future playground for all our processes in business. Business should all be moving toward becoming completely cloud-based and software-as-a-service is the model we will probably see all of business moving to due to the simplicity, real-time updates, support models and risk mitigation it opens us up to. It also allows businesses to procure complex functions on demand without the need for managing difficult implementations or underlying hardware and software resources.
What does this mean for us?
Our profession needs to align itself with the technology and data surge and the growth in financial data in business. We need to ensure we are positioned in all areas of the business of the future to ensure our information is credible, trustworthy and accurate and that automated, continuous monitoring is in place to identify, address and mitigate risks, control failures and transactional anomalies. This process should be as automated as possible to ensure we focus our energy where needed and that human intuition and sound judgement are applied where the risk lies. Humans will always need to be part of the process, because computers are very good at doing, but not at being.
Business, internal and external audit all have a role to play in building this combined assurance model that is risk and controls focused with transactional population control in place powered by artificial intelligence and machine learning models in conjunction with effective and efficient data analytics to identify anomalies in data designed around risk.
It requires a mind shift and a willingness to learn and adapt to integrate our unique human traits with technologies that can benefit us all by moving away from human-only assurance models to a technology-driven combined assurance model that is robust and future proof.
Renier Wessels CA(SA), Content Designer and Developer at Bidvest Advisory Services