Having taken the helm of the International Auditing and Assurance Standards Board (IAASB) in July 2019, Tom Seidenstein recognises the challenges posed by the loss of trust in audit quality and the intense scrutiny the profession is experiencing. He intends to respond by embracing innovation while maintaining high-quality standard-setting.

Unlike his predecessor, Professor Arnold Schilder, Seidenstein isn’t a member of the audit profession. Nevertheless, he sees strong markets, high-quality standards and a high-quality profession as directly linked. ‘I believe the profession is essential to making our economies and markets work better,’ he says. ‘That will only occur if we are able to attract the best and brightest to the profession.

Read the full article on the ACCA website: Innovation, Collaboration and Agility

Welcome to the first market scan prepared by the IAASB's Disruptive Technology team. Building on our previous work, which included the Innovation Report created with Founders Intelligence and discussed at the January 2021 IAASB Meeting, we will bring you a regular market scan focusing on various topics from the report around every two months. The market scans will consist of exciting trends in the area, including interesting developments on this topic, what this might mean for the IAASB, corporate and start-up innovation, and noteworthy investments.

In this market scan, we will explore Data Standardization Platforms for Enabling Data Access, which falls under the activity of Accessing Information & Data. We're starting with Data Standardization because establishing a common standard of how data is structured and accessed is a foundation block to the success and widespread adoption of other innovative technologies.

We will cover:

• What is Data Standardization and why it is important?
• What some of the latest exciting developments on this topic are, including the increasing maturity of Common Data Models and Knowledge Graphs.
• What this could mean for the IAASB.

What is Data Standardization and why is it important?

Data Standardization is the process of converting data to a common format that allows users to better analyze and utilize the data, thereby enabling data collaboration, large-scale analytics and the use of more advanced tools to interrogate the data.

With exponential growth in the amount and variety of data that companies create and use, there is voluminous unstructured, or inconsistently structured, data in companies' repositories. This leads to data silos and data that is underutilized or unnecessarily hard to access.

One of the problems this has created, amongst others, is where auditors are spending more time on data management, particularly when trying to access, "map," and use the entity's data as well as when performing data analytics. When each entity uses different data models and systems or platforms to store, structure and extract data, the inefficiency is amplified. Some firms are developing internal tools to address these challenges, such as by building ETL (Extract, Transform, Load) tools to minimize this inefficiency e.g., KPMG had 25 different ETL projects in 2019. Auditor's time spent on data management may be better utilized on other areas of the audit, and many firms and practitioners may have challenges with obtaining tools to access, manage and evaluate data relevant for auditing and assurance engagements.

The data management industry, firms, and regulators are exploring various approaches to help audit and assurance professionals and other professional service providers with these challenges. The UK's Brydon review in 2019, for example, recommends initiatives to develop a standard method of data extraction covering both structured and unstructured data.

Data standardization complements this approach by helping to address the root cause of difficulties by converting the data to be extracted into a common format. In particular, digital multi-party platforms are gaining traction as a solution to provide standardized data structure and mechanisms to access data silos with non-uniform formats, thereby facilitating the sharing of data to unlock new values both internally and externally. One exciting development is the development of Common Data Models (CDM). A CDM is a shared data language, allowing standardized metadata and its meaning to be shared across applications easily. Unfortunately, at present, there is no one model adopted globally across specific industries or jurisdictions.

Recent Noteworthy Developments in Data Standardization

This section is designed to provide examples of recent developments that may signal future disruption in this area. It is not a complete list of all activities in the field of data standardization. 

1. Disruptive start-ups are gaining traction

1. Engine B receives new financial and board-level investment
   • Institute of Chartered Accountants in England and Wales (ICAEW) upped its investment in Engine B to 10% and has taken a board seat.
   • Engine B is partnered with key organizations, including Microsoft and ICAEW, to create an Audit Common Data Model.
   • Part of this project involves creating an Intelligent Data Access Platform designed to be installed in a client environment and ingest corporate data, both structured and unstructured, to map it on an Audit CDM. This platform attempts to replace the need for complex ETL tools in favor of open data standards that facilitate the sharing of clean standardized data.
   • Working with 13 audit firms, Engine B aims to roll out its assets in late 2021, first in the UK, then the US, as it is collaborates with the AICPA. It aims to become a widely adopted infrastructure like Open Banking globally.

2. InfoSum raised a further $65m in their Series B to scale its privacy-focused data collaboration platform:

InfoSum's 'non-movement of data' technology enables companies to connect their data (both internally and externally) to unlock new customer value. This works by having companies standardize their data (i.e., map their data) according to InfoSum's Global Schema rules and upload it to InfoSum's platform.InfoSum raised a further $65m in their Series B to scale its privacy-focused data collaboration platform:

What does this mean? It means investors see an opportunity for data standardization when companies want to collaborate and share data without moving data outside their companies. It also signals the growing maturity of the data collaboration space as InfoSum is a leading start-up and is raising large sums of money to upscale its operations.

2. Relevant industry players are taking more interest in data standardization

I. A leading US accounting firm custom-built a common data model

1. • Besides a growing industry consortium for Engine B, a US accounting firm has partnered with Orion Innovation to build a CDM that enables uniformity in the data from hundreds of different ERP systems and technology platforms
   • The CDM made the data more understandable and useful to all its business activities, particularly auditing, data analytics, and advisory. Apart from unlocking advanced data analytics on the full population of data, it also unlocked automation options, which may provide greater consistency of audit quality.
   • See the case study here for more detail.

II. The EDM Council, a global association created to elevate the practice of Data Management, is leading the development of an open-source semantic data standard

1. • The EDM Council has published the Data Management Capability Assessment Model (DCAM). DCAM defines the scope of capabilities required for an entity to establish, enable and sustain a mature Data Management discipline. It addresses the strategies, organizational structures, technology and operational best practices needed to drive Data Management across the organization, and ensures the data can support digital transformation, advanced analytics such as artificial intelligence and machine learning, and data ethics.
   • The EDM Council partnered with CPA Canada to provide an overview of how DCAM can be leveraged for audit and business controls. A recording is available.
   • Since 2020, the EDM Council has been leading the Financial Industry Business Ontology (FIBO) initiative, which provides descriptions of the structure and contractual obligations of financial instruments and financial processes, to give meaning to the data.
   • The fundamental aim of the standard is to harmonize data across disparate repositories to validate data quality and improve risk analysis by making links between datasets that are understandable to both humans and software, i.e., resolve data silos.

3. Knowledge graphs for audit use cases is showing promising progress

I. Engine B's audit knowledge graph hopes to improve the quality of audits

1. • Knowledge graphs developed by Engine B provide contextual relevance of data by looking at the relationships between all data elements (both structured and unstructured), which allow auditors to make context-driven decisions. In particular, they are looking at anomaly detection and fraud detection as their initial use cases.
   • These knowledge graphs can sit on top of their Audit CDM to perform visual and contextual data analysis on all relevant transactions. Here is an explainer video from the developers.

II. The EDM Council is creating an Open Knowledge Graph Lab (OKGL) on top of their FIBO initiative

1. • Since late 2020, EDM Council has been developing OKGL as the infrastructure of knowledge graphs for application across different sectors. Particularly for the financial services sector, the EDM Council is exploring use cases in fraud, risk and anti-money laundering. The EDM Council is also currently preparing the rollout of a cloud sandbox to serve as a testbed to develop prototypes.

What might this mean for the IAASB?

The IAASB has an interest in improving the data available to assurance practitioners as this may enable the performance of more advanced analytics and otherwise improve areas of the audit that use data (e.g., evaluating models and related controls). Data standardization also enables collaboration between the entity and others, including auditors or assurance practitioners. Data standards are of particular interest in the sustainability space as a tool for entities to satisfy different reporting standards.

Data standardization is not within the IAASB's remit because it is fundamentally a matter for how the entity manages its data. Local law or regulation requiring the maintenance of books and records may be most relevant. However, because of the benefits to audit and assurance quality, the IAASB should stay close to the topic and take opportunities to raise it with other stakeholders, such as regulators, preparers, and assurance practitioners.

While the developments on data standardization are promising, there is still a considerable way to go before it is widely adopted by entities and therefore able to fully benefit audit and assurance. In the absence of a widely adopted CDM or another method to standardize data, the gap in data management capabilities between differently equipped firms and practitioners, including between jurisdictions, may grow. Furthermore, widespread adoption of innovative automated audit tools and techniques will be inhibited when data is not structured in a standard format.

As prominent CDMs are more widely adopted and supported by entities and made available to firms, there may be a need for standards on assurance services on whether data is compliant with the relevant data standard.

What do you think about this bulletin?

Please take the time to fill out our quick survey to let us know your thoughts about this bulletin, how it can be improved and what you would like to hear about going forward.

What next?

Our next Market Scan bulletin will be distributed by January 2022.

Welcome to the second market scan from the IAASB's Disruptive Technology team. Building on our previous work, including the Innovation Report created with Founders Intelligence and discussed at the January 2021 IAASB meeting, we will issue a Market Scan focusing on topics from the report approximately every two months. Market Scans will consist of exciting trends, including new developments, corporate and start-up innovation, noteworthy investments and what it all might mean for the IAASB.

In this Market Scan, we explore API Access to External Data Sources for Enriched Analysis, which falls under Accessing Information & Data, because establishing a method for obtaining relevant and reliable external data that can be used in an audit has the potential to reshape the audit process.

We cover:

• What an API is and why it is important?
• The latest exciting developments on this topic are, including Open Banking
• Possible implications for the IAASB

What is an API and why is it important?

An API or Application Programming Interface is a set of defined rules that explain how computers or applications communicate with one another. They enable companies to open their application’s data and functionality to external third-party developers, business partners and internal departments within their companies. APIs use standardized requests that in turn return standardized outputs or responses.

APIs have been around as long as computers; modern day “web APIs” grew in use with the advent of social media platforms, like Facebook and Twitter. However, it was Amazon that created a fundamental shift in how digital resources are accessed with founder and CEO Jeff Bezos’ famous API mandate, issued in 2002. This manifesto requires all Amazon development teams to “expose their data and functionality through service interfaces”. 

From “What Is an API: Concept and Architecture Types Explained on Real-Life Examples” at Cleveroad.com. See additional resources at the bottom of this email for more.

From an audit and assurance perspective, there are three key areas where APIs can be leveraged.

1. Enabling access to entity data (such as general ledger or sub-ledger data) for the purposes of inquiry or extraction.
2. Enabling access to entity-specific third-party data such as bank transactions.
3. Enabling access to audit-relevant external information sources, such as macroeconomic or industry-specific data.

 1.    Access to entity data

In our last Market Scan: Data Standardization, we wrote about the exponential growth in available data that could be used in an audit as well as the challenges of obtaining standardized data and the use of common data models. The initial step in the data acquisition process may involve using an API to request the required data from the entity’s accounting system. Over the last five years, there has been growth in investment in this area both from within accounting firms and from third party vendors of data extraction, transformation and load (ETL) technology such as Engine B, Validis, Inflo, Galvanize and Workiva.

 2.    Access to entity-specific third-party data

This is the key area of potential disruption to the audit and assurance industry. Being able to directly access entity-specific third-party data, such as bank transactions, by using open banking APIs could revolutionize how audit evidence is obtained, particularly when connected with entity data and other relevant external information sources. Mandates such as the Second Payments and Services Directive in Europe, which required banks to open their payments infrastructure and customer data to third parties, have supported the growth in open banking. It is now a global initiative with 87% of countries having some form of Open Banking API. Below are details of some countries that use open banking, including where driven by government regulation.

From “Trailblazers and latecomers: open banking around the world” at GoCardless.com

3.    Access to audit-relevant external information sources

Use of external information sources is commonplace in an audit. By using APIs, information can be obtained in a standardized format, which makes it easier to use, for example, in analytical procedures.

The benefits of APIs may include increased speed and access to data from varied independent reliable sources. Additionally, when coupled with other technology, such as robotic process automation, it can facilitate efficiencies in routine audit activities, such as using company registry information to identify related parties. Many audited entities seeking to leverage these benefits are using APIs within their IT environment to support business operations.

Alongside the significant growth in prevalence of APIs comes concerns about security and management of data. The UK and Australian governments have both issued API data standards and continued attention from governing bodies is likely. 

Recent noteworthy developments in API access

This section is designed to provide examples of recent developments that may signal future disruption in this area. It is not a complete list of all activities in the field of API access. For a reminder of Key Venture Capital and Investment terms please refer to the previous Market Scan.

 1. Open Banking experiences rapid growth

I. Fintech start-ups are shaking up the banking industry

There are a number of very active fintech start-ups developing APIs that allow easier sharing of financial data. Prominent examples around the world include:

• Plaid, a San Francisco-based startup building technology platforms to connect applications to users’ bank accounts, has raised US$735m in funding with a latest US$425m Series D backed investors such as Andreessen Horowitz and Silver Lake. Acquisition by Visa was blocked by the US Department of Justice on the grounds that it would limit competition in the payments industry. Plaid was one of the first companies to create what is called a unified API—a single API that connects to over 11,000 financial institutions.
• Tink and Truelayer, both based in Europe offer platforms and products to support open banking integration in applications. Tink was recently acquired by Visa.
• Open banking has also gained traction in Asia with early-stage start-ups like Hong Kong-based Finverse, which has an ambitious goal to enable open banking throughout the Asia-Pacific region.

Additionally, there are start-ups serving the financial services industry with APIs providing access to payroll, insurance and credit data to support targeting of appropriate financial products to businesses. This is an area of significant growth and one to watch for future audit and assurance implications.

II. Recognition grows of the impact of Open Banking on Assurance services

• Confirmation.com (part of Thomson Reuters) has provided audit confirmation services for nearly 20 years and recently completed a three-month pilot to test open banking, which received positive feedback from pilot audit firms.
• Circit is a rapidly growing Dublin-based fintech startup launched in 2017 that provides a platform supporting confirmation requests, transaction verification, PBC client collaboration and document signing. It names banks, “big four” and mid-tier audit firms amongst its clients.

2. External Information Sources Related Activity

I. US PCAOB issues guidance on external information sources

In October 2021, the US Public Company Accounting and Oversight Board (PCAOB) issued staff guidance highlighting the importance of appropriately evaluating the relevance and reliability of information from an external information source that an auditor plans to use as audit evidence. The publication gave a number of examples and factors to consider. It notes that, “Advancements in technology in recent years have improved accessibility and expanded the volume of information available to companies and their auditors from traditional and newer external sources.”

II. Growth in data platform providers to support access to external data sources

• People Data Labs raised US$45m in Series B funding to enable expansion of data products to support fraud detection and risk mitigation. The San Francisco-based company builds APIs that enable their clients to leverage vast datasets to build people profiles and records as well as power predictive modeling, drive artificial intelligence and build new tools. The new funding, announced in November 2021, will enable the company to expand its data products to support fraud detection, risk mitigation and insurance underwriting.
• Demyst raised A$33m and announced plans to issue an IPO. Demyst is an external data deployment company that works with banks, insurers and fintechs providing operationalized access to external data sources through a secure data platform.

What might this mean for the IAASB?

Access to quality data is at the heart of enabling technological transformation within the assurance profession. APIs represent a key route to success. The availability of accessible, standardized data created by APIs builds opportunities to improve finance functions, enhance audit quality, and radically streamline the audit process.

The increasing accessibility of entity-specific third-party data, such as entire populations of bank transactions that have been made possible by Open Banking APIs, may present a need to envision how this will reshape the audit process—particularly in regard to obtaining audit evidence.

The growing use of web APIs within entity core operations, across many industries, from retail to banking, may lead to web APIs becoming relevant to financial statements preparation and, therefore, auditors’ risk assessment procedures. Jurisdiction-specific guidance may help auditors better understand and assess how entities are managing the risks related to using APIs available in their jurisdiction.

Finally, the quantum of external data sources available to auditors presents an additional challenge of assessing the relevance and reliability of these data sources—and perhaps a need to address these matters centrally.

Useful links/articles

API Basics

• What is an API and how does it work? (In plain English) - YouTube (7 min video)
• What Is an Application Programming Interface (API) | IBM
• What Is an API and How Does It Work? (cleveroad.com)

Accounting Profession insights

• What Impact Will Open Banking Have on Accounting? | INAA
• How third-party information can enhance data analytics | Deloitte Insights

Other perspectives

• Not All API Companies are the Same: the 4 Types | Datamation
• Open banking has evolved — what’s next? And who are the players to watch?| Sifted

Funny story

• These Parents Built a School App. Then the City Called the Cops | WIRED UK

What do you think about this bulletin?

Please take the time to fill out our quick survey to let us know your thoughts about this bulletin, how it can be improved and what you would like to hear about going forward.

What next?

Our next Market Scan bulletin will be distributed in February 2022.

The International Auditing and Assurance Standards Board (IAASB) today released further conforming and consequential amendments to the IAASB’s standards resulting from the new and revised quality management standards, which were released in December 2020. The conforming amendments remove actual or perceived inconsistencies between the IAASB’s suite of standards and the quality management standards. This allows the IAASB’s full suite of standards operate in conjunction with each other and without confusion, which is especially crucial given the importance of firm-level quality management to the consistent performance of quality engagements.

The standards covered in today’s release do not include the International Standards on Auditing (ISAs). Conforming and consequential amendments to the ISAs were finalized and released in December 2020 alongside the quality management standards.

The conforming amendments to the IAASB’s International Standards become effective as of December 15, 2022.

The Conforming and Consequential Amendments to the IAASB’s Other Standards as a Result of the New and Revised Quality Management Standards are the limited amendments to the IAASB’s suite of standards in response to the quality management standards. The amendments address any actual or perceived inconsistencies between the quality management standards and the full suite of IAASB standards to ensure that all the standards operate in conjunction with each other without conflict.

The International Auditing and Assurance Standards Board (IAASB) approved a new work plan, A Public Interest Focus in Uncertain Times, during its December 2021 meeting. Pending approval by the Public Interest Oversight Board (PIOB), anticipated in early April 2022, the work plan will guide the IAASB’s work in 2022 and 2023, reflecting the IAASB Strategy for 2020-2023.

Sustainability and environmental, social, and governance (ESG) assurance are a prominent addition to the new work plan and will see increased time and resourcing for 2022–2023. In addition, the new work plan highlights candidate topics in the Audit and Review space (e.g., responding to assessed risks of material misstatement and the impact of technology on various standards) that the IAASB will consider for a further project to commence in 2023. A key focus will remain the progression and completion of projects underway at the start of 2022, including audits of financial statements of less complex entities, audit evidence, going concern, and fraud.

“Based on the increasing global attention, and urgency, around sustainability/ESG reporting and the assurance thereof, the IAASB is dedicating additional capacity and resources to this workstream. We are committed to acting with a sense of urgency, building off our existing platform of assurance standards that are already used worldwide,” according to IAASB Chair Tom Seidenstein. “Our collaboration with others and an expedited information gathering phase will allow us to determine the precise scope and timing of our efforts so we take the right action to meet the growing public demand.”

“While we’re awaiting PIOB approval, we want our stakeholders to know what is on our program for this year and 2023, and be able to plan accordingly,” said IAASB Technical Director Willie Botha. “The initiatives and projects in our work plan, especially sustainability/ESG assurance, are those our board believes currently are the most pertinent public interest issues to address in ensuring the continued credibility and confidence in our work as global audit and assurance standard setter.”

Extended External Reporting Guidance Renamed

To help stakeholders more readily identify and understand available guidance for assurance of sustainability/ESG reporting, the IAASB agreed to rename a key piece of guidance. The newly renamed Non-Authoritative Guidance on Applying ISAE 3000 (Revised) to Sustainability and Other Extended External Reporting Assurance Engagements was originally released in April 2021. It responds to key stakeholder-identified challenges commonly encountered when applying International Standard on Assurance Engagements 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information to such engagements.

About the IAASB
The International Auditing and Assurance Standards Board develops auditing and assurance standards and guidance for use by all professional accountants under a shared standard-setting process involving the Public Interest Oversight Board, which oversees the activities of the IAASB, and the IAASB Consultative Advisory Group, which provides public interest input into the development of the standards and guidance. The structures and processes that support the operations of the IAASB are facilitated by the International Federation of Accountants (IFAC). For copyright, trademark, and permissions information, please go to permissions or contact permissions@ifac.org.

The IFAC-IAASB less complex entities survey—part of the IAASB’s consultation on audits of financial statements of less complex entities—is open until January 14. While the IAASB encourages all interested stakeholders to respond to the consultation in writing, the survey provides a way to participate and provide feedback that is less time and resource intensive. The survey is available in English, French and Spanish by clicking the language selector in the survey’s top right corner. Survey responses will be analyzed by the IAASB alongside all other feedback and help shape the final standard; individual survey responses are confidential.

For additional information on the IAASB’s proposed new standard for audits of less complex entities, which was issued in July for a six-month consultation, visit iaasb.org/less-complex-entities.

Momentum is gathering for increased sustainability/environmental, social, and governance (ESG) reporting requirements for companies. Investors, policymakers, and a broad range of stakeholders seek higher quality, increasingly standardized reporting on companies’ performance on non-financial measure. And with this, demand for assurance engagements that enhance the degree of confidence of the intended users of sustainability/ESG reporting is growing.

We at the International Auditing and Assurance Standards Board (IAASB), the independent audit and assurance standard setter serving more than 130 countries, expect the drive for added corporate reporting and disclosure on sustainability and climate-related information only to accelerate. We see the trend moving from voluntary reporting commitments to requirements mandated by jurisdictions throughout the world. The European Union’s proposed Corporate Sustainability Reporting Directive is an important example in that direction. The establishment of the International Sustainability Standards Board (ISSB) by our counterpart organization, the IFRS Foundation, enhances the likelihood of a trusted and independent source developing globally accepted reporting standards as the basis of requirements.

As with financial reporting, the IAASB believes that market participants are best served when financial and other reported information benefits from external assurance, provided by professionals committed to the public interest and highest ethical standards. For this reason, in the past the IAASB has devoted significant energy to creating standards to govern assurance of non-financial information. We have a well-established umbrella standard, International Standard on Assurance Engagements (ISAE) 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information, and subject-matter specific standards such as, ISAE 3410, Assurance Engagements on Greenhouse Gas Statements. In April of this year, we published guidance aimed at helping assurance professionals apply our umbrella standard to sustainability and other non-financial (or extended external reporting) assurance engagements.

We know that our work is only the beginning, a solid foundation to build upon. This is why we committed to do more work to enhance the assurance of sustainability/ESG reporting when we approved our new 2022-2023 work plan last week.

The IAASB agreed to dedicate capacity and resources to the assurance of sustainability/ESG reporting. Information gathering and research activities, using dedicated staff resources, to determine future IAASB action will commence in January 2022. This initial work will also determine the precise scope and timing of the IAASB’s efforts. The initial work will also include a willingness to collaborate with key stakeholders throughout the world, including the standard-setting and regulatory communities.

We recognize that our initial consultations could lead to:

• Developing new subject-matter specific standard(s) that build on and supplement ISAE 3000 (Revised);
• Targeted enhancements to ISAE 3000 (Revised), as necessary; or
• Other related actions that are necessary in the public interest. For example, revising our existing guidance or developing new guidance.

Our March 2022 IAASB meeting will the first opportunity to provide feedback, share views and discuss next steps (you can listen to our discussions via YouTube).

We are conscious that demand for enhanced requirements and guidance is high; it is why we are positioning the IAASB to act in a coordinated and responsive manner. 

The Technology Working Group of the International Auditing and Assurance Standards Board (IAASB) today released non-authoritative support material to help auditors understand how to plan an audit under International Standard on Auditing (ISA) 300, Planning an Audit of Financial Statements, when using automated tools and techniques (ATT).

The publication does not amend or override the ISAs, the texts of which alone are authoritative. Reading the publication is not a substitute for reading the ISAs. 

This publication highlights the impact of technology when applying certain aspects of the International Standards on Auditing (ISAs). It focuses on specific considerations for planning an audit in accordance with ISA 300, Planning an Audit of Financial Statements, that may be relevant when using automated tools and techniques.

This publication does not amend or override the ISAs, the texts of which alone are authoritative. Reading the publication is not a substitute for reading the ISAs.