Whatever changes technology might bring to the financial reporting process, auditors still face the same expectations to understand the process and examine it skeptically under current auditing standards, which appear to remain relevant.
That’s the view of Kathleen Hamm, one of five new members of the Public Company Accounting Oversight Board, as she settles into her new role and considers the effect of emerging technologies on the audit regulatory process. “The advent of emerging technologies does not change the fundamental financial reporting framework,” Hamm said in a recent speech. “At the risk of stating the obvious, for audits of public companies and broker-dealers, PCAOB standards still apply.”
That means auditors will be expected to understand the design and implementation of any technology that is being used to meet financial reporting or internal control requirements established by federal securities laws, according to Hamm’s prepared remarks.
With blockchain, for example, despite its promise to provide a locked-tight environment for data gathering, auditors must still comply with standards on identifying and assessing risks of material misstatement, Hamm said. As such, auditors must understand the information systems, including the related business processes, relevant to financial reporting and how the use of blockchain affects the client's flow of transactions.
“Blockchain does not magically make information contained within it inherently trustworthy,” said Hamm. “Events recorded in the chain are not necessarily accurate and complete. Recording a transaction on a blockchain does not alleviate the risk that the transaction is unauthorized, fraudulent, or illegal.” Auditors must still be alert to threats from related-party transactions, side agreements, and proper classification of transactions in financial statements.
Auditors must also be alert to the risk that technology isn’t operating as intended because of coding errors, changes to the technology after it’s deployed, or degrading computer code over time. Auditors must still “have robust controls in place around developing and testing tools before deployment, and strong change-management processes for tools that are in use,” said Hamm. “Processes should be in place to continuously monitor and confirm that the output of an application remains consistent with expectations.”
The Securities and Exchange Commission installed an entirely new PCAOB in early 2018, selecting a diverse panel to bring a fresh perspective to the regulation of public company audits. Technology is one area the new board studied and considered as part of its strategic planning process, said Hamm, and she’s satisfied current standards are still appropriate in the context of rapidly emerging technology.
“Based on what we know today, the PCAOB's standards do not appear to be inappropriately impeding the use of innovative technology in the audit,” she said. “Our current standards also appear flexible enough, for now, not to hamper audit technology as it evolves.”