Friday, December 30, 2016

RPA and the Accountant: A path out of the mundane?

One of the latest hype technologies is Robot Process Automation (RPA).

My first question when coming across this, is what is the difference between this and cognitive computing? 

As can be seen by these videos, it's more about "dumb" automation instead of "smart" innovation: where routine tasks are handled by the system instead of a person. This is in contrast to something like IBM's Watson, which attempts to understand language and offer probabilistic judgments as to what is the right answer to a question like it did on Jeopardy!


The first video (produced by Deloitte UK) does a great job of actually showing us how RPA can automate the process of extracting information/documents from email and the generating invoices through the company's ERP:



The strength of this video (produced by EY) is showing us the business case for RPA:


The idea is that RPA can automate routine tasks, instead of offshoring. In other words, it brings the world of automation onced reserved for the assembly line to the back office.

As described in this Deloitte publication, it puts RPA as the first step towards a cognitive enterprise - automate the task and then bring cognitive, AI, machine learning, etc., into the process to make it smarter.

To use a maturity model approach, RPA is the first level in bringing together the necessary data and processes to actually train the algorithm to make it smarter.

What does this mean for auditors and accountants?

For accountants, the back office is going to require less people in terms of executing these mundane tasks.

However, this doesn't necessarily mean that jobs will be lost.

As with the advent of cloud computing, the enterprises will have to determine whether such talent can be used more effectively to improve the quality of financial reporting and work on the back log of finance projects that haven't been attended due to staff working on these low-value tasks. That being said, the problem of meeting quarterly targets to feed investors insatiable desire for profits is something that can't be ignored when discussing whether management will choose profits over better processes.

For auditors the story is a little different.

The reality of the profession is that it can't retain talent because people find the work unsustainable: it's hard to shutdown your personal life for a third of the year or more to meet the needs of clients during busy season.

RPA and automation could make the profession more sustainable, as these mundane tasks could be handed to a system instead of a junior. This is similar to the "race with the machine" concept I mentioned in this post, when referring how Watson is helping doctors treat cancer.  Auditor could then focus on more value added tasks, such as assessing aggregate risks, industry trends, etc. Such insights will improve audit quality and give clients better understanding of business and audit risks, making the work more interesting for both auditors and auditees alike.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else.

Thursday, December 29, 2016

Blogging for bitcoins? A look at the crypto-change alternative to paywalls

Another interesting talk at the American Banker conference discussed how cryptocurrency more broadly could address the issue of advertising, ad blockers and paywalls.

One of the presenters, Victoria Van Eyk, wrote a post on medium that essentially summarizes the issues as follows:
  • Advertisers loses one to many medium to the Internet: Although not explicitly mentioned in her post, our journey begins with the Internet displacing the incumbents - TV, print and radio - as the advertisers destination of choice. It was the Internet that enabled the "attention merchants" (as Tim Wu puts in his latest book) to better target us in terms of ads.
  • Targeted Ads, Privacy and the Invasion of our minds: The post does a good job in terms of summarizing the creep factor of the ads - in terms of how technology has been developed to actually follow you around on the web to get you buy something based on your habits. The other aspect is the whole idea of advertising itself or as Tim Wu puts the "sale of attention". In his talk at Google, which summarizes the history of how both public and private enterprises used the media and "sticky eyeballs" to attract attention; see this video below for a quick snippit of the type of things he discusses.


  • Ad Blockers - the remote control of the Internet: Of course technology is a double-edged sword. So like the remote control that enabled people to skip commercials (which Tim Wu explains was invented by the eccentric owner of Zenith, Eugene F. McDonald, as an electronic device that would literally zap the commercial), ad-blockers came to be our best friend in terms of protecting us from these unwanted ads.
  • Media companies strike back: Just when you think the consumer rebellion would succeed against the corporate empires, they strike back. Companies make you turn off the ad blocker to use their website. As the hold access to the material, they ultimately have the power to withhold the content unless we comply with their demands. 
  • Enter crypto-currency based micro-payments: The solution to this tug-of-war? Micropayments. When I heard the panelist discuss this, I thought this made a lot of sense. Being someone who has given into paywalls, I would most likely have a media budget set aside that would allow me to pay for articles - 10 cents here or 25 cents there - to consume content. This is much better than being on the hook for hundreds of dollars a month for subscriptions you may or may not use. In Victoria's post, she mentions a number of services that are working on this model, including Brave (which uses cryptocurrency) as well as Patreon (see video below). 


As I mentioned in my last post, the bitcoin represents the world of open and this is one of the use cases that illustrates its potential. With bitcoins micro-payments can be potentially cheaper, friction-less way of making these types of payments that were prohibitive in the credit card centric world that we currently inhabit. For example, Brave notes that they charge 5% in their FAQ. However, without bitcoin they would have to charge a 2.5% credit card fee on top of that for their business to be viable.

Although it would be nice for us to see this hit a critical mass, I think one of the challenges beyond the cost is the underlying psychology that prevents people from paying out: I think many would rather sell access to their mind to the attention merchants instead of paying out digital cash. 
  

Wednesday, December 28, 2016

Public versus Permissioned Blockchain: All of the above?

Earlier this year, I attended the American Banker's conference on Blockchain.

One of the sessions that attracted me to the conference was the session, "The Debate: Permissioned vs. Permissionless Blockchains".

This is one of those good old tech "religious" debates on whether the future is open or closed - similar to open source versus proprietary software debates of old.

As for public blockchain this is referring to Bitcoin or Ethereum.

As for permissioned or closed blockchains, I had written an earlier post where I explored Goldman's take on the "permissioned blockchain" where the participants are known to each other.  I had noted in the post that the "consensus mechanism in the permissioned blockchain is quite different than it's public counterpart, which relies on the proof of work (POW)... This is not the case for permissioned system which require the consortium who set-up the blockchain to determine how they will work with each other". Some main examples of permissioned are R3Hyperledger, and NASDAQ's Linq. The following video gives a quick breakdown of Hyperledger and the key features of a permissioned ledger:


Before seeing the debate (more of a spirited discussion), was that permissioned was going to win out.

To be honest, what I see as the main obstacle of the public blockchain is the amount of energy it needs to sustain itself.  Linked to that is how much more energy it would require to hit the level of Visa or other credit card transaction processing to become mainstream.

It's not to say there aren't other issues, such as confidentiality and regulatory opposition to the technology, but I see this as one of the key challenges. So I thought we would at least see permissioned ledgers dominate at the outset.

However, what I realized after seeing the debate was that I wasn't approaching this from the right perspective.

What Siddharth Kalla (Chief Technology Officer, Acupay) noted in the debate was that you need to think what's the equivalent of Google and the blockchain. What he was saying was to think of blockchain as the equivalent of the Internet: how could we have predicted that TCP/IP would have ushered in the technology-giant we now know as Google? 

That concept hit my mind like a bolt of lightning: think about all the things that Google has brought about, search, gmail, Android, and cloud-based office productivity

That's the power of open.

And that's what I realized is that I needed to think of bitcoin or Ethereum as the Internet of Value's first proof-of-concept (POC). There will be someway to overcome the limitations I noted above and make it viable. It's only matter of time before the equivalent of Sergey Brin and Larry Page will unleash the power of open on the public blockchain. 

So what about the permissioned blockchain? Will it die out?

Where I am is that this not about one or the other. Rather, each solves for different problems. The public blockchain is about exchanging value with strangers. The permissioned blockchain is about exchanging value with private parties that an entity regularly deals with. In a gross oversimplification of the latter, it is a "secured-shared-spreadsheet" that replaces the routine exchange of spreadsheets by email. I like the term distributed ledger ledger technology, as used by the World Economic Forum, to describe the latter. 

Although the two are closely linked now in terms of community and development, eventually the two communities will separate based on what societal or business challenge they address. 

Monday, December 26, 2016

Virtual Personal Assistants: How far will they go? Part 2

In the last post, I spoke about the advent of the Virtual Personal Assistants (VPAs) in terms of Gartners predictions as to where they will go and how popular culture sees them coming to enable our lives.

For the second part of this post, I wanted to talk about my first work experience - ever - with a fully virtual assistant.

Let me set the context.

In the course of my work, I was dealing with a vendor who was trying to arrange a meeting with us through his personal assistant, Amy Ingram.

So we were going back and forth to fix a date and time for the conference call.

I responded to the initial request as follows:

"Hi Amy,

Actually out of town on Tuesday; Thursday is open though. Does that work with you?"

"Her" response was (using Billy as a pseudonym):

"Hi Malik,

I'm sorry, but that time doesn't work for "Billy".

How about Wednesday, Jun 22 at 11:30 AM EDT? "Billy" is also available Wednesday, Jun 22 at 3:00 PM EDT or Thursday, Jun 23 at 9:00 AM.

Amy
"


When I read Amy's response, I thought to myself something like: "I told her that Thursday is open, so why did she say that doesn't work for the "Billy"?"  But I thought something like "whatever" and just responded with:

"Thursday at 9 am works, thanks"

To which Amy responded:

"Hi Malik,

Thanks for letting me know.

I'll send out an invite once I've confirmed a time with "Jim".

Amy
"

[Jim is my colleague; true name hidden for confidentiality purposes]

Eventually, it dawned on me: I wasn't dealing with a person, but a robot!

And then it hit me: the future is here.

The one thing that I realized through my interaction is how forgiving I was about the error because I thought the thing on the other side was human: everyone makes mistakes and so it's no big deal that "she" didn't get that I was open on Thursday.

This has a deeper implication on how "knowledge work" gets automated.

When we gauge machines for the ability to perform cognitive tasks, such as booking meetings, we should be careful as to how good is good enough for us to work with machines instead of humans. As we can see based on my interaction, they don't need to be perfect - they just need to get the job done.

In my interaction above, we were able to schedule a meeting and the fact "she" didn't understand that I had told her Thursday was open had no real consequence on the overall role "she" was playing. The meeting eventually got booked and that was that.

Ironically, I realized that I had already come across Amy at the DLD Conference in NY that had attend a few weeks earlier.

Dennis Mortensen (Founder of x.ai.), describes the challenge of setting up meeting and how this technology can solve the problem (profanity alert!):

His talk starts 5m47s:


As Dennis mentions, it's a very basic problem but at the same time it's so complicated. Specifically, the challenge with dealing with politeness: it's hard for AI to parse through this and understand the substantive facts that pertain to setting up the meeting. If we take a look at my response, we can see the challenges first hand:

  • When I said I was out of town that the AI had to understand that meant I am not available. 
  • I did not include Wednesday as a date that was possible so that implies that I'm also not available that day.
  • When I stated I was open on Thursday, I meant I was available all day. 
So what does this mean for jobs? Are accountants going to be replaced by Amy one day?

It's actually shows the level of complexity involved in the most basic of human interactions and how much more complex it would be to train AI in terms of doing even the most basic of auditing procedures - at least for now. 

Dennis actually made a good point about this in the Q&A portion of the discussion as it relates to jobs. The other presenter noted how he sees massive displacement as a result of AI; specifically in the truck driving industry. Dennis, on the other hand, was a bit more optimistic. He noted that what tools like his will do is essentially give assistants to people who don't have assistants. For example, the vendor we were dealing likely wouldn't have hired an assistant to help book appointments. 

And I think that's where auditors and accountants need to actually see how AI assistants, like Amy Ingram, can help with automating those mundane tasks that none of likes to do.  

Sunday, December 25, 2016

Virtual Personal Assistants: How far will they go? Part 1

Gartner in a recent press release gave some predictions around "virtual personal assistants".

What are virtual personal assistants or VPAs?

Currently, they are the not-so-perfect voice-activated software that accompanies our mobile devices - Apple has Siri, Microsoft has Cortana and Google has Google Now

On the latest Google phone, Pixel, they have Google Assistant:


Although only available for limited release, the video is actually a good summary of the promise of VPAs: the software that will help us coordinate our lives through our-ever-so-central-to-our-lives smartphones.

And that takes us back to how important these VPAs will become. According to Gartner, within two years 20% of all interactions with our smartphones will be through VPAs.

The press release from the research giant also noted some interesting stats on how frequently people are using Siri and Google Now.

In the UK/US, 54% of people surveyed used Siri in the last 3 months. With respect to Google Now, 41% have used it in the UK and 48% have used the service in the US (in the last 3 months). They also noted that they will move from simple tasks (e.g. setting alarms) to more complicated things such as executing transactions.

By 2020, Gartner predicts that VPAs combined with machine learning, IoT, biometrics and other technologies will enable 2 billion devices to operate without a touch interface.

How far can this go?

When I was thinking about writing this post, I thought about my first interaction with an artificial intelligent assistant.  However, before going there I thought it would be first interesting to go back to the movie "Her".

I saw the movie on the plane on one of the business trips that I took.

The movie is about the ultimate stage of, well, virtual personal assistants.

As noted in the trailer below, the "OS" is something that exists on the mobile device but acts as a central management point that brings a persons data together. In the movie, the OS (voiced by Scarlett Johansson) has a real personality that in a sense accompanies the protagonist, played by Joaquin Phoenix, everywhere. The movie goes a bit crazy as they apparently start "dating".

On a side note, I thought the movie was interesting as it speaks to how technology has filled the void in the life of the atomized individual. The story shows how the protagonist has had a bad breakup and turns to this OS for substitute companionship.

Sure this is far-fetched.

But how many times have we left a real conversation with a real loved one only to get to the virtual world of our phones? Of course, it's not some fake person but it's not difficult to see how we could switch the artificial world of VPAs because we have become accustomed to interacting with this endless streams of notifications.

The other part of the movie that I found interesting was how the mobile device is so nondescript. For someone like myself, smartphones have always had this novelty. But in the movie it's a not anything exciting to look at it. In a sense, what's more important is the actual OS running the device. As Gartner predicts, what becomes more important is the "touch-free interaction" between the OS and Joaquin - and the device disappears into the background.

Only time will tell how far this technology go. But I think it's fairly easy to see how such VPAs will become more entrenched in our lives the more "human" they become.


Friday, December 23, 2016

[Update] New Auditors on the Blockchain? Zcash gets non-audit firms to attest to its security

Earlier this year, Zcash went live.

What is Zcash?

Zcash is a public blockchain similar to bitcoin. Zooko Wilcox, the founder of Zcash, explains what it is in the following video:



As he notes in the video, what distinguishes Zcash from bitcoin is that it offers greater privacy of the users as they don't have to disclose their private key (which is a pre-requisite for bitcoin). However, because Zcash uses zero knowledge proofs (see the amazingly easy to follow explanation below), there is no need for the private key to be revealed - thereby offering extra anonymity to the user.


However, what I thought was exceptional noteworthy about the Zcash is how it went about proving to the world that its code is sound. When Zcash went live, Coindesk reported the following:

"Notably, the development team released two audits conducted by NCC Group and Coinspect, respectively, ahead of the launch.

The reports sought to identify potentially harmful bugs in the cryptocurrency's code prior to launch. (The audits can be found here and here)."
The article referenced, a blogpost, which described the scope of the security audits as follows:

"Today we are publishing the final reports of each external security auditor we contracted this summer to review our code. We've triaged the issues found and addressed any we considered severe (e.g. could compromise user privacy, lose funds, break consensus, etc...).

NCC Group's conclusion was (also available here):

“NCC Group performed a two-part targeted review of the Zcash cryptocurrency implementation. The first part, performed by the Group's Cryptography Services practice, focused on validating that Zcash's implementation adhered to the Zcash Protocol Specification. An assessment looking for security errors within the cryptographic implementation was also performed. The second part was a C++ source code review for vulnerabilities using static and dynamic analysis and fuzz testing. The review also included a cursory assessment of dependent libraries and recommendations for improving software assurance practices at Zcash.

NCC Group identified an issue that would allow an adversary to tamper with the verification and proving keys used by the Zcash daemon as well as a number of C++ coding errors that could result in stack-based buffer overflows, data races, memory use-after-free issues, memory leaks, and other potentially exploitable runtime error conditions. Additionally, most, if not all, third-party open source library dependencies were identified as being out-of-date. In the end, NCC Group did not find any critical severity issues that would undermine the integrity of the Zcash blockchain or undermine the security of confidential transactions during the time that the review was conducted (from August 8 – September 2, 2016).”

As for Coinspet, they noted (also available here): 

"Coinspect reviewed Zcash's innovations over the Bitcoin Core source code, focused on evaluating its resistance against specific threats to cryptocurrencies. Coinspect identified high-risk and moderate-risk issues during the assessment that affected the performance and availability of the Zcash p2p network. The security issues identified did not allow remote code execution nor allowed an attacker to steal funds or compromise the privacy of Zcash users. However we found exploitable 51% and isolation attacks with minimum resources.

It is an honor for Coinspect to contribute with our cryptocurrency security experience to the exceptional team behind this exciting project."

What I thought was interesting, was a couple of things.

Firstly, these are purely tech experts, not CPAs. They are producing "audit reports" that users will rely on for privacy, ability for the protocol to generate consensus, and loss of funds. 

Of course, these are all things that a CPA firm couldn't opine on such things because the liability would be too much for the firm to bear.

But I think that's the point: if things are so complex/risky that a CPA firm can't produce the audit report, it leaves the field wild open for competitors like Coinspect and NCC Group (who were likely paid $250,000).

And is the twist, that they retained 2 or 3 firms to do this. I think that's the real interesting part. 

Audits completed by CPA are governed by strict standards of independence to ensure that the auditors are independent.  However, what Zcash is in effect saying that such issues can be overcome by getting two "unlicensed" auditors to opine on the same thing. Implicitly, why would the two independent parties collude on a lie? 

Initially Zcash as a cryptocurrency was not doing so well price-wise. When this post was originally written (on Dec 23rd) there were 188,905 transactions executed on this by blockchain. Today, roughly 3 months later on April 10th, the transaction count has more than doubled to 463,560. Furthermore, it is now the 9th most popular by market capitalization.

Te world of cryptocurrency is not as conservative world of financial statements. However, the approach that Zcash to gain trust essentially. Although we can have philosophical debates on whether this meets GAAS or not, the reality is someone has found a way to eat our lunch. 



Thursday, December 22, 2016

Rogue One: A Star Wars Story or A Backup Story?

Recently saw the Rogue One installment of the latest installment of the Star Wars series of films.



I feel obligated to warn you that this is a spoiler alert.

However, if you seen Episode IV: A New Hope, then you really know the outcome already. But read at you're own peril.

As we know from Episode IV, the Death Star plans were obtained "at a high cost". And Rogue One is all about how the rebels get these plans. The protagonist, Jyn Erso, struggles to locate her father who is actually a fifth column within the Empire - purposely building a weakness into the Death Star. However, for his plan to succeed the rebels need to get their hands on - you guessed it - an offsite tape backup!

I kid you not!

Think about it: even in "a long time ago in a galaxy far, far away", those tape backups are the main way the Empire keeps a backup of their data.

The dramatic scene when they are trying to get the backup tape requires the heroes to use mechanical arms to pull out the backup out of the tape library. Of course, the arms breakdown as the Storm Troopers are able to overrun the building requiring the heroes to get the data themselves.

Yes, they can travel at lightspeed but still have not managed to move away from tape backups on to the cloud or something else.  Yikes.

To be fair the Star Wars movie makers had a tough balancing act: how do they remain true to the original but at the same time account for the fact that the original movie was made 2 decades before the Internet and 3 decades before the iPhone? 

In a way, the epic Battle of Scarif, is in reality of how the rebels (the hacktivists if you will) do their best to defeat the myriad information security controls that the Empire has in place to keep their backups secure. 
  • Physical security: Definitely, the Empire has good physical security, a whole Armada of ships to protect the Scarif - and light sabre wielding Darth Vader to boot! This includes the impenetrable shield that is used to prevent unauthorized vehicles/starships from entering the facility. Kind of like a futurized version of a bollard
  • Logical security: Really Empire? Only passwords? Of course to enter the facility, required the Rogue One to give a valid "access code" to enter the facility. Perhaps, if they had two-factor authentication or changed the access codes more frequently their facilities would have remained secure.  
  • Obscurity: Not sure if the Empire had encryption, but they ensured that to find the tapes you needed knowledge of how the backups were labeled and stored. To this point, perhaps the Empire could have used better training to ensure Erso's dad was instructed not to use names of family. 
  • Offsite backups: Talk about offsite backups! Not only was the tape not located on the Death Star or the facility where Erso's dad was engineering the Death Star, it was located light years away! 
  • Authorized communications: Part of the challenge the rebels had was that the file was too large and needed a special channel to communicate the plans to the rebel.
Probably not the full list of controls, but who would have thought a background in IT Audit would give you insights into a Star Wars Story :)

Wednesday, September 28, 2016

End of an Era: Blackberry to exit hardware business

CBC reported that Blackberry is exiting the hardware business. The news doesn't come as a surprise. As noted in this interview with CNBC in June of this year, the interviewer notes how Blackberry was steadily outsourcing the manufacturing of its devices. The CEO, John Chen, also confirmed that they were planning on exiting the business if it failed to be profitable:


Blackberry was my first smartphone, the 8900, to be exact.

However, when I saw the Torch, I remember thinking that after using the device how it was the perfect compromise between the touch screen and the classic keyboard. However, that feeling faded quite quickly after using the device. It was so under-powered compared to the competition and of course it lacked the apps that you could find in the Apple AppStore. But at the time I could never imagine giving up the physical QWERTY keyboard.

Since then I have moved onto Android and more specifically to the SwiftKey keyboard - to the point I can't go back to a physical keyboard!

How did BlackBerry fail to keep up with the times?

As noted in this article, Mike Lazaridis the founder of the CEO, was inspired to develop the BlackBerry when he recalled his teacher's advice while watching a presentation in 1987 - almost a decade before the Internet - on how Coke used wireless technology to manage the inventory at the vending machines. What was his teacher's advice? His teacher advised him not to get swept in the computer craze as the real boon lay in integrating wireless technology with computers.

BlackBerry caused a storm in the corporate introducing it's smartphones in 1998. It went on to dominate the corporate smartphone market as the gold standard in mobile communications. The following graphic from Bloomberg really captures the subsequent rise and fall quite well:



What happened how did the iPhone, unveiled in 2007, and the Android Operating System outflank the Blackberry?

This article in the New Yorker larger blames BlackBerry's inability to understand the trend of "consumerization of IT": users wanted to use their latest iPhone or Android device instead of the BlackBerry in the corporate environment - and was it just a matter of technology to make this happen.

Although luminaries, such as Clay Christensen, have written extensively on the challenge of innovation. And there's always the problem of hindsight bias.

However, is the problem more basic?

When we look at the financial crisis, some people like to blame poor modeling. But I think that is more convenient than accepting the reality that people got swept up in the wave.

Isn’t it fair to say that people knew that house of cards was going to come down (and some of the investment banks were even betting on it falling apart), but were overly optimistic that they would get out before everyone else does?

But that’s the point.

When we are in a situation where we are surrounded by people who confirm our understanding of the world – we may believe them instead of trying to see if our understanding of the situation is correct. With the housing bubble, the key players wanted to believe that those models were correct – even though models have failed the infamous Long Term Capital Management.

With BlackBerry, what I wonder is did they not even try to see within their families and those around them who were using the iPhone or Android devices? Weren’t they curious what “all the fuss was about”?

Although this is problem with many of us who want to believe that the present situation is going to continue indefinitely (especially when things are going our way), there are others who do stay on top of things. Most notably is the Encyclopedia Britannica that actually stopped issuing physical encyclopedias and moved to the digital channel instead.

Change is a challenge, but the key is to be prepared to admit that the current way of doing things can be done better, faster and in radically different way.

Thursday, August 4, 2016

FlightDelays & Contingency Planning in Real Life


Photo Credit: Trey Ratcliff

Last week, I had headed to a day long conference on Thursday in New York and was expecting to return home on the 7:20 flight back to Toronto.

However, things didn't goes as planned: La Guardia (LGA) had cancelled a number of flights due to weather delays.

I decided to haul it back renting a car through a one-way rental.

Originally, went to Hertz but they refused to rent to me because I was heading back to Toronto, Canada. If you can believe it, they advised me to rent to Buffalo and then take the bus back to Toronto. Yeah right!!!

Thank God, Avis did not give me such a ridiculous advice and instead gave me the car to  make my way back home. Ended up leaving Avis around 8:45 and made it home around 4:30 AM. One big advantage of travelling at that time of the night is that there is no traffic :)

Thinking about this after the fact, I realized it was a good lesson in "real life" contingency planning, so here's what I think I did right, could have done better and otherwise.

What I did right:
  • Call the travel agent instead of waiting in line to talk to the airline: I had already cleared customs and was lining up at the Air Canada desk inside LGA realizing that my flight was cancelled. However, I decided to call the travel agent (while in line)  to see what the situation was at other airports (JFK, Newark) and to see what my options were. That's where I learned that I would be flying out at 11:30 am on Friday (i.e. the next day). 
  • Avoided flying out on Friday: Didn't realize this at the time, but my chiropractor told me that after a major flight cancellation the airport is dealing with at least twice the volume the next day - especially since it was Friday and everyone would want to get home for the weekend. Consequently, how much rest would I get if I had to be back 3 to 4 hours earlier the next day to make sure I got on the plane? My fear at that time is that either the weather delays would continue or something else would force me on a later flight. 
  • Would any hotels be available? Given that many people had their flight cancelled, the hotels would likely be booked. Also, if I had to book outside the airport then I would have to battle morning traffic on the way back in. So it didn't seem like an appealing option. 
  • What's crazy to most, may be open to you: The 8 hour drive back did seem daunting. However, most wouldn't do such a crazy thing thereby making it a viable option - since everyone else would be trying to get on a plane there would be plenty of supply for me in terms of getting the rental. Or at least that's what I expected and it turned out to be right. Also, when I spoke to the travel agent she told me that someone else from Deloitte was looking to carpool back to Toronto. Unfortunately, I just missed him. However, realizing someone else is doing made it seem less crazy. And truth be told those cars were getting booked fast when I got to the car rental companies - many people were driving to Boston, Pittsburgh, etc. 
What I could have done better:
  • Monitoring for weather: When my flight got delayed on the way in on Wednesday that should have been a clue that there could be problems the next day. In the future, I should keep track of weather conditions and been mindful. 
  • Monitoring for cancellations: Although I had checked in via my mobile app, I had been using a low power mode for the iPhone. This prevent me from being alerted right away. The reason I was on lower power mode is that the conference organizers didn't have outlets at the table and so I wanted to make sure I had battery power to call/email/etc. at the airport. Next time, I should sit near an outlet or have portable power source to make sure that I can charge my phone at the airport or on the plane. 
  • Book a car sooner: If I had learned about the cancellation sooner, I could have made alternative arrangements sooner. At least I could have booked the car and procured it closer to where I was at, instead of wasting that time driving into the airport. 
  • Noticed airport irregularities: There were more people queuing up at the Air Canada counter outside the security area. However, I just dismissed this as volume. However, the lower volume in the security area should have been my second clue that something was awry. 
  • Check the rental for damage:  I was so focused on getting on my way, I didn't check. As it turns out, the car was damaged massively on the front. Fortunately, the guy letting me out noticed that and wrote it on the form. It's hard, but in an emergency situation it is important to make sure to keep a cool head and not make such errors. 
Otherwise: One thing that stuck in my mind is missing the fellow Deloitte colleague on the way back to Toronto. Was there a better of organizing ourselves so if something like this were to happen again, we could car pool? How can we trust each other if we don't work at the same company? I think that setting up an app and getting subscribers to sign-up ahead of time wouldn't be feasible because most people don't think about getting stranded at the airport - let alone finding a way to trust each other using user reviews. 

Contingency plans: test, test, test.

My biggest takeaway from this experience is that you can't know how good a contingency plan is until you actual do a real live test. 

And unfortunately most companies overall don't test their plans. 

As noted in this Business Continuity survey, Deloitte categorized managers as "aware" (i.e. those who know there's a problem) and "committed" (i.e. those that are willing to take action to resolve it). Out of the Committed group basically only 50% had tested their plans, while the aware group only 17% had tested their plans. 

With real estate it's location, location, location, but with business continuity plans it's test, test, test. As noted above, I realized a number of gaps in my contingency plan that I never would have known until I experienced this real-life emergency.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else.

Wednesday, July 27, 2016

Reflections on the demise of Yahoo!

By now we've all heard that Yahoo!'s web assets were bought by Verizon. According to the Wall Street Journal, Verizon paid $4.83 billion in cash for the assets. Yahoo itself will continue to hold the remaining assets but will eventually change its name and become an investment company. In total, the company was rumoured to be worth $6 billion.

For us Gen Xers this is an interesting day: we witnessed the end of a company we saw as innovative and fresh just a "few" (i.e. read ~20) years ago.

I was recently explaining to a young lad in his early 20s about life before the Internet: you had to find books at the library and it was almost impossible to connect socially with people beyond your classmates. So to use Yahoo or other search engines to access information or people was a completely new and mind-blowing concept.

As I noted in this post commemorating Google's 17th anniversary:

"It's especially memorable for those of us who were in university in the late 90s because we had access to high speed internet on campus unlike the painfully slow dial-up at home. 

I remember my first job as a coop student at the UW Federation of Students (I can't believe this quote is still hanging around from that time!) when a co-worker was explaining to me how OpenText was the best search engine (of course using my NetScape Browser). Of course back then there was a number of search engines including, Yahoo, Lyco, Alta Vista, etc. However, I stuck to OpenText for a while then eventually switched, along with everyone else, to Google...Well Lycos, OpenText (as a search engine) and AltaVista may be long gone, but it looks like plaid is back!"

So now we can add Yahoo! to the pile of "has beens" search engine.

Beyond nostalgia, I had the following reflections on the Verizon of Yahoo based on the WSJ article above:
  • Verizon is no longer just pipes: Verizon has a strategy to move beyond just serving mobile and broadband services. Verizon is adding Yahoo to its existing portfolio of content plays, such as AOL. For Verizon, it's an overall strategy to make billions through content and advertising. Net neutrality can potentially limit their ability to use this vertical integration to undermine competition, but regardless it shows how being a "pipes-only" company is not enough. Of course it is a bit ironic that former rivals, Yahoo and AOL, are now sitting in the same tent.  
  • Big Data is monetized at the expense of privacy: The ability of Verizon to combine the data plays between its various content plays is a great illustration of a point that I have noted before: for big data achieve value it must water down privacy. Since there are synergistic values (i.e. instead of just being additive) of combining the data, it could be argued that it's something that a user should explicitly consent because a user may simply not want Verizon to use their Yahoo data this way.  
  • Remember the Internet Bubble? Yahoo! had a market capitalization of "more than $125 billion at the height of the dot-com boom in early 2000", which is quite a steep decline to $6 billion. I wonder if it ever produced the cash flows to justify that valuation. 
  • Algorithms win over people: WSJ today published a good read comparing the algorithmic approach of Google, in contrast manual effort required to index the Internet. This is similar to Amazon's who found that the algorithms to better than humans in getting people to buy things: "Amabot replaced the personable, handcrafted sections of the site with automatically generated recommendations in a standardized layout," according to The Everything Store, a new book exploring the history of Amazon. "The system handily won a series of tests and demonstrated it could sell as many products as the human editors."
  • Innovation and exponential thinking: On a separate note, but related note Yahoo could have bought Google for $3B in 2002 but it didn't. It's a great example of how Google embraced leading-edge technology to deal with the exponential growth of the Internet and Yahoo's inability to recognize Google's approach as the winning approach led to its demise.

Yahoo! is now literally a shell of its former self - both in structure and the assets it holds. However, it's a good case study of how failing to identify exponential trends - and acting on them - can ultimately lead to disaster.

Monday, July 25, 2016

Hacking reading: Is there a better way?

Came across Google's latest use of machine-learning: making "e-comic books" more readable.

One of the challenges of reading such fine literature on a mobile device is the small print that is within the bubbles.

Google's solution? Bubble Zoom.

As per Ars Technica:

"Google is tackling this problem the way it seems to be tackling every problem lately: with machine learning. Google has taught its army of computers to detect the speech bubbles in comic books, allowing you to zoom in on them with just a tap. The bubbles lift off the page and get bigger without affecting the underlying image. This lets you see the entire page while still reading the text. Google calls the feature "Bubble Zoom.""

Here are a couple of screenshots that show how it works:

For those that want to try this out on their Android device, you can download some free preview titles on the Google Play store.

Of course the obvious point, as mentioned by Ars Technica above, is that machine learning is being by Google and others to solve such interesting problems. The entire DC and Marvel comic book library has the Bubble Zoom feature enabled, which shows the power of machine learning to essentially reconfigure a massive amount of content.

The other point worth noting is how this technology fundamentally alters the way we consume text.

We have different channels, video, podcasts, and audio-books and can access books digitally but plain old reading has not changed that much. Zoom Bubble attempts to do that by building interactivity into the traditionally static medium of comic books.

To be honest I was surprised when I polled my IT Audit and Innovation class in January 2016 to see really none of them had shifted to e-books. They still rather have the physical copy, highlight and take notes.

That being said, a lot of credit should be given to Amazon for trying to go a long way to make it comfortable to read and enable you to access the content from multiple devices.

I’ve been experimenting with e-reading the Kindle, Samsung Note 4, iPad and iPhone.

The reader of choice depends on how you absorb information. If you want to savor your book and slowly digest, then Kindle is the easiest on the eyes

However, for us reading-for-productivity, i.e. if you are the type of person that needs to highlight and then extract notes, for the purposes presenting, researching, or blogging, then I think the Note 4 or the iPad is best. 

With the Kindle ecosystem, when you highlight the text (regardless of the device) its captured and stored on the cloud and then you can always access your notes there. For example, I highlighted the text below on my mobile device and it appears in the cloud (i.e. by logging into https://kindle.amazon.com/your_highlights): 

“ although GitHub is currently optimized for developers, similar platforms will eventually emerge for lawyers, doctors, publicists and other professionals. The platform has already been extended into enterprise software development with a successful paid business model, and can or soon will be used by governments, non-profits and educational institutions. GitHub charges users a monthly subscription—ranging from $7 to $200—to store programming source code. Andreessen Horowitz, one of the world’s leading venture capital firms, recently invested $100 million in GitHub. It was the VC firm’s largest investment round ever.”

In terms of iPad/iPhone versus Note 4, the Note 4 you can use its stylus to highlight text but you have to take an extra step to select the colour you want (you have 3 colors to choose from). In contrast, with iPad/iPhone you can just pick the colour right from the menu that pop-ups when you select a piece of text. The iPad’s larger form factor is also good for scan-reading. Of course the advantage for me on the Note 4/iPhone is that it’s my mobile device so it eliminates the need to carry around extra device.

One way to improve the readability is to change the background colour to Sepia from white. I have found it to be easier on the eyes.

The ability to move through multiple devices shows the brilliance of Amazon harnessing the power of open, mobile, cloud and seamless connectivity across platforms.

They could have gone the closed approach, i.e. you have to read their e-books off of their device. But by being open it enables the consumer to consume content in a manner that works for us. Microsoft has gone down this road as well with Office. I originally thought this was a bad idea but later recanted.

On a more critical note, as I have blogged before Amazon offers to US customers ONLY the ability to sync their audiobooks (Audible is owned by Amazon)  to their kindle ebooks for certain titles. It would be nice if this feature was also available out of the US.

What I've found to be a productivity hack, is to listen to the audio book on my Audible app at 2-3X speeds while driving around. I've self-diagnosed myself as an audiolearner it does help to learn things and get a good grasp of the topic. Such an approach can also help get the overall context of the material being presented. The Audible app enables you to bookmark, so that is a good way to track what you have to read up later.

Then I go through the Kindle e-book and highlight the parts I want to extract off the cloud. You can do this on the commute in or just waiting in line. The trick here is not to re-read the book but just extract those pieces of texts you wanted to focus on while listening to the audiobook. Moving the bookmarks from the audiobook to the e-books acts like a secondary review ensuring you've extracted all the content that's relevant to your presentation, research, blog post, etc. Alternatively, moving from the audiobook to the e-book may be the way you actually digest the content if you are more of a visual/text oriented learner. I personally need to do this with numbers and dates.

Finally, if you want to move the highlighted text off the cloud, try this to move the content to Evernote.

Although I think there are better ways out there to hack reading, I think the Amazon ecosystem goes a long way to get us there. One day, I hope, they will bring Immersion Reading to the world :)



Wednesday, July 20, 2016

Passwords: How's that still a thing?

Passwords.

How is this topic still a thing? 

In two words: Mark Zuckerberg. 

In June 2016, Mark Zuckerberg got hacked and his secret password was revealed for all to see. Did it meet all those wonderful rules we learn in information security school? Was it ISO27001/2 compliant? 

Well his password was "dadada" - so I'll let you decide. 

The Wall Street Journal's Nathan Olivarez-Giles had a great article on hacking/passwords. 



The article refers to a site where you can check to see if you've been hacked https://haveibeenpwned.com/ - definitely worth checking out. 

Of course the next step is to then change the password on the 7 million devices you own, but who says hackers make your life boring? 

Passwords are the best illustration of trade-off between convenience and security: you don't want the bad guys getting but at the same time you want to make it easy to use your email and the other services that you use.

One possible antidote to this unending saga of deal with hackings - managing the convenience versus security divide - is the use of password manager services. 

WSJ's Geoffrey Fowler had an article which reviewed "1Password, Dashlane, LastPass and PasswordBox"; giving the win to Dashlane.

Of course two factor authentication, as Oliveraz-Giles points out, is a key control that we all need to implement in our lives - especially since many popular services are making it easier two use such a feature. 

The fact passwords continue to be an issue reminds us that the most challenging aspect of a system is not the technology, but the people that use them.





Tuesday, July 19, 2016

Blockchaincanada.org: The inaugural meetup

Just finished attending a meet up sponsored by www.blockchaincanada.org. The room was filled to capacity - illustrating the excitement around the disruptive technology right here in Toronto. 

Alan Wunsche, co-founder of the organization, walked through the road map of the non- profit organization, which looks at multiple initiatives to raise the profile of blockchain in Canada and prevent the departure of luminaries in the field, such as Vitalik Buterin (Alan wasn't so specific, but I decided to read between the lines).

The organization is driven by community, and the thoughtware to be produced by the group will rely on the volunteers. For example, I volunteered for the accounting working group to explore Canadian initiatives around triple entry bookkeeping and alternative accounting models.

For those interested, in a deeper dive into blockchain checkout their blockchain hackathon this weekend.


Monday, July 18, 2016

Big Data and Predictive Policing: Can algorithms become racists?

Interesting article on Forbes by Thomas Davenport on Big Data. The articles discusses how various government, including Canadian Public Safety Operations Organization (CanOps), have used big data tools for "situational awareness". These systems draw on myriad sources of data to give users (e.g. law enforcement) the information they need to deal with a particular situation.

Here are a few points that I thought were worth noting:

Government is making strides in big data: We often think of Amazon, Google and other tech-giants as key users of this data. However, as the Davenport points out that the government is using this technology to assist with decision making. However, whether this is something that should be celebrated remains to be seen (see predictive policing below)

Privacy versus Value trade-off: He talks about how CanOps use of MASAS, the Multi-Agency Situational Awareness System, is limited by the filtering of sensitive information: "breadth of MASAS is noble, but it seems to limit its value. For example, as the CanOps website notes, because agencies are reticent to share sensitive information with other agencies, all the information shared was non-sensitive (i.e. not terribly useful)." It seems that this continues to be a theme that we had noted in back a couple years when discussing a similar trade-off the companies face when dealing with big data. As I noted in this post:

"privacy policies require the user to consent to a specific uses of data at the time they sign up for the service. This means future big data analytics are essentially limited by what uses the user agreed upon sign-up. However, corporations in their drive to maximize profits will ultimately make privacy policies so loose (i.e. to cover secondary uses) that the user essentially has to give up all their privacy in order to use the service."

Consequently, there still needs to be a solution as to how privacy can be respected but organizations can use the data they have collected to make better decisions.

Predictive Policing is an emerging reality: The sci-fi movie, Minority Report, paints a future where law enforcement arrests people before they commit crimes.


That future seems to be well on its.  Davenport mentions how "predictive policing" was introduced in 2014 to the NYPD.  He also mentions how much data is being collected by the police:

"It collects and analyzes data from sensors—including 9,000 closed circuit TV cameras, 500 license plate readers with over 2 billion plate reads, 600 fixed and mobile radiation and chemical sensors, and a network of ShotSpotter audio gunshot detectors covering 24 square miles—as well as 54 million 911 calls from citizens. The system also can draw from NYPD crime records, including 100 million summonses."

The idea of predictive policing was also raised in the book,  Big Data: A Revolution That Will Transform How We Live, Work, and Think, which I had explored in a multi-blog post series (click here for the first installment).

Andrew Guthrie Ferguson, Law professor UDC David A. Clarke School of Law, wrote an article on how that predictive policing is something that has not be really sorted in out in terms of legality. He notes:

"The open question is whether this big-data information combined with predictive technologies will create “predictive reasonable suspicion“ undermining Fourth Amendment protections in ways quite similar to the stop-and-frisk practices challenged in federal court.

In two law review articles I have detailed the distorting effects of predictive policing and big data on the Fourth Amendment and have come to the conclusion that insufficient attention has been given at the front end to these constitutional questions. New York has the chance now to address these issues before the adoption of the technology and should be encouraged by the same civil libertarians and ordinary citizens who challenged the stop and frisk policies."

His commentary highlights another limitation: big data predictions are biased based on how the data is collected. The stop and frisk policies he refers to disproportionately targeted minorities. Furthermore, policing is more focused on poor, black/hispanic neighbourhoods. Michelle Alexander documents in her book, The New Jim Crow, how this happens:

"Alexander explains how the criminal justice system functions as a new system of racial control by targeting black men through the “War on Drugs.” The Anti-Drug Abuse Act of 1986, for example, included far more severe punishment for distribution of crack (associated with blacks) than powder cocaine (associated with whites). Civil penalties, such as not being able to live in public housing and not being able to get student loans, have been added to the already harsh prison sentences."

Consequently, if the data by law enforcement is used to predict crime that essentially the targeting of minorities will continue to target such groups given that it is based on biased data. 

Technology often is seen to be a silver bullet for problems. However, we need to keep in mind that it is vulnerable to the human element that makes it. Given Microsoft's recent faux pas of accidentally allowing an AI avatar to become a Nazi, it is something that should actively be considered in the systems that are built to police and govern. 


Sunday, July 3, 2016

Telsa Autopilot Fatality: Let's not blame the robots...yet.

By now most have heard of the fiery crash involving a Tesla roadster. This episode from the Young Turks does a good job at examining incident:

For more sensationalist coverage of the incident, watch the following:


The gentlemen at the end of the video notes how he would never trust a computer to drive him and his family.

So are such fears of computers warranted? 

If you look at the original press release from Tesla, it notes:

"What we know is that the vehicle was on a divided highway with Autopilot engaged when a tractor trailer drove across the highway perpendicular to the Model S. Neither Autopilot nor the driver noticed the white side of the tractor trailer against a brightly lit sky, so the brake was not applied. The high ride height of the trailer combined with its positioning across the road and the extremely rare circumstances of the impact caused the Model S to pass under the trailer, with the bottom of the trailer impacting the windshield of the Model S. Had the Model S impacted the front or rear of the trailer, even at high speed, its advanced crash safety system would likely have prevented serious injury as it has in numerous other similar incidents."

So analyzing the incident both the auto-pilot system and the driver didn't recognize the truck in the distance. With the fear of robots, it's easy to fan the flames of "robotophobia" and quickly blame the robots. For example, some could claim the driver would have been vigilant had he not had such an auto-pilot system. But this is mere speculation and hard to prove. 

A couple other things should be noted when evaluating this incident.
  • Robot record is superior to the human only record: As Tesla has noted, that the car has driven safely 130 million miles, contrasting this to a fatality every 94 million miles driven in the US and 60 million world wide. In other words, the robot record is superior to the human only record. 
  • What about the times the robot has saved people from crashes? The other problem is how do you balance this bad news with the good news that never gets reported. This refers to the time the autopilot acted to save the human beings from crashes. It similar to investments in information security that save the company from countless malware incidents. However, because nothing happens no one really notices the value of technology. Similarly, we're not able to balance the "fear, uncertainty, doubt" associated with this incident with all the times the auto-pilot system actually avoided a crash. 
The incident does point out, however, a bigger looming issue of how human beings and machines work together. Despite the caveats, people are already eager to let the auto-pilot drive them around. And really why not? Commuting is giant waste of time and we could be more productive while letting the computer drive us around. 

Nicholas Carr explores this issue in his latest book The Glass Cage. In the book, he explore how the more reliant we are on a technology, the less connected we are to the world. For example, by moving from manual to automatic transmission, in his opinion, driving is less fun. He also points out how airplane pilots are really just babysitting the computer that actually flies the plane. The trouble occurs when there is a crisis situation where the pilots are unable to handle the situation because they have lost their ability to actually fly planes. 

To be fair, this was not the issue in the Tesla crash - it's way too soon to say that the individual driving the car was overly dependent on the car. However, it is plausible to see how this will occur quite quickly if someone like Google were to offer driverless cars to the massed (as I noted in this  post). However, the government didn't made it mandatory to learn to ride a horse - just in case all the cars stopped worked. So I doubt they will force us to learn to drive cars, just in case the autonomous cars stop driving. 

Thursday, June 30, 2016

Algorithms stayed the chaos during Brexit storm: Can they help with auditor judgment?

The recent Brexit crisis hit the markets hard with the various stock indices plummeting and investors fleeing for the safe haven of gold, which went up "by $59.30, or 4.7 percent".

Amid this  chaos, some investment strategies fared well - thanks to the use of robots.

According to the WSJ article, "Who Made Money in the Brexit Chaos? Machines, Not Humans",  machines were immune to the fear, uncertainty and doubt that plagued markets (italics, highlight mine):

"This fund category, sometimes called commodity trading advisors, or CTAs, uses customized trading algorithms to spot market trends and place bets on futures and other derivatives. Most of the models didn’t factor in British election polls, bookmakers’ odds or the political-tea leaf reading that swayed other investors looking for an edge. In the weeks leading up to the Brexit vote, the trading models at many of these firms adopted a defensive pose. They favored high-quality government bonds, gold and safer currencies like the yen, while mostly avoiding riskier bets like oil and emerging markets.

That positioning paid off after Brexit caused the pound and more volatile assets to plunge as Thursday’s results came in. Société Générale’s CTA Index gained 1.5% on Friday. AQR Capital Management LLC, Fort and Welton Investments Partners LLC were among the big gainers... A key to CTAs’ success, their managers say, is that their models can tune out noise around market moving events—like an election or crucial economic data—that are important to investors but can be difficult to accurately forecast."

The article also quoted Lara Magnusen, portfolio strategist for Altegris’s main fund, who said (bold mine):

"Our models aren’t going to be affected by the same sentiments a human would be"

I thought that this was interesting as it illustrates how the machines can be seen as a way to provide an anchor when people are getting caught up in an emotional frenzy. Think of the implications for the world of audit and assurance, where professional judgement are made to determine what accounts, transactions, etc. are risky and should be tested. Imagine an audit algorithm that can be as an independent monitor that vets judgments of the audit professional - in a "race with a machine" scenario (for more on this idea see the Ted Talk below with MIT professor Eric Brynjolfsson). This could potentially improve auditor judgment, stakeholder confidence and audit quality.


Initially, I think this would be a way for audit firms to reduce the level of uncertainty associated with reviews from the PCAOB, CPAB and their equivalents in other jurisdictions. This would especially be the case if such audit oversight bodies would "bless" such algorithms and be able to ensure that the firms applied such judgment consistently, e.g. by having access to the "audit logs" produce by such programs.

The next - and more controversial step - would be to argue that independence rules can be relaxed in light of such automated oversight. To be honest I think there's a low likelihood of such an idea making traction with regulators in the near future, given that Europe has sought to require mandatory rotations of auditing firms. But it is something that should at least be contemplated, especially when automation becomes commonplace and attitudes may change towards how algorithms can play nicely with humans.

Tuesday, June 28, 2016

GoldmanSachs on Blockchain: Insights into Audit & Accounting Automation

As noted in this Business Insider article, Goldman Sachs (GS) published a report on blockchain that identifies a number of scenarios where the technology can save billions. The BI article extracted the following use cases from the 88 page report:
  • Better authentication of individuals partaking in the sharing economy: Leveraging the "smart identity" functionality of the blockchain, peer-to-peer sharing businesses sites (e.g. Airbnb) can give both the customer (e.g. the renter) and the supplier (e.g. the home owner) greater assurance that the customer is really who they say they are. The GS report also links the identity to smart contracts that facilitates automated performance based payments 
  • Accounting system for renewable energy power generation: Where individual homeowners are generating wind or solar power, the blockchain can be the natural accounting system to manage the "debits and credits" transferred back and forth between the energy producer and the network. It also enables payment transfers as well. 
  • Reducing back end administration for title insurance: The actual GS report notes how the vast majority of the cost associated with title insurance can be reduced by about 30% using blockchain to manage the underlying property records. Other interesting notes is that they attribute part of the decline to improved actuarial risk calculations due to "greater historical transparency". 
  • Improving accuracy and timeliness of trading various securities: The financial services industry usage of the blockchain is quite straightforward - replace the chaotic world of spreadsheet accounting with the streamlined world of blockchain - it is a database technology after all. NASDAQ use of Linq was featured in this DUPress article and can also be found here. The GS report goes into much more granular detail as to the different scenarios on how the back-end system can be improved resulting in less verification issues and improved trading times.  
  • Better authentication of customers aka KYC (Know-Your-Customer): As noted in the BI article, "Like with the Airbnb example, Goldman envisions identity data stored on a blockchain that could help finance firms easily and quickly check new customers as part of "know your customer" regulation — a bit like a digital passport."
I went through the long report and extracted the following accounting automation insights:
  • Blockchains can reduce spreadsheet funk. Sharing spreadsheets has become the norm in the financial world for being a flexible way to send quantitative information along with context and some formulas here and there; it's how we auditors often get data from the client when asking for a breakdown of an account we are looking into as a part of the audit. It's also error prone. Blockchain, in a sense, is a "napster-esque" way of sharing financial information that ensures a common data structure between the sender and the receiver thereby eliminating the manual verification/handling of spreadsheets (see pages 3 and 10).
  • Blockchain can enhance "assurance", where it's not feasible for auditors to do so. On page 16 the report discusses the role of smart identities in assisting the sharing economy. It talks about how required digitally signed user reviews will have greater data integrity as it could reduce the risk of self-inflated reviews. Although people rely on such reviews to buy books, rent hotels, etc., there is risk of fraud where the seller will inflate reviews or pay people to do so. However, with a blockchain enabled smart identity there's a higher level of assurance that the end-user can place on the reviews as it harder for the site owner to fake the reviews due to fact the review is digitally signed. Of course no audit firm would have audited such reviews. But I think that's the point: the blockchain technology fills an an assurance need that auditors couldn't, simply because the delivery of such a service wouldn't be profitable. 
  • Blockchain automation will reduce the need for back-end clerical staff (aka accountants): When looking at the application of blockchain to the title insurance industry (see pages 33-39), it notes how 75% of the industry premiums relate to headcount costs. GS puts the reduction in clerical staff by 30% and a 20% reduction in variable expenses (e.g. commissions, marketing, etc.). Blockchain - without AI enhancements - will automate accounting work as part of the automating knowledge work trend. This is of course more clerical tasks, but blockchain will likely result in less headcount within the finance department. 
  • Role for third party assurance reports in a permissioned blockchain: The consensus mechanism in the permissioned blockchain is quite different than it's public counterpart, which relies on the proof of work (POW). (See the Khan Academy video, below for the POW and the blockchain section in this post) This is not the case for permissioned system which require the consortium who set-up the blockchain to determine how they will work with each other. This could require auditors to provide assurance over the implementation of blockchain similar to what the SOC report does for cloud computing companies. The report discusses how (see page 29) on how the blockchain will enable "Smart Grid Blockchains" to essentially acts as the record keeping and payment system of energy exchanged by the household owner who has windmills, solar panels to the power grid. But how do we ensure that this being calculated properly? Well, that's where the Processing Integrity Principle of the SOC3 assurance report comes in. It could provide assurance that the blockchain-accounting-payment system is processing the data in complete, accurate and timely manner.  
  • Greater visibility, means greater opportunity for audit analytics. One area of cost savings associated with a blockchain enabled title insurance industry is that actuaries will be better able to assess risk  because of "greater historical transparency and immutability into the property registration system" (see page 38). Consequently, where a material amount of transactions are on a blockchain auditors will have (1) easier access to the data (not a trivial matter by any means!) and (2) can run better analytics to identify irregular transactions and (3) enable better ways to assess estimates. 
  • Value versus hourly billing: In a number of the use cases identified (e.g. title insurance, settling equities, KYC; see pages 38, 51, 75) noted how the gains (read: headcount reduction) from blockchain enabled automation are expected to be passed on to the customer. Why is this relevant to audit? Audit firms could be expected to hand over automation windfalls to the client and further reduce fees. On the one hand, the more automated the audit, the potentially less fees that audit will capture. On the other hand, regulators may want the auditors to do more with the budget that has been freed up. So the revenue, profitability of highly automated audits will depend on how the regulators re-draw scope in light of such advances. 
Despite having the reputation as a great-vampire-squid, the GS report is quite useful for those working in the blockchain space in identifying the potential for this exponential technology.


Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else

Tuesday, June 14, 2016

AI-as-a-Screenplay Writer: Computer overlords strike again?

Normally when I discuss artificial intelligence on the impact of work, it's in the context of the automation of accounting and auditing work (A3W). However, a story that's been circulating for past few days in my Google alerts is the story of the movie Sunspring. Unlike most movies it's not written by human being, but rather it is written by a computer.

Ars Technica, who hosted the online debut of the movie, noted that the script was "authored by a recurrent neural network called long short-term memory, or LSTM for short. At least, that's what we'd call it. The AI named itself Benjamin."
The movie is really odd to put it nicely. However, it does comes across as one of those art movies that (also) don't make any sense. The song in the movie is also generated by the machine.

However, this is not the first time that algorithms have been trained to be artists. Chris Steiner in his book "Automate This: How Algorithms Came to Rule Our World" notes that Emmy,  an algorithm, "produced orchestral pieces so impressive that some music scholars failed to identify them as the work of a machine". In a piece he authored for the Wall Street Journal he notes "analyzing only the script, an algorithm from Epagogix, a risk-management firm that caters to the entertainment industry, predicts box office grosses. Epagogix broke into the business when a major studio allowed the firm to analyze script data for nine yet-to-be released films. In six of the nine cases, its predictions were spot-on. Algorithms have since become an essential tool in Hollywood."

If the chaotic world of creative works can be automated by algorithms, then I think the predictable, routine world of debits and credits can't be too far behind.


Monday, June 13, 2016

Can accounting errors ruin your life? JohnOliver explains how they can.

In this episode Last Week Tonight, John Oliver explores the world of debt buying:



The segment received wide publicity as he tried to out do Oprah by conducting the biggest giveaway on television - he bought $15 million worth of medical debt and forgave it. This article on Fortune does a good job of summarizing the show:
  • US households owe $12 trillion in debt of which $436 billion is 90+ days past due. 
  • Companies who discharge the debt sell it for pennies on the dollar to a growing number of companies that specializes in debt buying.  
  • One company, Encore Capital, notes that in 1 in 5 Americans owes or has owed them money. 
  • Debt that's been paid "come back to life", which is affectionately known as Zombie debt.
There was some controversy, however, about who he worked with to write-off the debt (they noted their grievances here, to which John responded here) and the value of the debt. On the latter count, is it really fair to criticize an act of charity that improved the lives of approximately 9,000 people?  

Nothing good happens in Excel. 
But the segment which is most relevant to us is when he starts talking about how the information is actually sold.  It is sold on spreadsheets. Oliver gets quite dramatic as he shares his his phobia of Excel and notes how "nothing good happens in Excel". He also explains that the spreadsheets are sold "as is"; meaning that the seller does not guaranty accuracy of the information related to the debt contracts being sold.

And that's where the jokes stops.

In the segment, he has footage from interviews with Jake Halpern, who wrote "Bad Paper: Chasing Debt from Wall Street to the Underworld". The book follows the life of a debt buyer of Aaron Siegel, who is born to a rich family in Buffalo, New York. He takes an array of characters, including his Brandon, who is an ex-con who does that gritty part of work of finding the debt, ensuring its good and collecting on it.

What caught my attention as I was going through book, is that it gave a bit more detail to what John Oliver mentioned about the banks selling the paper "as is". Halpern notes on page 58 of his book (see below for the link to the book), that when Washington Mutual sold Joanna and Theresa's debt to Aaron, the credits awarded against their accounts that were not reflected in the spreadsheet that was given to the debt buyer.


And that's how accounting errors can ruin lives.

When you read the life stories of these two ladies it's heart wrenching to think that a few lines on an Excel spreadsheet could have a detrimental impact on their lives. Some would cynically say this is over dramatic and try to find reason to blame Joanna and Theresa falling into this problem. But I don't think that's fair. When you read the lives of these people, it's clear that they were affected by factors beyond their control. It's really this broken system of debt collection that is responsible for them failing to get the debt relief that they were owed.

The way accounting systems and spreadsheets are designed and operated can have real impact on real people. As an accountant myself, I often wondered what value is accounting in the grand scheme of things. But as Halpern's story illustrates the accountants, bookkeepers, etc. had a real impact on the livesof these two women.

No one is saying that accountants have the same impact on the lives of people the way a cancer specialist does. But at the same time a few a lines on Excel spreadsheet could be the difference between perpetual anxiety and a good nights sleep.