Workshop series focused on IFAC member requirements
Beginning in October 2021, the ASEAN Federation of Accountants (AFA) hosted a series of seven monthly workshops focusing on IFAC’s requirements for member organizations, the Statements of Membership Obligations (SMOs). The last workshop was held in May 2022.
Today, the International Auditing and Assurance Standards Board (IAASB) opened the public consultation for proposed changes to one of its fundamental standards, International Standard on Auditing (ISA) 500, Audit Evidence. The current ISA 500 addresses an auditor’s responsibility to design and perform audit procedures to obtain sufficient appropriate evidence to draw reasonable conclusions on which to base the auditor’s opinion.
The proposed changes:
Clarify ISA 500’s purpose and scope and explain its relationship with other standards;
Provide a principles-based approach to considering and making judgments about information intended to be used as audit evidence and evaluating whether sufficient appropriate audit evidence has been obtained;
Modernize ISA 500 to be adaptable to the current business and audit environment, while considering scalability for different circumstances, including the entity and the auditor’s use of technology, such as automated tools and techniques; and
Emphasize the role of professional skepticism when making judgments about information intended to be used as audit evidence and evaluating the audit evidence obtained.
Proposed International Standard on Auditing 500 (Revised), Audit Evidence, provides a “reference framework” for auditors when making judgments about audit evidence throughout the audit.
“The audit and the environment in which an auditor conducts the audit and assess audit evidence has evolved significantly in recent years,” commented IAASB Chair Tom Seidenstein. “For example, the changing nature and sources of information used by the auditor and the increasing role played by technology demanded a re-examination of the audit standard. These proposed changes will ensure that the standard keeps pace, while retaining a principles-based approach to standard setting.”
The IAASB invites all stakeholders to comment on the Exposure Draft via the IAASB website. Comments are requested by April 24, 2023.
About the IAASB The International Auditing and Assurance Standards Board develops auditing and assurance standards and guidance for use by all professional accountants under a shared standard-setting process involving the Public Interest Oversight Board, which oversees the activities of the IAASB, and the IAASB Consultative Advisory Group, which provides public interest input into the development of the standards and guidance. The structures and processes that support the operations of the IAASB are facilitated by the International Federation of Accountants (IFAC). For copyright, trademark, and permissions information, please go to permissions or contact permissions@ifac.org.
Proposed Changes Reflect the Standard’s Nature, Role within the Suite of IAASB Standards
Welcome to the fifth Market Scan from the IAASB's Disruptive Technology team. Building on our previous work, we issue a Market Scan approximately every two to three months. Market Scans cover exciting trends, including new developments, corporate and start-up innovation, noteworthy investments and what it all might mean for the IAASB. Special thanks to Maddie Zietsman for helping to author this edition.
In this Market Scan, we explore Homomorphic Encryptionfor Analyzing Encrypted Data, a technology which has applications within Protecting Information. This technology has the potential to impact how data is used in the audit—creating opportunities for greater collaboration and access to specialist skills.
We cover:
What is Homomorphic Encryption and why is it important?
The latest developments
What this might mean for the IAASB
What is Homomorphic Encryption? Why is it important?
Homomorphic Encryption (HE) is a set of algorithms that allows computations to be done on encrypted data without the need for decryption. Homomorphic encryption lets data be protected while “in use”, so analysis can be run directly on encrypted information without disclosing it and providing complete confidentiality during analysis.
Source: What is Homomorphic Encryption?, OpenMined
There are two main types of homomorphic encryption, Partial Homomorphic Encryption, which supports only a single operation over encrypted data, and Fully Homomorphic Encryption, which supports multiple operations. Federated Learning (FL) is another privacy-enhancing technology that distributes machine learning across devices or servers, thereby reducing latency and security risk whilst protecting privacy.
Fully Homomorphic Encryption: Why it Matters, IBM News, three-minute watch
Homomorphic encryption has many potential benefits for a wide range of industries from healthcare to financial services. From an audit and assurance perspective, there are several areas where homomorphic encryption can be leveraged.
Using aggregated data tosecurely achieve common goals –Audit firms or other organizations that may perceive privacy or confidentiality risks when working together could collaborate using encrypted data to achieve a common goal such as developing fraud pattern detection applications. Using homomorphic encryption, encrypted data sets from multiple sources could be linked together, used to train an AI application, and develop a technology product for all parties to use.
Enabling use of third parties without compromising data privacy – Homomorphic encryption may enable audit practitioners to leverage third parties with greater analytics capabilities or expertise to perform analysis on encrypted data to support audit procedures—an approach that would be difficult if not impossible without the encryption technology.
Enhancing effectiveness of cross-border audits – Homomorphic encryption could be used to enable data analysis across borders while respecting data residency and privacy laws. This would be particularly beneficial to group audits with components in jurisdictions with strict data residency restrictions.
Greater capability to perform benchmarking – Homomorphic encryption could be used to provide benchmarks across industries, including competitive companies, without exposing market sensitive data. Benchmarking data may be used when performing an audit, for example when performing analytical procedures.
Mitigating bias whilst stress testing models – Using homomorphic encryption, machine learning models and algorithms could be stress tested using encrypted data sets, so the data could not be fitted to the model ahead of time.
All these areas focus on homomorphic encryption’s ability to increase the data analysis that can be done while still ensuring data security and privacy. As the technology gains wider traction, it offers audit and assurance practitioners opportunities to increase their analytical capabilities and leverage the specialized skills of other entities or parties, without compromising data privacy.
Recent Noteworthy Developments in Homomorphic Encryption
This section is designed to provide examples of recent developments that may signal future disruption in this area. It is not a complete list of all activities in Homomorphic Encryption. For a reminder of Key Venture Capital and Investment terms please refer to the first Market Scan.
1. Big player activity
Homomorphic Encryption is gaining traction and growing fast. Top companies, such as Intel, Microsoft and Google, are leveraging the power of this technology and working to develop its use in various sectors of the economy.
Study shows growing interest in homomorphic encryption technologies
A December 2021 study by Deloitte noted 19 different “publicly announced pilots, products, and proofs of concept for homomorphic encryption”. Companies that are leading these pilots include large companies like Apple, Google, Microsoft, Nvidia, IBM, and more. Finance, health, and social care currently dominate the pilot projects, but the expectation is that more industries will reap the benefits from the technology as it continues to gain leverage. These pilots also present opportunities for the audit and assurance industry to capitalize on the power of homomorphic encryption and how the using data encryption may contribute to or enhance the performance of quality audit or assurance engagements.
Intel and Microsoft announce collaboration on security technology
Intel and Microsoft have partnered together as part of a DARPA program to focus on reducing the overhead that is associated with using homomorphic encryption. To reap the benefits of this technology, it is important that it is both accessible and affordable. Both Intel and Microsoft’s investment in time and research in homomorphic encryption reveals the importance that both companies see in the technology’s ability to change the working world. As these large companies continue their research and testing, it may not be long before homomorphic encryption is accessible to companies of all sizes.
2. Start-up activity
As homomorphic encryption becomes more prominent, there have been a few key start-ups that have spearheaded its development, including those highlighted below.
Duality advances Homomorphic Encryption Landscape
Duality, a leader in enabling privacy-enhanced collaboration on sensitive data launched their open-source fully homomorphic encryption (FHE) library, OpenFHE, in July 2022. This was a collaborative project with other leaders in cryptography including Intel, Samsung, University of California-San Diego and MIT. OpenFHE is considered a next generation open-source FHE software library providing even greater security, robust privacy protection and wider useability.
Enveil announces new encrypted training solution
Enveil, a start-up company founded in 2016, has been a key leader in developing homomorphic encryption and federated learning technologies. In June 2022, Enveil announced a new solution called ZeroReveal ML Encrypted Training (ZMET), which enables encrypted federated learning and usage of decentralized datasets for machine learning applications.
New start-up sees web3 opportunity using homomorphic encryption
Brand new start-up, Sunscreen, just raised $4.65 million in seed funding to develop advanced privacy technology for the next generation of the world wide web, web3. Currently zero-knowledge proofs (ZKPs), which allow for a transaction to be verified on a blockchain without the underlying data being shared, are seen as the main solution for improving privacy in web3 but require significant processing power. However, co-founder and CEO of Sunscreen, Ravital Solomon, thinks “fully homomorphic encryption is even more promising in its potential to bolster privacy in web3.”
What this might mean for the IAASB
The IAASB is interested in maintaining its collective knowledgebase on digital technologies (including on specific sub-topics such as homomorphic encryption), promoting digital readiness and enablement through its engagement with stakeholders, and encouraging action by others to supplement and support the IAASB’s standard-setting activities. The IAASB is also keen to explore how technologies could be used to enhance interaction with auditing standards. Subject to IAASB’s work plan decisions, possible use cases of digital technologies for audited entities and audit engagements might provide input to further modernize IAASB’s standards to be adaptable to and reflect the current business and audit environment (while recognizing that the standards would address digital technologies in a principles-based manner).
Access to appropriate and reliable data is fundamental to being able to use automated tools and techniques in the audit. Considerations around data protection and privacy are key to this approach and homomorphic encryption presents a potential solution to current data access restrictions.
Homomorphic Encryption also offers opportunities for those in audit and assurance to develop advanced analytics, machine learning and AI technologies through enabling more options for data management.
However, using this technology may present unique practical challenges with applying certain principles set out in existing standards that address aspects of, for example, quality management, audit evidence, service organizations and using the work of others which may indicate the need for additional guidance. Given the nascent nature of this technology it is too early to fully comprehend the practical implications related to its use, but the IAASB will continue to monitor developments in this area.
Scientists at the University of Texas have developed an ink containing polymers that can store data and have used it to write a letter containing a hidden message. “The idea of writing a message but the real, hidden message is contained in the molecular structure of the ink is fascinating, although maybe not the most practical method,” says Alan Woodward at the University of Surrey, UK.
What do you think about this bulletin?
Please take the time to fill out our quick survey to let us know your thoughts about this bulletin, how it can be improved and what you would like to hear about going forward.
The SMPAG supports the IAASB approach to undertake the project on listed entity and PIE as two tracks with the ED focused on narrow scope amendments to ISA 700 (Revised) and ISA 260 (Revised) to support operationalizing the IESBA transparency requirement with an effective data that aligns with the revisions to the IESBA Code, followed by a separate track dealing with other issues that would have a later effective date.
The International Public Sector Accounting Standards Board (IPSASB), developer of IPSAS®, international accrual-based accounting standards for the public sector, announced its new 2023 board members at its recent meeting in Portugal. The 2023 board will be a diverse, woman-majority group with members from around the world.
The new appointees to the IPSASB have been selected following a rigorous nominations and interview process involving the IFAC Nominating Committee and IPSASB leadership, overseen by the Public Interest Committee. The IFAC Board approved the recommended candidates.
The new Board members are:
Mrs. Nor Yati Ahmad (Malaysia),
Mr. Andrew van der Burgh (South Africa), and
Mr. Jona Wala (Kenya).
The re-appointed Board members are:
Dr. Kamira Muriel Sanchez Nicosia (Panama),
Mr. Scott Showalter (USA), and
Mrs. Patricia Siqueira Varela (Brazil).
“For the second year, the IPSASB will be a board comprising a majority of women for 2023,” said IPSASB Chair Ian Carruthers. “Diversity of Board membership is essential to ensure the delivery of high-quality standards that can strengthen public financial management globally. The appointment of new members from Africa and Asia will also be important to ensuring that our outputs meet the needs of an increasingly diverse group of users.”
The IPSASB also announced that Mr. Scott Showalter (USA) will assume the IPSASB Deputy Chair position for 2023. “I am extremely pleased that Scott has agreed to serve as my deputy. Scott brings a powerful combination of experience having served on the board since 2020 in addition to his experience as the former chair of Federal Accounting Standards Advisory Board where he completed his 10-year term in June 2019,” said Mr. Carruthers. “I also want to take this opportunity to thank outgoing members Lindy Bodewig, the current Deputy Chair, Christopher Nyong, and Ajith Ratnayake for their many important contributions to our work during their time with the Board. We are extremely grateful for their dedication and commitment.”
About the IPSASB The International Public Sector Accounting Standards Board (IPSASB) works to strengthen public financial management globally through developing and maintaining accrual-based International Public Sector Accounting Standards® (IPSAS®) and other high-quality financial reporting guidance for use by governments and other public sector entities. It also raises awareness of IPSAS and the benefits of accrual adoption. The Board receives support from the Asian Development Bank, the Chartered Professional Accountants of Canada, the New Zealand External Reporting Board, and the governments of Canada and New Zealand. The structures and processes that support the operations of the IPSASB are facilitated by the International Federation of Accountants (IFAC). For copyright, trademark, and permissions information, please go to permissions or contact permissions@ifac.org.
About the Public Interest Committee The governance and standard-setting activities of the IPSASB are overseen by the Public Interest Committee (PIC), to ensure that they follow due process and reflect the public interest. The PIC is comprised of individuals with expertise in public sector or financial reporting, and professional engagement in organizations that have an interest in promoting high-quality and internationally comparable financial information.
