As part of the ACCA's virtual conference, IAASB Chair Tom Seidenstein speaks with IAASB Member Chun Wee Chiew in a two-part conversation about Tom's first two years as chair and key projects and priorities for the IAASB.
The IAASB’s work continues apace despite the pandemic, with chair Tom Seidenstein now focused firmly on the future
Two years into his term as chair of the International Audit and Assurance Standards Board (IAASB), Tom Seidenstein is focusing on future developments, not least the creation of a standard covering less complex entities.
As is widely recognised, auditing standards have evolved to mirror an increasingly complex business world, and yet there remain many businesses and other organisations that arguably do not require such a detailed examination. But, as Seidenstein is keen to point out, this is not about lowering the quality of audit for less complex businesses; it is about auditing in a smarter way.
Having taken the helm of the International Auditing and Assurance Standards Board (IAASB) in July 2019, Tom Seidenstein recognises the challenges posed by the loss of trust in audit quality and the intense scrutiny the profession is experiencing. He intends to respond by embracing innovation while maintaining high-quality standard-setting.
Unlike his predecessor, Professor Arnold Schilder, Seidenstein isn’t a member of the audit profession. Nevertheless, he sees strong markets, high-quality standards and a high-quality profession as directly linked. ‘I believe the profession is essential to making our economies and markets work better,’ he says. ‘That will only occur if we are able to attract the best and brightest to the profession.
Conceptual Framework Update: Chapter 3, Qualitative Characteristics and Chapter 5, Elements in Financial Statements
The objective of ED 81 is to update Chapter 3, Qualitative Characteristics, and Chapter 5, Elements of Financial Statements, of the Conceptual Framework, in light of:
Welcome to the first market scan prepared by the IAASB's Disruptive Technology team. Building on our previous work, which included the Innovation Report created with Founders Intelligence and discussed at the January 2021 IAASB Meeting, we will bring you a regular market scan focusing on various topics from the report around every two months. The market scans will consist of exciting trends in the area, including interesting developments on this topic, what this might mean for the IAASB, corporate and start-up innovation, and noteworthy investments.
In this market scan, we will explore Data Standardization Platforms for Enabling Data Access, which fallsunder the activity of Accessing Information & Data. We're starting with Data Standardization because establishing a common standard of how data is structured and accessed is a foundation block to the success and widespread adoption of other innovative technologies.
We will cover:
What is Data Standardization and why it is important?
What some of the latest exciting developments on this topic are, including the increasing maturity of Common Data Models and Knowledge Graphs.
What this could mean for the IAASB.
What is Data Standardization and why is it important?
Data Standardization is the process of converting data to a common format that allows users to better analyze and utilize the data, thereby enabling data collaboration, large-scale analytics and the use of more advanced tools to interrogate the data.
With exponential growth in the amount and variety of data that companies create and use, there is voluminous unstructured, or inconsistently structured, data in companies' repositories. This leads to data silos and data that is underutilized or unnecessarily hard to access.
One of the problems this has created, amongst others, is where auditors are spending more time on data management, particularly when trying to access, "map," and use the entity's data as well as when performing data analytics. When each entity uses different data models and systems or platforms to store, structure and extract data, the inefficiency is amplified. Some firms are developing internal tools to address these challenges, such as by building ETL (Extract, Transform, Load) tools to minimize this inefficiency e.g., KPMG had 25 different ETL projects in 2019. Auditor's time spent on data management may be better utilized on other areas of the audit, and many firms and practitioners may have challenges with obtaining tools to access, manage and evaluate data relevant for auditing and assurance engagements.
The data management industry, firms, and regulators are exploring various approaches to help audit and assurance professionals and other professional service providers with these challenges. The UK's Brydon review in 2019, for example, recommends initiatives to develop a standard method of data extraction covering both structured and unstructured data.
Data standardization complements this approach by helping to address the root cause of difficulties by converting the data to be extracted into a common format. In particular, digital multi-party platforms are gaining traction as a solution to provide standardized data structure and mechanisms to access data silos with non-uniform formats, thereby facilitating the sharing of data to unlock new values both internally and externally. One exciting development is the development of Common Data Models (CDM). A CDM is a shared data language, allowing standardized metadata and its meaning to be shared across applications easily. Unfortunately, at present, there is no one model adopted globally across specific industries or jurisdictions.
Recent Noteworthy Developments in Data Standardization
This section is designed to provide examples of recent developments that may signal future disruption in this area. It is not a complete list of all activities in the field of data standardization.
1. Disruptive start-ups are gaining traction
Engine B receives new financial and board-level investment
Institute of Chartered Accountants in England and Wales (ICAEW) upped its investment in Engine B to 10% and has taken a board seat.
Engine B is partnered with key organizations, including Microsoft and ICAEW, to create an Audit Common Data Model.
Part of this project involves creating an Intelligent Data Access Platform designed to be installed in a client environment and ingest corporate data, both structured and unstructured, to map it on an Audit CDM. This platform attempts to replace the need for complex ETL tools in favor of open data standards that facilitate the sharing of clean standardized data.
Working with 13 audit firms, Engine B aims to roll out its assets in late 2021, first in the UK, then the US, as it is collaborates with the AICPA. It aims to become a widely adopted infrastructure like Open Banking globally.
Other Data Standard Initiatives
Data standards exist in various forms already. Another example is ISO 21378, Audit Data Collection, issued by the International Organization for Standardization (ISO). This standard leveraged the American Institute of CPA American Institute of Certified Public Accountants Audit Data Standards.
2. InfoSum raised a further $65m in their Series B to scale its privacy-focused data collaboration platform:
InfoSum's 'non-movement of data' technology enables companies to connect their data (both internally and externally) to unlock new customer value. This works by having companies standardize their data (i.e., map their data) according to InfoSum's Global Schema rules and upload it to InfoSum's platform.InfoSum raised a further $65m in their Series B to scale its privacy-focused data collaboration platform:
What does this mean? It means investors see an opportunity for data standardization when companies want to collaborate and share data without moving data outside their companies. It also signals the growing maturity of the data collaboration space as InfoSum is a leading start-up and is raising large sums of money to upscale its operations.
Key Venture Capital & Investment Terms
Venture capital (VC) is a form of financing where capital is invested into a company, usually a start-up or small business, in exchange for equity in the company. VC funding stages can be useful signals for the maturity of the start-up and its products or services – the later the stage, the more developed and established in market the startup typically is. VC funding can also be a useful barometer for the interest in a particular technology and how influential it may be in the market as well as an indicator of potential wider adoption.
For simplicity it can be useful to group start-up funding stages into the below broad categories:
Pre-seed and Seed: start-ups in these stages are very early-stage start-ups, often prior to launching a product in market or with a few initial customers. They are typically seeking investments from various types of investors (e.g., individuals as well as firms) to establish themselves, build out the product, hire the core team and acquire more of their initial customer base.
Series A and Series B: start-ups in these stages are in growth mode, usually with a product/service that is market-ready and launched, with some revenue being generated. They are usually looking for funding to fuel the continued growth of the start-up.
Series C and beyond: start-ups in these stages are more mature, typically with products/services in market that have strong demand and likely have solid revenues and profits. Series C can be the last stage of VC financing (e.g., before an IPO) however many companies opt to raise more VC rounds such as Series D, E, etc. Funding at this stage is likely to be used to scale up operations and continue growth through entering new markets, R&D or making acquisitions.
2. Relevant industry players are taking more interest in data standardization
I. A leading US accounting firm custom-built a common data model
Besides a growing industry consortium for Engine B, a US accounting firm has partnered with Orion Innovation to build a CDM that enables uniformity in the data from hundreds of different ERP systems and technology platforms
The CDM made the data more understandable and useful to all its business activities, particularly auditing, data analytics, and advisory. Apart from unlocking advanced data analytics on the full population of data, it also unlocked automation options, which may provide greater consistency of audit quality.
II. The EDM Council, a global association created to elevate the practice of Data Management, is leading the development of an open-source semantic data standard
The EDM Council has published the Data Management Capability Assessment Model (DCAM). DCAM defines the scope of capabilities required for an entity to establish, enable and sustain a mature Data Management discipline. It addresses the strategies, organizational structures, technology and operational best practices needed to drive Data Management across the organization, and ensures the data can support digital transformation, advanced analytics such as artificial intelligence and machine learning, and data ethics.
The EDM Council partnered with CPA Canada to provide an overview of how DCAM can be leveraged for audit and business controls. A recording is available.
Since 2020, the EDM Council has been leading the Financial Industry Business Ontology (FIBO) initiative, which provides descriptions of the structure and contractual obligations of financial instruments and financial processes, to give meaning to the data.
The fundamental aim of the standard is to harmonize data across disparate repositories to validate data quality and improve risk analysis by making links between datasets that are understandable to both humans and software, i.e., resolve data silos.
3. Knowledge graphs for audit use cases is showing promising progress
I. Engine B's audit knowledge graph hopes to improve the quality of audits
Knowledge graphs developed by Engine B provide contextual relevance of data by looking at the relationships between all data elements (both structured and unstructured), which allow auditors to make context-driven decisions. In particular, they are looking at anomaly detection and fraud detection as their initial use cases.
These knowledge graphs can sit on top of their Audit CDM to perform visual and contextual data analysis on all relevant transactions. Here is an explainer video from the developers.
II. The EDM Council is creating an Open Knowledge Graph Lab (OKGL) on top of their FIBO initiative
Since late 2020, EDM Council has been developing OKGL as the infrastructure of knowledge graphs for application across different sectors. Particularly for the financial services sector, the EDM Council is exploring use cases in fraud, risk and anti-money laundering. The EDM Council is also currently preparing the rollout of a cloud sandbox to serve as a testbed to develop prototypes.
What might this mean for the IAASB?
The IAASB has an interest in improving the data available to assurance practitioners as this may enable the performance of more advanced analytics and otherwise improve areas of the audit that use data (e.g., evaluating models and related controls). Data standardization also enables collaboration between the entity and others, including auditors or assurance practitioners. Data standards are of particular interest in the sustainability space as a tool for entities to satisfy different reporting standards.
Data standardization is not within the IAASB's remit because it is fundamentally a matter for how the entity manages its data. Local law or regulation requiring the maintenance of books and records may be most relevant. However, because of the benefits to audit and assurance quality, the IAASB should stay close to the topic and take opportunities to raise it with other stakeholders, such as regulators, preparers, and assurance practitioners.
While the developments on data standardization are promising, there is still a considerable way to go before it is widely adopted by entities and therefore able to fully benefit audit and assurance. In the absence of a widely adopted CDM or another method to standardize data, the gap in data management capabilities between differently equipped firms and practitioners, including between jurisdictions, may grow. Furthermore, widespread adoption of innovative automated audit tools and techniques will be inhibited when data is not structured in a standard format.
As prominent CDMs are more widely adopted and supported by entities and made available to firms, there may be a need for standards on assurance services on whether data is compliant with the relevant data standard.
What do you think about this bulletin?
Please take the time to fill out our quick survey to let us know your thoughts about this bulletin, how it can be improved and what you would like to hear about going forward.
What next?
Our next Market Scan bulletin will be distributed by January 2022.
Welcome to the second market scan from the IAASB's Disruptive Technology team. Building on our previous work, including the Innovation Report created with Founders Intelligence and discussed at the January 2021 IAASB meeting, we will issue a Market Scan focusing on topics from the report approximately every two months. Market Scans will consist of exciting trends, including new developments, corporate and start-up innovation, noteworthy investments and what it all might mean for the IAASB.
In this Market Scan, we explore API Access to External Data Sources for Enriched Analysis, which fallsunder Accessing Information & Data, because establishing a method for obtaining relevant and reliable external data that can be used in an audit has the potential to reshape the audit process.
We cover:
What an API is and why it is important?
The latest exciting developments on this topic are, including Open Banking
Possible implications for the IAASB
What is an API and why is it important?
An API or Application Programming Interface is a set of defined rules that explain how computers or applications communicate with one another. They enable companies to open their application’s data and functionality to external third-party developers, business partners and internal departments within their companies. APIs use standardized requests that in turn return standardized outputs or responses.
APIs have been around as long as computers; modern day “web APIs” grew in use with the advent of social media platforms, like Facebook and Twitter. However, it was Amazon that created a fundamental shift in how digital resources are accessed with founder and CEO Jeff Bezos’ famous API mandate, issued in 2002. This manifesto requires all Amazon development teams to “expose their data and functionality through service interfaces”.
From an audit and assurance perspective, there are three key areas where APIs can be leveraged.
Enabling access to entity data (such as general ledger or sub-ledger data) for the purposes of inquiry or extraction.
Enabling access to entity-specific third-partydata such as bank transactions.
Enabling access to audit-relevant external information sources, such as macroeconomic or industry-specific data.
1. Access to entity data
In our last Market Scan: Data Standardization, we wrote about the exponential growth in available data that could be used in an audit as well as the challenges of obtaining standardized data and the use of common data models. The initial step in the data acquisition process may involve using an API to request the required data from the entity’s accounting system. Over the last five years, there has been growth in investment in this area both from within accounting firms and from third party vendors of data extraction, transformation and load (ETL) technology such as Engine B, Validis, Inflo, Galvanize and Workiva.
2. Access to entity-specific third-party data
This is the key area of potential disruption to the audit and assurance industry. Being able to directly access entity-specific third-party data, such as bank transactions, by using open banking APIs could revolutionize how audit evidence is obtained, particularly when connected with entity data and other relevant external information sources. Mandates such as the Second Payments and Services Directive in Europe, which required banks to open their payments infrastructure and customer data to third parties, have supported the growth in open banking. It is now a global initiative with 87% of countries having some form of Open Banking API. Below are details of some countries that use open banking, including where driven by government regulation.
3. Access to audit-relevant external information sources
Use of external information sources is commonplace in an audit. By using APIs, information can be obtained in a standardized format, which makes it easier to use, for example, in analytical procedures.
The benefits of APIs may include increased speed and access to data from varied independent reliable sources. Additionally, when coupled with other technology, such as robotic process automation, it can facilitate efficiencies in routine audit activities, such as using company registry information to identify related parties. Many audited entities seeking to leverage these benefits are using APIs within their IT environment to support business operations.
Alongside the significant growth in prevalence of APIs comes concerns about security and management of data. The UK and Australian governments have both issued API data standards and continued attention from governing bodies is likely.
Recent noteworthy developments in API access
This section is designed to provide examples of recent developments that may signal future disruption in this area. It is not a complete list of all activities in the field of API access. For a reminder of Key Venture Capital and Investment terms please refer to the previous Market Scan.
1. Open Banking experiences rapid growth
I. Fintech start-ups are shaking up the banking industry
There are a number of very active fintech start-ups developing APIs that allow easier sharing of financial data. Prominent examples around the world include:
Plaid, a San Francisco-based startup building technology platforms to connect applications to users’ bank accounts, has raised US$735m in funding with a latest US$425m Series D backed investors such as Andreessen Horowitz and Silver Lake. Acquisition by Visa was blocked by the US Department of Justice on the grounds that it would limit competition in the payments industry. Plaid was one of the first companies to create what is called a unified API—a single API that connects to over 11,000 financial institutions.
Tink and Truelayer, both based in Europe offer platforms and products to support open banking integration in applications. Tink was recently acquired by Visa.
Open banking has also gained traction in Asia with early-stage start-ups like Hong Kong-based Finverse, which has an ambitious goal to enable open banking throughout the Asia-Pacific region.
Additionally, there are start-ups serving the financial services industry with APIs providing access to payroll, insurance and credit data to support targeting of appropriate financial products to businesses. This is an area of significant growth and one to watch for future audit and assurance implications.
II. Recognition grows of the impact of Open Banking on Assurance services
Confirmation.com (part of Thomson Reuters) has provided audit confirmation services for nearly 20 years and recently completed a three-month pilot to test open banking, which received positive feedback from pilot audit firms.
Circit is a rapidly growing Dublin-based fintech startup launched in 2017 that provides a platform supporting confirmation requests, transaction verification, PBC client collaboration and document signing. It names banks, “big four” and mid-tier audit firms amongst its clients.
2. External Information Sources Related Activity
I. US PCAOB issues guidance on external information sources
In October 2021, the US Public Company Accounting and Oversight Board (PCAOB) issued staff guidance highlighting the importance of appropriately evaluating the relevance and reliability of information from an external information source that an auditor plans to use as audit evidence. The publication gave a number of examples and factors to consider. It notes that, “Advancements in technology in recent years have improved accessibility and expanded the volume of information available to companies and their auditors from traditional and newer external sources.”
II. Growth in data platform providers to support access to external data sources
People Data LabsraisedUS$45m in Series Bfunding to enable expansion of data products to support fraud detection and risk mitigation. TheSan Francisco-based company builds APIs that enable their clients to leverage vast datasets to build people profiles and records as well as power predictive modeling, drive artificial intelligence and build new tools. The new funding, announced in November 2021, will enable the company to expand its data products to support fraud detection, risk mitigation and insurance underwriting.
Demyst raised A$33m and announced plans to issue an IPO. Demyst is an external data deployment companythat works with banks, insurers and fintechs providing operationalized access to external data sources through a secure data platform.
What might this mean for the IAASB?
Access to quality data is at the heart of enabling technological transformation within the assurance profession. APIs represent a key route to success. The availability of accessible, standardized data created by APIs builds opportunities to improve finance functions, enhance audit quality, and radically streamline the audit process.
The increasing accessibility of entity-specific third-party data, such as entire populations of bank transactions that have been made possible by Open Banking APIs, may present a need to envision how this will reshape the audit process—particularly in regard to obtaining audit evidence.
The growing use of web APIs within entity core operations, across many industries, from retail to banking, may lead to web APIs becoming relevant to financial statements preparation and, therefore, auditors’ risk assessment procedures. Jurisdiction-specific guidance may help auditors better understand and assess how entities are managing the risks related to using APIs available in their jurisdiction.
Finally, the quantum of external data sources available to auditors presents an additional challenge of assessing the relevance and reliability of these data sources—and perhaps a need to address these matters centrally.
Please take the time to fill out our quick survey to let us know your thoughts about this bulletin, how it can be improved and what you would like to hear about going forward.
What next?
Our next Market Scan bulletin will be distributed in February 2022.
The International Auditing and Assurance Standards Board (IAASB) today released further conforming and consequential amendments to the IAASB’s standards resulting from the new and revised quality management standards, which were released in December 2020. The conforming amendments remove actual or perceived inconsistencies between the IAASB’s suite of standards and the quality management standards. This allows the IAASB’s full suite of standards operate in conjunction with each other and without confusion, which is especially crucial given the importance of firm-level quality management to the consistent performance of quality engagements.
The standards covered in today’s release do not include the International Standards on Auditing (ISAs). Conforming and consequential amendments to the ISAs were finalized and released in December 2020 alongside the quality management standards.
The conforming amendments to the IAASB’s International Standards become effective as of December 15, 2022.
The Conforming and Consequential Amendments to the IAASB’s Other Standards as a Result of the New and Revised Quality Management Standards are the limited amendments to the IAASB’s suite of standards in response to the quality management standards. The amendments address any actual or perceived inconsistencies between the quality management standards and the full suite of IAASB standards to ensure that all the standards operate in conjunction with each other without conflict.
The International Auditing and Assurance Standards Board (IAASB) approved a new work plan, A Public Interest Focus in Uncertain Times, during its December 2021 meeting. Pending approval by the Public Interest Oversight Board (PIOB), anticipated in early April 2022, the work plan will guide the IAASB’s work in 2022 and 2023, reflecting the IAASB Strategy for 2020-2023.
Sustainability and environmental, social, and governance (ESG) assurance are a prominent addition to the new work plan and will see increased time and resourcing for 2022–2023. In addition, the new work plan highlights candidate topics in the Audit and Review space (e.g., responding to assessed risks of material misstatement and the impact of technology on various standards) that the IAASB will consider for a further project to commence in 2023. A key focus will remain the progression and completion of projects underway at the start of 2022, including audits of financial statements of less complex entities, audit evidence, going concern, and fraud.
“Based on the increasing global attention, and urgency, around sustainability/ESG reporting and the assurance thereof, the IAASB is dedicating additional capacity and resources to this workstream. We are committed to acting with a sense of urgency, building off our existing platform of assurance standards that are already used worldwide,” according to IAASB Chair Tom Seidenstein. “Our collaboration with others and an expedited information gathering phase will allow us to determine the precise scope and timing of our efforts so we take the right action to meet the growing public demand.”
“While we’re awaiting PIOB approval, we want our stakeholders to know what is on our program for this year and 2023, and be able to plan accordingly,” said IAASB Technical Director Willie Botha. “The initiatives and projects in our work plan, especially sustainability/ESG assurance, are those our board believes currently are the most pertinent public interest issues to address in ensuring the continued credibility and confidence in our work as global audit and assurance standard setter.”
Extended External Reporting Guidance Renamed
To help stakeholders more readily identify and understand available guidance for assurance of sustainability/ESG reporting, the IAASB agreed to rename a key piece of guidance. The newly renamed Non-Authoritative Guidance on Applying ISAE 3000 (Revised) to Sustainability and Other Extended External Reporting Assurance Engagements was originally released in April 2021. It responds to key stakeholder-identified challenges commonly encountered when applying International Standard on Assurance Engagements 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information to such engagements.
About the IAASB The International Auditing and Assurance Standards Board develops auditing and assurance standards and guidance for use by all professional accountants under a shared standard-setting process involving the Public Interest Oversight Board, which oversees the activities of the IAASB, and the IAASB Consultative Advisory Group, which provides public interest input into the development of the standards and guidance. The structures and processes that support the operations of the IAASB are facilitated by the International Federation of Accountants (IFAC). For copyright, trademark, and permissions information, please go to permissions or contact permissions@ifac.org.
New Work Plan Includes Action on Sustainability/ESG Assurance
