AUDITCHAIN & BUSINESS CONTROLS



What does the complete automation of accountancy using process-control NFTs mean for accountants? Discussing Auditchain, the world's first decentralised accounting, reporting, audit and analysis metaverse that automates and provides proof of assurance on the world's financial and business information.


Webinar transcript, recorded 1 June 2022, on Youtube here.

With Andrew Noble and Electra Frost, accountants.



Transcript

+ Slides


Welcome, future accountants on the blockchain!


Andrew Noble:

I was invited along to tell you a little bit about Auditchain. I said to Electra - you know, I'll talk about Auditchain but I really want to throw in some information about business controls as well. Because Auditchain is ultimately a kind of a business control and will provide business control-like functionality.


Electra Frost:

Hi, everyone, this is an Accountants On-Chain webinar and we're meeting Andrew Noble. You might know him from LodgeiT. We're going to talk about all Auditchain today but also business controls, and how it all relates to our own practice.


Assuming that all of you here are accounting industry professionals, that you use digital technologies, were probably part of the first early adopters of cloud technology and you’re interested in lowering your costs and being effective and efficient for your clients to be competitive. As we’re learning more about blockchain, we're thinking about ways it can be applied to our clients' businesses and looking at the tooling for their businesses. But do we ever stop and think about our own accounting practices?


We think about how our clients will learn-to-earn with future technology, and how they'll monetize their data. But maybe we should stop and think about how the emerging technologies will have an impact on our own practices. We're going to find out tonight about some accountants’ tooling that's not on the market yet, but it's being built out with accountants, and has the accounting industry in mind.


So that's why we're here. Take it away, Andrew.





Andrew:

Nice to meet everyone. I'm in Perth. I am a Fellow of the Institute of Public Accountants and a tax agent, and I still do have some clients that I look after. I run a platform called Logic, which is sold primarily through QuickBooks and QuickBooks Online, and it's taken up by their accounting firms. We also sell directly to the market for business owners who want to DIY into that sort of tax compliance space.


I'll dive in and tell you a little bit about Auditchain and how I got to know about Auditchain through Charles Hoffman, who I've been in communication with for a good 10 years. Charles Hoffman is a CPA out of Seattle in the US and was the inventor of XBRL, which is an extensible business reporting language. We're going to touch on XBRL through through this presentation.


Electra:

I don't think many of us are familiar with XBRL.


Andrew:

It hasn't been mandated in Australia, but it's certainly mandated for US GAAP, large companies have to submit their filings to the SEC using this, which is essentially machine readable data sets put into a format that machines can consume. XBRL can understand and read it.


Electra:

So rather than a PDF of a balance sheet, it’s in readable language that can be read by a computer?


Andrew:

Yeah, that's a good point Electra. You know, we as accountants, you could give any of us a set of financial statements, and we'd be able to look at those financial statements and make sense of them. We'll see familiar patterns in there, we'll see balance sheets, statements of financial position, statements of cash flows, profit or loss. It's the old term, but regardless, we'd be able to look at a set of financial statements and we'd make sense of it. And we can look at those financial statements whether it's on Word or PDF doesn't bother us.


But certainly if you give a PDF of financial statements the machine has a bit of difficulty So there's this language or this methodology for sharing information with machines when it's financial statement information.


In that case, if you use this syntax, or this language, which is XBRL, then those machines can make sense of the financial statements. And we'll touch on that more as we go through.


But anyway, through Charles Hoffman I came to meet the founder of Auditchain, Jason Meyer, probably just before COVID. He ran an event in New York and I had the opportunity to go over there and go to that event. It was all about getting lawyers and accountants together and getting them interested in building a technology platform, which would solve automation of audit. That's what we're going to jump into, as we go through this presentation.


That's a bit of the background as to sort of how I got involved. When I found out about Auditchain I subsequently bought tokens in the project. So that's how they brought the project to life.


Electra:

As a matter of disclosure, I've got some tokens in Auditchain too, and am staking it to learn and earn more.


Andrew:

Buying tokens and staking in token based projects is a whole new way of engaging in technology going forward. The great thing with token based projects is - especially in the case of Auditchain tokens - it gives you the ability to both be a stakeholder and at the same time, you can use the tokens for interacting in that data economy. And that's something we're going to cover.


LodgeiT is the company that I mentioned I'm a founder of. We have started Accziom now, which is another platform. Electra has put this whole event together to learn about Auditchain. So thanks. That's fantastic.


Here is the Auditchain introduction.

Electra:

There’s a lot in there to unpack. The world's first web 3 decentralized accounting, reporting, audit and analysis metaverse. I noticed recently they started calling it web3 and a metaverse. .. that automates and provides proof of assurance on the worlds of business and financial information.

So it’s a pretty big, pretty big plan there that they've got for the world.



Webinar agenda




Andrew:

So here’s the agenda. I obviously want to cover off on the problems that Auditchain aims to solve. As I've said to Electra, I didn't want to do this presentation without touching on business controls, which is something that I've been massively interested in lately, and I've got some bits and pieces that I can share with you around that.



Electra

As accountants, most of us are small practice owners and as such we’re deeply involved with our practice management software and all the controls around what we do.


Andrew:

Yep. And, you know, with Auditchain it's based around controls.

We’ll touch on Pacioli and what I call the robotic accountants. That is actually the XBRL reading machine that Charles Hoffman has been involved in. Then covering off on how the Auditchain platform and system works and how you can engage with it. And finishing the presentation by recapping around how the bits and pieces when it comes to audit when it comes to automating audit and business controls can rarely be brought to life in any business.



The problems with audit today






Andrew:

So, we all hear about these audit failures regularly. There have been plenty of audit failures over the years where the auditors just didn't manage to find whatever finally brought down the company whether it was fraud or, or just bad management or whatever. The reason for this is that audit was invented the way that audit is carried out now, which is very much around randomized selection. Subjective and conditional attestation was put together in the age when audits were carried out with paper.


But now we're in this digital age. Our old methodologies for audit don't work very well and hence why there's these failures. It’s believed we're moving into a world where we've got more open transparent ledgers that we're going to be working with.


Electra:

And although we're not auditors here, we share origins. As accountants we're like mini auditors. We're constantly in a way auditing all the information that we deal with.


Andrew:

Yeah, definitely. As a compliance accountant, myself, I spent my work life in compliance and that's actually something I've figured out recently. The compliance work we end up doing is always at the back of the problem and rarely solves a lot of the problems that we have with compliance. You're better off moving to the front of the problem, and figuring out why problems happen in the first place. A huge, huge problem for accountants right now we have more compliance than ever to deal with.


Auditchain proposed solution







Andrew:

So the solution that Auditchain is proposing is what they call streaming financial data. Essentially, they foresee a time when financial information streams through on blockchain or blockchain-like technology. Hence, here you can see Bitcoin style validation.


I've got some demos where I can actually show you some real life examples of how it doesn't have to be directly on the blockchain, but it could be like on a blockchain and you get a similar kind of solution. But certainly their long term vision is streaming real time data flowing through an audit engine, which is constantly carrying out validation. That stage is a little way off.


And certainly when I jumped into talking to you and demonstrating the patch to the robotic accountants, you'll sort of get a feel for where they're at, but certainly their long term plan is real time monitoring of accounting information.



The value of business controls





Andrew:

I did say that business controls is something we need to touch on before we really dive into the Auditchain stuff in more detail. This is something that I've been quite fascinated with recently. And let me just, I'm gonna jump out of here for a moment and just show you a couple of things over here. So you know, when it comes, and this is a mind map, so mind mapping technology, pretty interesting way to sort of have a look and understand things.


TheBrain view of Controls

https://bra.in/3p6Q7Q






Electra:

What are we looking at here?


Andrew:

Exactly what we are looking at is a mind map that helps you to look at something and get a very quick idea of what it is. That's under consideration. Here we're looking at internal controls, internal business controls, and you can see we've got the reasons for these achievement of objectives authorized by the Board of Directors, designed to provide reasonable assurance.


Determine if different processes require so you've got these pieces of information that point to the internal controls. And then from that from the internal controls down, you've got the types of internal controls internal control standards, and you can drill down into these so you can see here, we've got four main types of internal controls. Application controls, dependent manual controls, general controls and manual controls.


For most businesses, the issue with controls is when you've got manual controls, right? This is where you'd have an invoice that is generated on Word. And then that and then that, you know, that invoice is transmitted to a bookkeeper who then puts that into the system. So you've got manual steps, and then you'd have to think about how you're going to control that process.


Obviously with modern technologies, they allow you to do all of those steps from engaging with your customer, all the way through to the final invoice and that's all captured through digital workflow. So you've got methods for handling controls.





You can see here, you've got ways to jump through this and then look at the business processes. Obviously use your controls to manage your business processes. So what are your business processes, activities ordered in time and space? If you're going to have a mission objective with your business and business processes, then you can jump down here into the soft details.


A mind map is a nice way to explore and look around and get a very quick, easy feel for a knowledge space. That's why it’s called a mind map.


Read more about enterprise controls here: https://accziom.com/enterprise-controls/



ISAE 3402 audit


Andrew:

Now, we talk about ISAE 300, which is the international standard on assurance engagements. When we think about audit, we often think about the tick in the flick pile of stuff. But there's a whole other aspect to audit, especially this.



This is a 3402 audit. And that's more about managing your business controls like I was talking about, where you'd have an audit that goes into the enterprise and looks to see who has access to what, who's doing what, how are the systems deployed, and you know, as a result of how their systems are deployed, how are those how are those controls working, controlling the information and making sure that making sure that there's quality across the information controls and making sure that it's limited opportunity for fraud, and that kind of stuff to transpire.


Electra:

We're seeing more audit trails to kick off audits as we currently have visibility over many of our client controls, with training and documentation. It’s not exactly something that accountants or their clients look at very often, these diagrams of controls.


Andrew:

I don't think, especially in the smaller end of town, that there's enough effort put into thinking about and making sure that controls are well curated in the clients’ software. We don't really know what they’re doing. I think there’s a really great opportunity for accountants to move from compliance to control management, which would be doing things like, for instance, exactly what you're saying, going and checking who's got access to what functions in a software application. Checking that there are controls in place, permissions or or just finding the right software for your clients which would help with controls.


Electra:

So this is a way we could help our clients. Okay, yeah.


Andrew:

So great opportunity for all of us to help all manner of businesses right, putting in place the right controls.


Sarbanes Oxley Internal Controls - The Fraud Triangle


Now, here's another topic here in the control space: Sarbanes Oxley.


https://accziom.com/sarbanes-oxley-internal-controls/







This came into place after Enron. It all starts with a fraud triangle.


And you know, what, what drives fraud? You know, so the pressure, there can be pressure on people. That's generally what happens when people come under financial pressure. And then because the controls are not in place, there's an opportunity that carries out the opportunity, and people will rationalize it. It's hard but you know, that person is a great person, they’d never engage in fraud… but under certain conditions, people will rationalize and justify their reason for carrying out fraud.


So there's a reason for that and you know, this whole Sarbanes Oxley view, if you read through this, you'll see that they really thought about putting in place internal controls and all the rest but it still brings us back to if I can bring this back to what we had. It still brings us back to the state where when it comes to audit, the old issue still persists, which is the audit is not it's not auditing, every data point, it's selective and things can slip by so hence why there's the opportunity. And the price is a 3402 audit.






Baseline Protocol


Andrew:

Now I will get to the baseline protocol. I might actually jump out now and show you what baseline protocol is.


https://docs.baseline-protocol.org/



The value of business controls is part of this is a 3402 audit, which is more it's not so much auditing that financial data. It's more about auditing the control procedures that are in place within the organization. That's typically how these audits are carried out.


They don't have to look at every data point. But certainly, I guess the Auditchain project is pretty much focused primarily on the audit of the financial information and we'll see that when we get to the Pacioli engine. But um, I guess this is just touching on some of these extra things that can be considered like for instance, the baseline protocol.


What is the baseline protocol?


Baseline works with the Ethereum blockchain and as a way to secure verification and validation over a data point. So this is a prototyping environment where we're testing out some of these capabilities. And one of those capabilities we're testing is fetching contract data has failed. That's not good because that's going to mean that I can't show you this. This baseline, I know it is dry, I guess so there it is now, so here's a contract. And what you'd have with a contract, is you have information about what the contract is, maybe something about the delivery and maybe something about the payment right? But when all of that information is put into something, and shared as in, I've verified I signed my contracts and my supplier so here you've got the supplier signs, the contract, the customer supplies the contract.


The contract contains metadata, which is all of this information about what the contract is about. And it's possible to baseline that contract so that it's linked to the blockchain in such a way that the metadata is metadata, right you can see that something a machine can read. And then what the machine can do is it can read this data and check the signatures and then verify whether the made it whether that metadata has been tampered with, since the signatures were placed and you can see customer signature on the blockchain supplier signature on the blockchain.


It's not actually directly on the blockchain, but it uses the blockchain to derive the hashes that provide the proof against the document. So it's like a digital signature methodology that allows you to get verification and validation across any set of metadata. And that you know, that baseline protocol is actually a free open source protocol. And essentially what you're getting is the equivalent of a digital signature that you can take into a court of law and you could run this verification across the metadata and derive a proof as to whether that metadata had been tampered with since the signatures were placed on the document.


So the new way of getting a digital signature essentially, when it comes to your NFTs. A non fungible token is a way of getting a hash on some metadata in a way that you could then search for and find that find that metadata, and it would be and you'd, you'd be able to at any given time, discover whether the metadata had been tampered with or changed.


So non fungible tokens can be used for a lot of different things and probably you've seen and heard about non fungible tokens being used in the world of art. That's where I think that most common but certainly there are more ways to use NFTs in business. I'll show you an example of what I'm talking about with an NFT and business where this is a business search engine.


So let me do a search across the top of this. We do a search - I'll search for my business using Accziom here:

https://bsearchau.accziom.com/



This is searching and it's actually got something called an axiom database, which is storing information on logic. You can see here there's information stored on logic, and then that same information is possibly harvested from some of these prior, I guess, business, databases, Australian Business register ACM.


There are also ways to pull in information on a business here and you can read about what logic does. This is discovered from the Bing robot that will then tell you what that business is probably involved in, given the name, never going to be particularly accurate. A map, but it gets the end of the day. This kind of technology can provide a snapshot of a business, but the long term goal for this kind of technology is to give each business its own NFT and then say here's a way of using blockchain to pay for a service.


So you need a mnemonic - it's like a phrase that is almost like a password. It's only now that like, oh, okay, so you've talked about those? Yeah. So I've thrown my mnemonic and then I've got access to the to spend these MERC total tokens. And what I want to do now is spend my MERC tokens to find further information that's deeper in the database that's not free. So if we search for BHP limited… let's see what we get here.


https://bsearchau.accziom.com/






Electra:

“The data is needed to pay”

We're all familiar with paying a fee to do searches. Yes. So bring everything out into a sort of aggregated open source environment.


Andrew:

The idea here is that the data is owned by the business owner, and it's not by ASIC. It's in the business owner’s best interest.


So you can see some of the data is behind a paywall. So how do you gain access to that you've got to you've got to spend money, or you've got to withdraw so you've got to once you know you can see here, I've got enough tokens in here. Now I'm paying and then when I pay with my token, it'll take a fraction of a token out of my wallet, and then I've got access to the data that's behind the payment.


The difference is, in the case of ASIC, they believe they own the data. But in this case, the database is built, built around the principle that the business owner should own the data. And then if people want to search for the data, of course, they'll discover the public information for free, but there'll be certain information about your business that you will keep behind the paywall. Maybe your phone number, maybe people's details, you know, maybe email addresses, and that or maybe even some of your financial information, and that information will only be available when someone pays.


So technologies are enabling us to have ownership over our data and enabling that ownership to be monetised for ourselves.



Electra:

And that is how we have ownership of our data that we can then monetize for ourselves. With NFT’s that is in the context of JPEGs and art and getting it but now we're talking about our business information being monetised for ourselves.


Andrew:

Yes. So in this in this case, the monetization is in the revenue is split between three parties, the party that runs the mining, the mining node that that holds this, this set up MERC tokens in place this special so this is a quite an advanced search engine technology here, because you'll see it through things like discovered address of other other entities that share this location. It's also the address of these other entities that share that location.


But ultimately, the revenues go back to the database provider, provides a special technology for the search to the business owner and to the mining folks who run the node operation for making sure that the NFT's are secure and that the MERC tokens are split evenly between whomever is entitled to a split which would be the which would be the data owner and as I said the search engine as well.


So that's just a little look, that's just a little look at how, in this case, ultimately an NFT would be associated with any business could come along, grab themselves an NFT, associate that data and then ultimately they will be entitled to these tokens.


You're entering into the token economy where you're engaging with tokens that ultimately you swap out for another type of token. Or you could ultimately swap back out for cash. Yeah. So t that's sort of a real life example of the baseline protocol and the NFTs. So let's just keep going with this presentation. Okay, so control artifacts.


Control Artefacts






Electra:

Can we just understand what control artefacts mean?


Unknown Speaker 31:16

Yeah, so artefacts are those things, the technologies and the things that we use in our lives to gain control. And one of the things that we use to gain control of our businesses is x. So we use axioms, which are like rules of thumb and the primary rules of thumb that we have in the accounting world are all of those rules of thumb that we use to make accounting work - debits and credits, assets minus liabilities equals equals equity, at least in Australia, in the US level, and they like to do it the other way around. They'll say liabilities and equity equals assets, but it's the same, same equation.


So those are the sorts of rules of thumb that we would use and you can imagine that once once you expand out on your rules of thumb, you can actually derive financial reports and those financial reports that we can put together in PDF or Word or whatever, are generated out of software like Xero.


Ultimately, in the world that we're going into, you can have a digital doppelganger, which is, you have these ways of, you can have these ways of putting together financial information, which gives you like a mirror image of the world which is using things like taxonomies, which is an excellent XBRL concept, and ontologies so you use technology to derive a digital representation that then becomes machine readable.


And the importance of machine readability in the digital age, is that you could share your financial statements around and it's going to be not so much about an accountant or a bank manager reading it. But more so about another machine being able to take that set of financial statement information and read it and make sense of it. And that's where we're gonna get to some of these things that the Auditchain guys are bringing out.


Electra:

Are we talking about AI here?


Andrew:

Well, you know, AI is sort of a rubbery kind of term. I wouldn't worry too much about the AI concept. I'd be thinking about this more from the perspective of what's logical and reasonable.


Electra:

That is what I wanted to mention because we're hearing a lot about AI in our profession at the moment …but really here we're talking about logic processes. We're following logic when dealing with things like accounting and tax law. It's a logical series of statements and understanding the information. And I see what we're dealing with here with nothing as fancy sounding as AI. It's logic.


Andrew:

Believe it or not, the logic that's used with the Auditchain Pacioli engine is actually a logic engine. That was the original AI, how it was built. It was built around something called declarative programming, declarative programming, where you declare your statements, which is like your axioms and then you can test your statements. So you can very easily test assets minus liabilities equals equity by having values in the similar sections, and then you could run a declarative statement across the top of that, and then see if your derivation matches your prediction according to your axioms.


So, other control artefacts that we would use would be things like our trade contracts, and how finance contracts. And if you look at everything that happens through your accounting system, it's all about those things, right? Everything sort of derives from how you initially set up your trade contract or you have a trade contract for what it is for whatever goods or services that you're selling. And then when it comes to facilitating things like any financial activity, you know, settling HP, for instance, it's all money for money, and finance contracts and all of those things can be well handled by these, you know, by these logical processes.


And certainly, if you thought about your controls, that you you always will get your controls into place straight away as quickly as you can, making sure that you know if you've got a contract that's running into a financial system try not to have steps where it comes out of the software and goes into something like a PDF or a Word document and then manually keyed back in, if it's kept all the way through. That's where you've got the sort of digital straight through flow of the, you know, offset of that control artifact.


So we know also without agencies, like for instance, or, or our standard sports, those are really cohorts, right? So you've got to have agents who agree to adopt certain standards before the standards become useful. There's no point just having a single agent who goes oh, this is a great control. You've got to have others in the community who will accept your control methodology, and then those controls become useful and certainly with the types of controls that we're going to be adopting.


You're going to see that there's going to be cohorts of agents that sign off on those controls. And we're going to get to how controls can be attached to NFTs as action-based identities and curating business information. Just take yourself back to what I just demonstrated, where you've got these new kinds of search engines, and someone's maintained or someone will take responsibility for maintaining the business information in the database. And who is that going to be that's going to be the business that's going to be the owner of the business where whichever agent has control of that business, it will be in their best interest to curate and maintain their own business information. So it's accurate and up to date.


And certainly for all of us, we know we know that as we're sort of working in the world now. You're building up profiles on LinkedIn, people get to know who you are, and that becomes part of your action-based identity. And later on, that's going to be important for how you engage with these cohorts. And you know, which cohorts will want you to join their cohort to sign off on it on a certain set of controls. And we'll get to some of those controls that will be attached to NF T's in a moment. So this brings us to back to 1494 and Luca Pacioli.


Electra:

Let’s pause a moment just to see if anyone has any questions about those control artefacts. Feel free to jump in and ask us to interpret what we're discussing. I'm not a technologist. I've just been very keenly working on the bleeding and cutting edges of technology for the last 20 years. I'm fascinated by all this, like many of you are, but I don't speak the language very well yet. I am attempting to pause where I think we might need to clarify something into a context familiar with compliance accountants. If anyone has a question, please comment and we'll pause and discuss it.



Pacioli Logic and Rules Engine





Andrew:

Okay. Okay, I'll keep rolling. So back to 1494. And we had Luca Pacioli, who came up with the double entry bookkeeping system. I've just shown you a triple ledger system, which was a way to get a blockchain hash onto a contract. The triple ledger is the hash of the proof that would allow both sides of that contract the the buyer and the seller who both have a copy of that contract, to at any time, go back and demonstrate to someone that that contract is a legitimate contract.


Why is it a legitimate contract? Because it's baselined and tied to a blockchain. And it's provable because there's a hash on the document or a hash in the metadata.


Electra

I recently did some e-invoicing and noticed the hash associated with the invoice transaction. That was the third entry that made that triple entry accounting.


Andrew:

Yeah, quite possibly. If it was Luca+ you're right. Those guys actually have their own blockchain that they use to derive that hash, which is exactly the same as what I just showed you with the baseline protocol method. The baseline protocol method is just another. I guess it's more of a sort of open source open standard methodology that any software developers in the world could adopt and use it to derive and hash into their contractual documentation.


Electra

We could be doing triple entry accounting and with a software user interface and not even know!


Andrew

You wouldn't even know it, but it would be useful later if you had to go to a court of law. And they say, Well, you know, where's the contract? And how do we know that's an original contract? Or, you know, where's the where's the where's the offering, except where's the order? You know, where's the invoice right? So let's have a look at that invoice. How do we know it's an original invoice that you're, you know, that your counterparty says it's not not original? Well, then you'd be able to say, Well, look, here's this set of metadata that's associated with the contract or the invoice. And embedded in that metadata is a hash which can be proven that the information in that document hasn't been tampered with, since the hash was introduced into the dataset.


Electra:

That would save a lot of time on collecting other evidence.