What Auditchain and the DCARPE Alliance means for the future of assurance and reporting.
The following article was authored by Jason Meyers and published by the Minnesota Society of Certified Public Accountants in the December 2019/January 2020 Edition of Footnote
This article is reprinted with the permission of the MNCPA
It appears the accounting, audit and financial reporting profession is due for a major long-term upgrade cycle.
Despite the rise of blockchain and the proliferation of digital assets, accounting, audit and financial reporting remains technically unprepared. There can be any number of reasons why. Perhaps one reason is the gap in the knowledge base between engineers and accountants. Another may be that the two are diametrically opposed cultures. Despite the knowledge and culture gap, the field of cryptography and the audit profession seem to have more in common than most people realize.
The genesis of Auditchain
A blockchain uses cryptography to immutably preserve and prove the integrity of information. It also uses a consensus of incentivized actors to cryptographically enforce and prove the validity and accuracy of transactions. Likewise, an auditor follows methods to verify the integrity of information. From this perspective, the two fields seem to be closely aligned to overcome technical differences.
I sat next to the audit and financial reporting profession during my 25 years as an investment banker. Preparing an enterprise to go public is a transformational effort. It’s also a prosecutorial process involving the legal, regulatory, accounting, audit and operational coordination of many stakeholders.
When I witnessed the DAO hack in 2016, I looked beyond the hack and saw what an enterprise might look like in the not-too-distant future. When the U.S. Securities and Exchange Commission (SEC) published the DAO Report in July 2017, it became abundantly clear what assurance and disclosure would also look like in that future.
My venture into blockchain was inspired by a conflict over an accounting of the use of proceeds of a financing with a U.S. regulator. [“We are the hand of God”, remarked one staff member at the agency.] The conclusion of that proceeding led me to believe that in the complex world of enterprise accounting, audit and financial reporting, omnipotence may be better expressed through the development and deployment of a protocol that produces proof to many, rather than the opinion of one.
Bridging the gap
I wrote a paper titled, “Auditchain: Decentralized Continuous Audit & Reporting Protocol Ecosystem,” (DCARPE). The folks who run the CAR (Continuous Audit & Reporting) Lab at Rutgers University have been preaching continuous audit and reporting for 25 years. I felt reborn when my outreach to them led to our presentation at the 40th World Continuous Auditing & Reporting Symposium.
To draw a comparison, trading desks around the world have been complying with FIX (Financial Information eXchange) Protocol since 1992. It’s a machine-readable syntax that automates and governs “straight through process” trade entry, execution and reporting automation. U.S. securities firms have also complied with the Order Audit Trail System (OATS) since 1998. OATS is a “layer 2” protocol that records the order information produced at every hop on the journey that an order makes from receipt/origination to final execution. OATS data enables the detection of anomalies and order mishandling and also enables regulators to see systemic patterns of order handling and processing deficiencies.
I pondered the thought that, if securities firms comply with a global standard protocol for trade execution and reporting automation, why couldn’t the issuers that securities firms trade for clients comply with a similar continuous audit and reporting protocol for enterprise accounting and reporting automation? It seems like a double standard. Why the embargo on the issuer side?
According to statistics published by the SEC, 5,730 10-Ks and 6,893 10-Qs were filed as of this writing in 2019; 11.41% of the Ks and 9.38% of the Qs were filed late. I raise this issue because an SEC Form NT, despite management’s COSO attestation, is one of the very few clues an investor can discover to determine if there’s trouble with an issuer’s disclosure controls. Do you know what happens to a broker-dealer if 11.41% of their trades are reported late? The answer depends on how much net capital it has under SEA Rule 15(c)3-1.
Unlike FIX, which wraps every order with a syntax governed by a logic set, XBRL, the global standard, is mainly used by enterprises in the last of a 100-mile journey in the accounting and reporting information supply chain after the annual audit or quarterly review is completed.
Creating a protocol
DCARPE Alliance Association, a Swiss-based blockchain, accounting, audit and financial reporting consortium, along with its founding member, Auditchain GmbH, are leading the development of the DCARPE Assurance and Disclosure Protocol. It features a blockchain with a cryptographic architecture that is populated by CPAs and chartered accountants who operate specialized nodes that perform data (integrity and financial statement) and process (SOC) audits on a continuous basis. Attestations are recorded on every block.
Pursuant to a digital enterprise external validation contract (legal prose plus code compiler) entered into by the enterprise and the several validators (auditors), dividing each of their responsibilities, an enterprise submits to a “readiness” process witnessed by the cohort of validators. It then commits its final “state impression” to its genesis block and commences continuous “external validation” by the cohort and begins its new life; reporting its financial statements in real time under a logical “straight through accounting and reporting automation process” from the transaction level to a GAAP and/or IFRS compliant financial statement “model.”
Financial statements and audit analytics are “streamed” through the DCARPE Explorer, a web interface accessible by subscribers through different subscription levels. Imagine giving access to a “clean as you go” open ledger enabling users of financial reports to open and close the audited periods they wish; instead, we’ve grown accustomed to disruptive quarterly sprints to close books and prepare for review and annual audits. Imagine enabling investors to draw their own conclusions and assemble thesis-based, dynamically updating actionable audited financial and operational analysis. Imagine a substantial decline in audit and compliance costs.
Forward-thinking CPAs can now respond to audit RFPs by issuers on the network and increase client engagements without an increase in headcount. CPAs can participate in audits that are otherwise inaccessible in a new decentralized assurance and disclosure economy that is truly transformational.
It’s a natural progression to experience price deflation as the result of increased efficiency and productivity through technological innovation. Financial services began its transformation in 1996. Remember Stewart in the Ameritrade commercial? They are a powerful example when it comes to embracing transformational change.
Applying traditional audit and disclosure methodologies to digital assets is like performing an examination in 780p when the source is broadcast in 4K (higher resolution). When describing current global disclosure frameworks for enterprises to blockchain engineers and cryptographers, I speak a language they understand: “Since 1934, block times have been 90 days with only a fraction of the enterprise data being tentatively and conditionally validated by a single off chain node, which transmits the validation results back to the enterprise who includes it with its state broadcast 15-45 days later depending on the block size.” It’s the most ridiculous thing they’ve ever heard.
Looking to the future
When looking at audit and reporting from this perspective, it becomes clear where the profession should be headed. The new breed of investor today is innovative and optimistic. They are a rapidly growing, technically proficient capital market. They no longer believe in quarterly information and disclosure embargoes. They believe in an open and transparent ledger governed by protocols. If enterprises want their capital, these are the types of internal controls and disclosure controls that they require for them to make an informed investment decision.