Welcome to the world of Open Assurance
What if audits could be ‘clicked’ together seamlessly across sub-areas? And auditors could easily use each other’s work? It is not just conceivable, but also technically feasible ánd inevitable in an increasingly specialised audit profession. Welcome to the world of open assurance, where reuse is the norm.
The times they are a changing. One of the major changes of our time is that organisations are increasingly interconnected. They form ecosystems. In these ecosystems organisations no longer send purchase orders to suppliers; instead they have on-line access to that supplier’s system to keep stock levels up to date in real time. And, to approve a loan application, they rely on data collected automatically from various partners. Those integrations are growing in number and depth. And therefore also the interfaces with partners, information providers, tax authorities, regulators and other parties. In some cases it has become impossible to determine where the organisation starts and ends. Naturally this creates a demand for assurance over these interfaces, regulators included.
Auditing was ‘invented’ before these ecosystems existed and, given that history, understandably refers to an entire organisation or set of books as a single audit objective. But if we were to invent auditing now, wouldn’t it make more sense to have audits carried out by different parties in sub-areas and for the accountant to integrate these into a final opinion of the organisation itself?
In the simplest form: KPMG issues a statement on the financial administration, EY on sustainability, Mazars on the processing of personal data, and BDO on the rest of the IT environment. The accountant clicks these together to form a complete picture of the object as a whole, but various stakeholders can also use the partial statements. Madness? We already have standards for sub-areas such as outsourced IT services (SOC2 or ISAE3402 statement). The problem is that these standards are complex and, above all, currently, a very expensive affair.
It is conceivable that companies want to split their audit into dozens of pieces.
In the world of Open Assurance it goes much further: It is conceivable that companies want to break up their audit into dozens of pieces, precisely because of the interfaces between organisations described in the first paragraph. The solution to tackle that complexity: an Open Assurance standard, with which you can digitally ‘click’ together all kinds of assurance reports.
Does this sound like the dream of a twisted trend watcher? It’s closer than you think.
First: It is technically feasible. Data science has already brought a lot of good to the accountancy profession. We record more information in IT systems and databases, and we have gotten a lot better at extracting assurance information from this data. An example is the rapid growth of process mining, a technique for reconstructing processes from log files. This is now a billion-dollar market that would not have existed without high-quality data.
Secondly, European legislation is already moving strongly in this direction. The European Commission is committed to Open Data as part of the Data Governance Act. One of the main lines of that legislation - partly prompted by the European frustration about the dominant position of American tech giants - is to facilitate cooperation between parties and to remove barriers to the use of each other’s data.
In doing so, the law also created one of the basic conditions for putting the new modular compliance philosophy into practice. The EU Open banking legislation has already proven this to work; this legislation also focused on facilitating data exchange, and has led to a flourishing of payment service providers and lenders who can make decisions (such as approving or denying credit) based on data: automatically and in real-time.
Manual investigation of incidents and errors is too expensive.
These companies turned out to be able to challenge the previously considered untouchable domain of large banks, simply by innovating faster. Does this sound familiar in the context of accountancy?
Third: There is already a market for it. There is a new generation of companies that offer their services online and are dealing with large volumes of data and transactions. Stakeholders are looking for new, cheaper ways to get a grip on these transaction flow as their business model requires these flows to be extremely efficient and error-free. Manual investigation of incidents and errors is too costly, so these organisations are looking for ways to perform cross-system and cross-organisation checks. And while they’re at it, they would much rather plug into ecosystems and interface their reports directly to customers and investors. And so does the auditor in charge of the annual audit.
What if startups would start offering modular security services that - aided by the harmonisation of legislation - can easily be ‘clicked’ together? Such a world of open assurance could bring about completely new market dynamics. Again an analogy with another sector: When hospitals - due to a shortage of specialists - started working together, it suddenly became more the rule than the exception that patients were referred to the hospital with the surgeon who has the most experience with a specific surgery. The result: more specialists, higher quality and lower costs. Isn’t that what accounting could also use?
The world of open assurance is also many times more efficient for the accountant than the current working method, because duplication of work is prevented.
Finally, there is another argument that should weigh heavily on the profession. The world of open assurance we present is also many times more efficient for the accountant than the current working method, because duplication of work is prevented. In this way, audit work is reused as much as possible. At a time when accountancy is dealing with a glaring shortage of talent, this is actually a no-brainer.
Written by Dennis van de Wiel and Nart Wielaard
Grow your business, not your compliance burden
Every business deals with compliance at some point: while preparing for an investment round, applying for an operating license, or closing a deal with a big customer.
This is not the moment to panic. This is the moment to call us.