This 40-page memo – recently commissioned & released by COSO – explains how companies can use blockchain technology to create more robust internal controls – and also highlights new controls that will be necessary because of the risks that blockchain creates. According to the memo, business use of blockchain will implicate the 5 components of COSO’s 2013 Internal Control Framework as follows:
1. Control Environment: Blockchain may be a tool to help facilitate an effective control environment (e.g., by recording transactions with minimal human intervention). However, many of the principles within this component deal primarily with human behavior, such as management promoting integrity and ethics, which, even with other technologies, blockchain is not able to assess. The greater challenge relates to the intertwining of an entity with other entities or persons participating in a blockchain and how to manage the control environment as a result.
2. Risk Assessment: Blockchain creates new risks and simultaneously helps to mitigate extant risks, by promoting accountability, maintaining record integrity, and providing an irrefutable record (i.e., a person ororganization cannot deny or contest their role in authorizing/sending a message or record).
3. Control Activities: Blockchain can act as a tool to help facilitate control activities. Blockchain and smart contracts can be a powerful means of effectively and efficiently conducting global business (e.g., by minimizing human error and opportunities for fraud). The collaborative aspects of blockchain, however, can introduce additional complexity, particularly when the technology is decentralized and there is no single party accountable for the systems that fall under ICFR.
4. Information & Communication: The inherent attributes of blockchain promote enhanced visibility of transactions and availability of data, and can create new avenues for management to communicate financial information to key stakeholders faster and more effectively. One aspect, in particular, for management to consider in applying blockchain is the availability of information to support the financial books and records, and related auditability of information transacted on a blockchain.
5. Monitoring Activities: The promise of blockchain to facilitate monitoring more often, on more topics, in more detail, may change practice considerably. The use of smart contracts and standardized business rules, in conjunction with Internet of Things (IoT) devices, may alter how monitoring is performed.
Audit Adjustment Waivers: Red Flag for Restatements & Audit Costs
Using a sample of 3,144 audits, this recent study found that the decision to waive auditor-proposed adjustments to financials may have unforeseen consequences of increased restatement risks, incentives to manage earnings, and higher audit costs. Here’s an excerpt:
We estimate that at least 80% of pre-audited financial reports contain misstatements detected by auditors, and management frequently does not make the proposed adjustments. Perhaps surprisingly, management corrects all misstatements only about 12% of the time and waives all proposed adjustments about 50% of the time.
We find that waived adjustments are linked both to lower financial reporting quality measured by material misstatements and to incentives to meet/beat analyst forecasts; the latter finding suggests disposition decisions can be an earnings-management mechanism.
We find that auditors respond to the increased restatement risk associated with management’s decisions to waive audit adjustments by increasing audit effort this period and are able to pass along at least some of these costs to their clients. The auditor’s response is persistent: auditors are likely to propose more next-year audit adjustments when clients waive adjustments in the current year, leading to increased effort (audit hours) and costs (audit fees) next year. Finally, we identify one reason managers may waive adjustments – to meet or beat analyst consensus forecast estimates.
The professors conclude that many of these waivers result from focusing on quantitative thresholds – and overlooking qualitative facts that impact the materiality of missatements.
Call for Photos: Marty Dunn Tribute
Our “Proxy Disclosure & Executive Pay Conferences” are coming up next month – and while I’m very excited about our agendas & speakers, the conference won’t be the same without Marty Dunn on the roster. We’ll be running a tribute to Marty and would appreciate any photos from the community that could help make it special. Please email me with anything you’d like to share – firstname.lastname@example.org.
– Liz Dunshee