November 2018 – Nonprofit Auditor

How google is slowing innovation – a lesson for auditors

Read this very interesting article: “How Google is slowing innovation” by Aytekin Tank https://link.medium.com/e4EYifNJNR

One lesson is that auditors should not shy from pressing management on strategic risks.

I recently wrote an article about blockchain and its implications for the audit profession. Interestingly Google and other social media giants should be thought of as also being in the cross hair of the blockchain technology. Google’s quest to execute the Microsoft’s strategy: embrace, expand, extinguish has led them to try to stop innovation or to be an innovation bottleneck. Here is how I summarize Google’s rather potent strategy:

Embrace the internet (give things for free e.g. email accounts, search)
Expand (develop and market our data using surveillance methodologies and analytics – the worrisome part)
Extinguish (the internet’s traffic is now going through google, including by the way our brains as we “google everything”)

But again, for fellow auditors, perhaps there is also an important lesson to draw. Strategy and its execution remain the most important factors to examine. Many of us focus on financial risks and in fact others constraint us to think and work mostly on financial risks and in the “numbers realm”.

Its the strategic risks and its management (e.g. Social distrust of Google’s slick intermediation role) that we should train our attention to. More precisely, we should challenge management to have more robust risk identification and mitigation efforts. We are uniquely qualified to do so because of our mandate to be independent and objective. The risks with google and its good old “bait and switch” approach remains the enormous potential backlash (privacy concerns, power concentration, mistrust).

Bait and switch is not another phrase for innovation

Do you think auditors are focusing enough on strategic risks? Do auditors have the capacity to do so in a credible way? Do auditors have the mandate? How can auditors become better at it – what will it take? Your thoughts?

Blockchain: the auditing profession’s death nail?

Some people have said blockchain, at this stage, is like the internet in the early 1990′s. I argue it can never be too early to think about it or to jump on and particularly for auditors since it being called the “trust machine”.

For people, we have laws and regulations, including the legal systems, law enforcement authorities and lawyers. For assets or property, we have accounting principles, including financial recording/reporting systems, banks and exchanges, accountants and auditors. All of these, I have mentioned, form part of the elaborate mix of people, resources, systems and tools that support and scale economic/financial trust i.e. they make business possible at scale.

Auditors provide assurance (trust) w.r.t assertions that companies make in financial statements and about their internal controls. The assertions are well known, existence, completeness, rights and obligations, accuracy and valuation, and presentation and disclosure. A fundamental challenge that has come to the fore, with the growth of cyberspace, global interconnectedness and data proliferation, has been the continued effectiveness of the above mentioned trust system. Privacy concerns, unsanctioned use of data, fraud, rising intermediation costs (fees from financial institutions and others) have driven a search for alternative approaches to achieve reliable and safe financial and business transactions. Other factors such as reduced confidence in central institutions (banks, big social media companies, governments etc.) have equally contributed to the search for alternatives.

This is where blockchains have come in. And to clarify any confusion bitcoin is just a digital currency and it is based on the use of blockchain technology. It is the latter that is interesting. Many other blockchain uses exist, that where the excitement come it.

Blockchain or to use the more general terminology, Distributed Ledger Technology (DLT), provides a new and formidable trust model for economic activity. Distributed ledgers maintain transactions or contracts in a decentralized manner, usually across different locations, people and computing systems. The use encryption and a concept called proof of work, so that transactions cannot be easily altered – a robust and immutable audit trail. The transactions can be of any type, for example of cash or of asset inventory. It eliminates the need of a central (trusted) authority to keep a check against manipulation. The benefits include reduced processing time, reduced transaction costs, transparency, security, low fraud and trust. Notice that in our current system we assume that the trusted party will not manipulate anything – we have been disproven, many times over on that assumption.

Like any new and major technology, it will affect jobs, career opportunities, job tasks and the value-add that current audit professionals provide. This will likely be in some unpredictable ways, hence some fear. Some have predicted that distributed ledger technologies may eliminate 97% of the job auditors do. Others see it transforming audit work and creating new opportunities (see Journal of Accountancy article). Either way, it is clear that auditors should become familiar with distributed ledgers.

As an nonprofit auditor, I am particularly interested in what this will mean for the way we do business in the international arena and with less economically developed countries.

Has your CFO considered blockchain? Has your audit team considered what it will mean for its audit program and the skillsets to provide audits and deliver or value add? Please comment. The video link below provides a great overview.

Internal audit contributes to the mission too – be positive

“Why, then, ’tis none to you, for there is nothing either good or bad, but thinking makes it so. To me it is a prison. Well, then it isn’t one to you, since nothing is really good or bad in itself—it’s all what a person thinks about it. And to me, Denmark is a prison.” – William Shakespeare

Throughout my career, I found that I did my best internal audit work when I had optimistic thoughts about the mission and about teaming up with management as a partner to make improvements. It is so important for internal auditors to bring optimism to the job. To think of possibilities and be balanced about the risks they observe.

No doubt, we must remain objective in our assessments and exercise professional skepticism in our confirmations. Nevertheless, I strongly believe that advancing the mission, being mission driven, in part means positive thoughts about the organization and the people. Taking a minute to see the good things and to appreciate management’s strengths can be just as important as the exceptions we point out in our audit report.

Such an attitude to audit work, to the audit team, has the added benefit of helping break communication barriers with auditees and encouraging the free flow of information.

Share your thoughts on positive thinking in audit engagement. Has it been helpful to you? How do you stay positive when everyone expects the “mean” auditor? How do you balance due professional skepticism with positive thoughts? Is audit organizational culture relevant to adding value?

Privacy and Security of Data at Universities — Security Boulevard

Interesting paper: “Open Data, Grey Data, and Stewardship: Universities at the Privacy Frontier,” by Christine Borgman: Abstract: As universities recognize the inherent value in the data they collect and hold, they encounter unforeseen challenges in stewarding those data in ways that balance accountability, transparency, and protection of privacy, academic freedom, and intellectual property. Two parallel…

via Privacy and Security of Data at Universities — Security Boulevard