In January 2016, the Founder and Executive Chairman of the World Economic Forum, Klaus Schwab, stated that we are entering a fourth industrial revolution characterized by a range of new technologies that will fundamentally alter the way we live, work, and relate to one another. He mentioned that we are witnessing technological advances in areas such as AI, robotics, the Internet of Things, Blockchain, Autonomous Vehicles, 3D printing, nanotechnology, biotechnology, and Quantum Computing.
The rapid onset of technology overtaking every aspect of our work and personal lives, data breaches are becoming common place, hacks, ransomware, leaky websites and databases pose considerable risk to businesses and to their owners’ reputation.
From LinkedIn to Wipro to Mariott to UIDAI; no one is safe. When such attacks occur, not only is the business accountable for this, they must also figure out what went wrong, who was responsible and offer compensation to those affected. No firm should find themselves in a position where they are unable to determine what occurred.
A strong data audit trail which maintains a record of events carried out by the system, its’ applications, and its’ users is a necessity. Having such records allow firms to easily determine what went wrong post-attack and prevent future attacks from taking place. They also prevent downtime which can expose sensitive information through constant performance analysis for issues such as an unusually high number of queries being handled by websites. To achieve these security objectives, audit trails implement individual accountability, intrusion detection, and reconstruction of events to reduce threats, internal and external.
Technology is playing a key role in all our lives, and that goes for auditing as well. Understanding how key technologies such as Artificial Intelligence and Blockchain will completely transform the way we think, live, work and play and also help us make better audit recommendations.
Data Transforms Life
The death of a pedestrian by an autonomous car in Arizona and the harvesting of personal data by Cambridge Analytica on Facebook in some way, both have highlighted the importance of data privacy, risk assessment and the role of trust and transparency. The two incidents, albeit separate, emphasize the need for the convergence of artificial intelligence and blockchain– the powerful emerging tech continuum. Questions arise such as – ‘How would a technology enabled audit trail better suit these disaster scenarios ?’
Data is only as good as its reputation. In any given environment, if the integrity of data is called into question by an incomprehensible or inaccessible audit trail, it will be perceived as a risk. Any recommendations based on that data will be disregarded.
Similarly, A key barrier in the adoption of AI as well as the trust of ecosystems created by Blockchains is based on the quality of data being fed into the AI algorithms and the secure Blockchains. Artificial intelligence that run on the black-box model will be restricted by mistrust. Blockchains that host and secure incorrect data will be regarded as compromised. Users are unlikely to have confidence in things they don’t understand, and corporate leaders won’t invest in AI applications that provide no evidence of their decision-making process.
The disclosure of Cambridge Analytica’s haul of Facebook data and the death of a pedestrian in Arizona in a collision with an Uber’s test autonomous vehicle have ignited mistrust in what data is being used, how and by whom.
Artificial Intelligence as a solution ?
AI Algorithms are, in crude form, opinions of what defines a successful outcome, embedded in code. An imperfect analogy: A teacher seeks to persuade a student to write two different essays for an exam. However, the student might not agree with this, but it’s the teacher deciding that a two-essay-exam is the successful outcome.
Like people, algorithms can go wrong, or be born of good intentions yet generate undesirable outcomes. A badly designed car that crashes is open for public scrutiny, becomes part of the narrative that determines a product’s or even a technology’s success or otherwise. But a badly-designed algorithm can quietly wreak mayhem, and its flaws go undetected. So how can trust be engendered in something that’s not apparent nor understood?
The power of AI lies in machines conducting educated guesses on a precise scale that outperforms human ability. It is a probabilistic method, with the result being machines that are able to learn and make decisions based on what they determine to be the most likely reality. The more data available to the equation allows the AI to adjust the algorithm, with the aim of “improving” the outcome.
The Value of AI Today
Big data has transformed the approach to traditional AI. In the 80s and 90s, AI research was largely based in academia, generally consisting of a fixed dataset from which an algorithm was proposed and then distributed, often in a journal or conference setting.
Today, Data Scientists, dubbed as the sexiest job of the 21st century, are paid anything but modest salaries to ensure that the quality of data going into AI algorithms is credible. The black-box model of AI and its algorithms have increased concerns regarding data privacy ad require increased attention to the audit trails for decision making.
The value of creating technology that mimics human cognition, is in augmenting human productivity rather than creating entirely new industries. Adding value to existing enterprises by detecting fraud, enhancing the resilience of supply chains and enabling managers to focus on analysis, are essentially tools the AI technology is providing to humans.
By automating processes that are too complex for legacy technologies, enhancing business value by identifying previously overlooked trends in historical data and strengthening human decision-making by articulating forward-looking intelligence, AI is now adding valuable support to human functions.
But organizations are facing increasing pressure from regulators and end-users to open their black boxes by making AI processes transparent, explainable, provable and testable. Vendors will need to share previously protected information, and previously incomprehensible AI will need to be explained by the creators of deep learning algorithms.
What is blockchain?
In its simplest form, a blockchain can be considered to be the Operating System to the ‘one world supercomputer’. Instead of users keeping independent computers at their homes, offices and pockets; Blockchain can enable people to connect all the computing devices in the world onto one network; so, when people buy a new computer and connect to the network, they will simply be adding more computing power the world super computer, rather than holding onto one individual separate computer at their desk.
Once everyone on the network is connected together on the Blockchain [Operating System] downloads a copy of the ledger or data to each and every computer on the network, thereby building a global ‘distributed ledger’ which contains the relevant details for every transaction that has ever been processed. The validity and authenticity of each transaction is protected by digital signatures (cryptography). In the ideal blockchain world, there is no central administration and anyone can process transactions using the computing power of specialised hardware (nodes/miners) and earn a reward in bitcoins for this service.
In private or enterprise type environments, small closed type ecosystems can be created with each branch or partner entity of the organization can join the network with their own hardware and custom blockchain software. This is done in order to avoid the decentralized, open and public network, for multiple reasons ranging from privacy to security and creating custom features that won’t be available on public networks by default.
Blockchain and the Audit Process?
Although blockchain promises highly secure transactions, fraud instances cannot be fully eradicated. In July 2017, a hacker managed to steal nearly $32 million USD worth of Ethereum.
The root cause of this fraud was not related to deficiencies in the blockchain technology but, rather, due to a vulnerability within the software that was used to manage Ethereum wallets [the place where cryptocurrency is stored]. The fraud was quickly detected and vulnerability mitigated. Blockchain promises a world where all transactions can be logged, viewed and monitored in real time. There are potential implications for a wide variety of sectors, not least accountants and auditors.
The Ethereum breach suggests that the successful adoption of blockchain is highly dependent on the security of the underlying environment. In order to be in a position to provide the necessary level of assurance, the audit processes need to shift further towards the assessment of operating effectiveness of the internal IT controls.
To site some examples:
If an entity’s employee accidentally or deliberately sends cryptocurrency to a wrong or unauthorised recipient, there is currently no way to reverse that transaction. Auditors are therefore required to assess whether effective automated controls are in place to validate transactions before they are executed.
If an entity experiences a phishing attack, there is no fraud department to which to report such an incident since in blockchain there is no central administration. This situation can also translate into a risk of fraud. When faced with such risk auditors will be expected to determine whether the existing internal controls that prevent and detect phishing attacks are in place and operating effectively.
If a private key is lost through a software or hardware malfunction, the virtual currency is lost. These coins will no longer accessible to anyone on the network; they are effectively out of circulation. Effective disaster recovery procedures as well as backup and restoration procedures would help to prevent such situations from occurring. Such loss mitigation procedures are also expected to be assessed to verify whether controls that address the risks associated with blockchain can be relied upon.
Although blockchain technology offers inherently secure properties, it is humans that will be coding the necessary software to integrate and interface with blockchain. Humans are fallible and corruptible.
In adherence with the requirements driven by the International Standards on Auditing (ISAs), auditors are required to understand the specific risks to an entity’s financial statements arising from IT, and how the entity is responding to these risks through implementation of IT controls. With the rising adoption of blockchain technology, auditors will need to raise the bar by providing increasingly complex assurance services in more agile business environments and in support of upcoming digital transformations. A different professional audit mind-set and additional expertise will be required to satisfy the expectations of stakeholders and business owners in this new world.
The Decentralized Intelligent Future
While an audit trail is a desirable trait in AI decision-making, the convergence of AI and Blockchain – may be able to reshape the entire process from scratch. Although adding further complexity to the digital eco-system, once established, can greatly reduce errors, increase confidence in recommendations and reduce copious amounts of time and resources.
Essentially, AI is the brain to Blockchain’s body. Machine learning methods find opportunity and improve decision-making, adding intelligence and insight [albeit using guesswork], while blockchain automates the verification of the transactional process, providing the necessary integrity while providing security and decentralization [if required]. The application of blockchain centres on the facts, while artificial intelligence is about the creative element.
Transactions are validated through a variety of mechanisms, but the connection of the blocks means that without network consensus, it is extremely difficult to modify any of the information established within the chain.
As opposed to traditional, clunky audit-trail software in computer security, blockchains have strengths. But technology-related obstacles and their origin in the technologically-outdated financial services sector mean that pairing blockchain with artificial intelligence will unleash the potential of both.
Blockchain and AI result in an intelligent and fully automated audit process that are inherently built into decentralized autonomous software; floating around on the one world supercomputer.
For one thing, we would seem to be approaching a paradigm clash between assurance and trust-less systems. Trust the algorithm, but who audits the algorithm?
Artificial intelligence will enhance blockchains in a number of ways. Decentralizing the technology for increased scalability, economizing on energy consumption, enhancing security, democratizing privacy issues, increasing efficiency and enabling the capacity to track and sort the data.
Conversely, blockchain can have a profound impact on the development of machine learning systems by helping AI technology explain itself, cleaning and organizing of personal data to lower market barriers, and also shrink the competitive advantage of incumbent tech giants. ‘Artificial Trust’ would consequently be increased.
The AI + Blockchain convergence is far from complete, given the number of companies
actually working at their intersection. The focus appears to be on working on decentralized intelligence, and slightly less so on conversational and prediction platforms and intellectual property. Companies such as Hypermine are building totally autonomous decentralized digital economies built on the blockchain and powered by Artificial Intelligence, leaving very little room for any human intervention. Audit trails are an essential part of such economies.
While blockchain’s design seems sound from a security standpoint, the blockchain environment is still susceptible to various technology risks. AI will forever remain a technology that will be determined by the quality of data going into it and will be constantly required to justify its decisions. The efficiencies that will be gained through audit automation are likely to be balanced by the requirements for new procedures to address the
risks associated with the blockchain environment.
In all cases, it is clear that these tools will enable auditors to consolidate a wide range of data from clients; they open up the possibility for the expansion of the auditor’s assurance beyond financial statements. Although, auditors should not to over rely on these tools. As powerful as these they may be, or are expected to become, they will never be substitutes for the auditor’s knowledge, judgment, and exercise of professional scepticism.
Auditors of the future will design the logic in these technologies to suit the appropriate reporting requirements and let the machines do all the heavy lifting. These developments will likely shape an audit culture where audit designed technology controls will play pivotal role in providing a reasonable assurance that the financial statements as a whole are free from material misstatement.