Distributed Ledger Technology - one of the most disrupting technologies
One can hardly argue against the fact that one of the most disrupting technologies that we are witnessing today is the Distributed Ledger Technology (DLT), with blockchain being the most well-known type of Distributed Ledger Technology implementation.
In fact, the World Trade Report of 2018, lists blockchain technology as one of the digital innovations likely to shape the future, alongside with the Internet of Things (IoT), artificial intelligence (AI) and 3D printing. The same report quotes a Gartner report which states that by the year 2030 blockchains could deliver US $3 trillion of value worldwide.
While the technology itself is still at its infancy and various technical hurdles need to be overcome before mainstream adoption becomes possible, the future implementation of blockchain technology will change the way we conduct our daily business by using the blockchain to cut costs and improve the efficiency of various business processes.
While blockchain technology might not be a solution to all industry sectors, many industries can in the future take advantage of feature brought about by this technology to remove the costly inefficiencies of today’s centralized systems.
Examples include insurance, supply chain management, charity, energy and resources, healthcare, retail, real estate, and of course the financial industry to name a few.
The impact of Distributed Ledger Technology on the external auditing
So, if in the near future various companies will be conducting their business using the blockchain or some other form of Distributed Ledger Technology, how will this affect the way external auditing is performed?
The blockchain technology aims to implement transparency, immutability, security and auditability and therefore there are multiple ways how the way external audits are carried out in the future will be transformed.
One simple example is that due to the immutable nature of a blockchain technology based ledger, auditors can rely on transactions they obtain from the blockchain rather than asking customers and third-parties (external confirmation) for the necessary information or documentation.
With the possibility of automating such a process and using appropriate data analytic tools, will mean that auditing based on random sampling will become a thing of the past since the auditor would be able to use such automated tools to test the entire transaction history or ledger.
This brings us to the timing of audits, wherein one could typically have ‘real-time’ or ‘continuous’ audits processes through such automation (which would be even more relevant in the case of internal auditing).
For this reason, the combination of blockchain technology and smart contracts promises to modernise the way audits are carried out.
A smart contract is computer code that automatically self-executes when certain predefined conditions are met.
A research paper published in the International Journal of Digital Accounting Research, entitled Auditing with Smart Contracts, defines Auditing procedures with Smart Contracts as “autonomous audit procedures, including autonomous internal control tests and autonomous analytical procedures, that are deployed on the external auditor blockchain”.
This means that the auditor could deploy various IF, THEN, ELSE conditions so that the smart contract code would go through the ledger and perform the necessary tests on the data-set at hand.
Furthermore, by using their own blockchain to store audit-data, this proposed model would effectively mean that almost real-time audit reporting would be available to the various stakeholders and at the relevant level of detail and/or aggregation.
Using Oracles in order to collect data outside of the organization
Using smart contract based auditing, auditors can also use Oracles in order to obtain data outside of the organisation in order to verify and validate assertions made by the organisation being audited.
Oracles are trusted third-party sources that could supply various types of information such as weather data, flight information, shipment tracking and market pricing information amongst others.
As mentioned earlier, carrying out a smart contract based audit is based on the assumption that the ledger being audited is immutable, secure and auditable.
For this reason, an IT audit would also be required to ensure that the blockchain being audited really implements such features.
For example, if 51% of the consensus employed by the specific blockchain is being controlled by one individual or entity then such features may no longer be true and therefore the auditor may not be able to place reliance on the validity of the data stored on such a blockchain.
Is the completely automated audit the future?
While smart contract based auditing will become more and more important in the years to come, one also needs to understand that a completely automated audit may never be possible.
For example, the verification of transactions, while being of utmost importance in an external audit, is only one of the aspects of an audit.
Apart from verifying the existence of a transaction, an auditor might also want to check the nature of such a transaction, something that may not be easily automatable.
In various other instances the audit process would require the judgement of the auditor and until machine learning techniques will not become more evolved, the auditor’s professional judgement will still be relevant in the audit process.
What is important to remember is that smart contract based auditing will free the auditor from the repetitive random based sampling work of transaction verification that is common in today’s auditing practice to have more time to focus on other areas of the audit.
These include the determination of accounting estimates such as the definition of fair value of an asset, determination of accruals, revenue recognition, etc.
This usually requires knowledge of the business. For these reasons, the probability of having completely automated external audits in the near future is highly unlikely but one would expect to see a sort of hybrid audit that would allow the auditor to focus on those areas that require professional judgement.