Will Distributed Ledger Technology Benefit the Audit Process or Create More Challenges for the Future?

Published 

As the world evolves into an expanding digitised environment, standard manual processes are becoming automated and transformed by technology. Is technology implementation throughout corporations creating the essential benefits it claims, or causing additional challenges?

Particular departments, such as corporate finance, accounting and treasury, have been slow to develop and implement technologies in their workflows. Distributed ledger technology (DLT) is beginning to transform these divisions to be agile and accept innovations, changing their day-to-day performance.

Audit process

Audit departments across corporations engage in a variety of timely processes necessary for the appropriate and accurate assurances that is expected of their role. Auditors are provided with a variety of financial materials to begin the audit workflow. Before proceeding, the auditor must review all provided materials and create a schedule to gain an understanding of the nature of the information. Time efficiency decreases further as the auditor seeks transaction verification either through bank statements or sending confirmation requests to third parties.

Benefits of DLT

Standardisation, efficiency, redundancy

Distributed ledger technology records the transactions between parties with tamper-proof technologies that enable auditors to verify reported transactions without further manual inputs and analysis of data, providing an opportunity to alleviate these labour- and time-intensive actions in the workflow. This efficiency enables auditors to focus their efforts on riskier, more complex transactions. In addition, the automation of the DLT verification process enables the auditor to test whole populations, as opposed to a sample, of transactions within the period under observation on a near real-time basis, subsequently improving the level of assurance gained and driving cost efficiencies in the audit process.

The standardisation and automation of transaction processes creates the opportunity for auditors to provide assurance to the users of DLT in numerous ways. Assessments of Smart Contracts enables risk management departments to better assess and manage their risk controls, as well as gain greater visibility into their vulnerabilities. Acting as Service Auditor for Consortium, DLT provides clearer visibility to risk managers, as well as finance and operations departments. There is further opportunity for expansion if auditors and regulators have use of a spectator portal by implementing DLT.

Risks of DLT

As with any new technology, there is additional risk added by deploying DLT. While expanding its impression throughout corporations, it may enable central locations to obtain audit data, alongside auditors and regulators developing procedures to obtain audit evidence directly from DLTs. Auditors and regulators must consider that DLT could be controlled outside the entity being audited or regulated, with fraud or error possibilities, creating inaccuracy. The decisive factors in determining whether data extracted from the DLT is reliable is an assessment of the general information controls implemented in the DLT environment, reliability of the specific consensus protocol and if there is opportunity for manipulation.

Although DLT is often deployed to ensure automated verification, it is crucial for auditors and regulators to continue to expand policies and procedures along with the evolving technology to maintain reporting and audit standards.

DLT is inherently secure but is exposed to human error throughout the coding process to integrate and interface corporation's current systems. Pertinent information technology controls and segregation of duties are vital throughout the implementation and use of DLT. A disaster recovery protocol and procedures plan ought to be created, including backup and restoration along with the deployment of DLT, especially when using a private key. Corporations looking to deploy DLT will need to take in their own policies and procedures to ensure best practices.

CPAs and DLT

The verification of occurrence is only a small part of the tasks handled by a certified public accountant (CPA), as recordings in the DLT may or may not provide the appropriate audit evidence related to the nature of the transaction, such as unauthorised, fraudulent or illegal, or executed between related parties. CPAs are still obligated to consider and perform procedures on management's estimates, as these values often differ from historical costs within the financial statements.

Distributed ledger technology is rapidly expanding across the industry to automate processes, increasing standardisation, efficiency and redundancy. Auditors, with the proper internal technological controls, are able to more easily utilise their specialities by focusing on more complex transactions and spending less on timely processes. Technology is transforming the way that audit is performed for the present and evolving into the future.