CPAs to the Future: Why Data Governance?

In 2018, CPA Canada held the Foresight Sessions where they consulted CPAs and others how the profession should move forward. CPA Canada took a broad view of the topic and brought a diverse crowd of people to look at how things could unfold. There were a number of facilitated sessions that looked at a number of possible scenarios and how the profession could thrive in each of those scenarios. What I liked about the sessions was the diversity of thought. The environment was so open that attendees were even willing to talk about things like wealth inequality and its potential impact on the profession. 

So where did things end up? 

A report was published and the two key areas that became the focus where Value Creation and Data Governance. 

Before looking at where we are now, it is good to take a step back and look at the underlying need to re-examine the profession. The CPA profession was borne in a book-based world where knowledge went through a manufacturing process of sorts. Regardless of whether it is the accounting standards themselves or the actual financial statements, the idea was there was a sense of finality to the process. The Internet, and more specifically the hyperlink, changed that. Data, information and knowledge are now networked. 

It's not to say that the profession was unaware of this. 

As a CPA who got his start in the world of Audit Data Analytics back in 2000 (yes, 20 years ago, when this type of work was known as computer-assisted audit techniques). Back then, IT-focused CPAs like myself used to tools like Audit Command Language or IDEA  (sometimes referred to as 'generalized audit software'). This required the analysis of data largely for audit support. 

CPA Canada also published the Information Integrity Control Guidelines (authored by Efrim Boritz and myself), which looked at how controls and "enablers" would create information integrity. The project was designed to take a fresh look at the traditional dichotomy between "general computer controls" and application controls". For example, the publication also looked at controls specifically around content. 

Why Data Governance? 

The challenge I have found is how to succinctly articulate how CPAs can play on the dividing between business and technology.  Data governance probably is a good place to start. Even when you consider something more technical like a 'data scientist', a key component is to have business domain knowledge. Hence, to capture the future it makes sense to look at something that is beyond technology but rather data and information. After accountants have experience with data, but not configuring routers. Furthermore, as pointed out in this CPA Canada article "there is already a need for foundational standards of practice around all aspects of data governance and the data value chain".

Why are CPAs suited for data governance? 

I have always felt that CPAs have a solid foundation in understanding information. Through the FASB framework, we realize the trade-offs between relevance and reliability, as well as understanding the reality of what is needed to audit something. When looking at the work Efrim and I have done around information integrity, this was a key resource because it is unique in understanding the parameters of information. 

When teaching a class at Waterloo, I linked how this framework is now even relevant to social media companies. Google/YouTube, Facebook, and Twitter have all been "auditing" posts on their respective sites due to misinformation about COVID-19 or other matters. When covering this in-class, the concern I raised was around the "slippery slope". For example, does that mean all the other posts are "materially correct"? Such things illustrate how CPAs can add value when it comes to data governance.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else.

 

'The Algorithm Made Me Do It': How Racist-Tech led an African-American man sleeping in a filthy cell

We've heard of Fintech, maybe even Regtech, but have we heard of Racist-Tech?

In the past few weeks, the US sees the largest protests in its history. I am not referring to the protests where armed protestors show up to state-capitals without much reaction. Rather, these are the protests that were in response to the death of George Floyd. George Floyd who died after a police officer kneeled on his neck (with his hands in his pocket) for eight minutes and forty-six seconds. These protests, in contrast, have been met with a strong reaction.

A related incident occurred a few months before Mr. Floyd lost his life.

As reported in NPR, Robert Julian-Borchak Williams was picked up by police by January 2020 and when he got to the station, he was surprised to the lack of resemblance between him and the pictures of the suspect.

The officer's response? "So I guess the computer got it wrong, too." 

Regardless, "Williams was detained for 30 hours and then released on bail until a court hearing on the case, his lawyers say."

(For more on the story, check out this video)

The story is chilling, to say the least.  The knee jerk reaction is to think of Skynet and dark AI. But is that really what's happening here?

The social unrest speaks to how the desegregation struggles of the 1960s have not totally succeeded. The challenge is that racism is systemic. Within the institutions that hold society together, the gothic systems that existed in the 1950s somehow still exist until today. Sure, it's illegal for prosecutors, judges and cops to be racist. But then how do we explain the treatment of George Floyd and Robert Williams? Is there is no overall monitoring provisioning to ensure that the desired equality is achieved? For example, good monitoring controls over a system would assess the outcomes to see if the desired outcomes are achieved. There was a case that tested this idea. In McClesky v Kemp, where the defence team provided Dr. Baldus's study that statistically proved that the African American is 4.3 times more likely to get the death penalty, the "big data" analysis was rejected and Warren McClesky was put to death by the state. (And yes it controlled for 35 non-race variables).

In other words, data analysis shows there actually is a problem. However, the courts essentially denied this reality and pretended everything is okay.

What does this have to do with Racist Tech?

It means that the systems and the data are biased. Racist Tech will naturally grow out of such systems. AI and predictive policing models that use data from the court system - also pretending everything is okay - will inevitably lead to people like Mr. Williams getting caught up in the criminal justice system. Compared to George Floyd he only had to spend 30 hours in a filthy cell. But during that time he would have no idea whether it was going to be 30 hours or 30 months, given how long it takes to exonerate the innocent.

I was once asked at a conference whether we can look forward to a future where AI takes over. My response was to point out the real issues is with the human that run the technology.  If I had to answer that question today, I would simply ask them to call Mr. William who knows that the nightmare scenario is here already.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else.

Are we ready? COVID-19 Reopening woes and the new realities it brings

Ontario is cautiously moving ahead with plans to reopen the economy. 

Certainly, there have been snags along the way. Patrons of a park in Toronto were not social distancing. Also, a nail salon in the city of Kingston caused a spike in cases. But despite these issues, one can look to the neighbour to the South and realize that things can be much challenging. 

According to CNBC:

"Governors in Washington, California, Florida and Texas are walking back some of their reopening plans as coronavirus cases rise in more than 30 states across the U.S., according to a CNBC analysis of data compiled by Johns Hopkins University"

This is not surprising given the rise in COVID-19 cases with CNBC reporting an increase of "5% over the previous week in 37 states across the country". 

With that in mind, there are some lessons we can learn a few things when considering the challenges or re-opening as the pandemic continues to spread in society (without a vaccine or cure). Specifically, the Wall Street Journal reported on how the re-openings - albeit semi-temporarily - unfolded in Texas. Based on this article, they noted the following:

• Pandemic screening: Entering and exiting office buildings will not be as easy as it used to be. There will be some measures implemented to ensure that sick people don't make it into the office. For example, buildings will check people's temperature as they enter the building. 
• Best laid plans can go awry: Companies are using all types of means to determine whether people should go back to the office. Dell,  for example,  has "built its own digital tool to analyze more than a dozen data points, such as local cases and hospitalizations, to guide its decision". However, the pandemic, like many business continuity risks, expose the things in the process we take for granted. Consequently, caution is best when trying to going back to "semi-normal".  For example, some offices were shut down after re-opening for two weeks because someone had got COVID-19. 
• Waiting for an elevator a non-trivial dilemma: Who would have thought that elevators would pose to be a dilemma during a pandemic? Getting in a closed space is a problem. But also forcing people to wait for an elevator is a problem. Will workers "socially distance" while waiting or will they fill the time waiting with impromptu meetings with colleagues? 
• Public transport or carpooling is now a high-risk activity: The article points out that a company had sufficient parking spots for only a third of its employees. That is, they assumed others were not going to drive. But parking is not the only issue. Many of us who use public transit, use that time on the train to catch up on emails or get that deliverable out there. Consequently, stuck behind the steering wheel is not only stressful but also lost productivity.

What does this mean? 

Working from home is the new normal. And companies have made it work. For example, Aniket Sanyal, an engineer from Halliburton was able to drill oil wells around the world from the comfort of his own home. What did he need? In his own words: “I just needed a good internet connection”. Other jobs, whether it's balancing a trial balance or sending documents to the client, are a lot less complex. They can be easily accommodated in the world of cloud and conference calls. 

According to Jennifer Davis, senior vice president of global communications from Dell: “We are predicting within our company and, frankly, more broadly, that the future of work looks different and that more people will stay home permanently". The article also notes that "only 50% of its workers will ever go back to an office, even when the crisis passes". In other words, working from home is now the new normal. Think about it. Would anyone risk getting COVID-19 waiting for an elevator when they could avoid such a risk by working from home? 

Consequently, the pandemic and the risks it brings makes us re-evaluate whether we need to be onsite or whether we just need a good internet connection.  

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else.

COVID-19 & Accounting firms: Will only the agile survive?

The impact of COVID-19 is impacting everyone, including accountants. As discussed in the last post, the crisis has made video calling normal to the point that people are experiencing fatigue. It speaks one of the adjustments people have had to make due to the "new normal"

But what is the wider impact on the profession? How are firms handling the COVID-19 Crisis?

Accounting Today published a survey, "The accounting profession and the coronavirus: The crisis in number" that gives some data as to where the accounting firms are at.

Economic Impacts: Bad News and the Good News

Not surprisingly, nearly three-quarters of the firms surveyed, felt that the pandemic was going to reduce their revenues. In terms of magnitude, 37% of those surveyed are predicting a 10%+ loss in earnings. The good news, however, is that most had not let staff go. Only 7% had laid off staff, while 4% were planning to do so.

The other interesting find is that the most popular service to come about due to this crisis was CARES Act Consulting, with 73% offering this service. The next closest was business continuity consulting at 36%. 

There were also some interesting finds around the tech front. 

• Working Remote: Over 60% of firms had challenges with closing their offices, with nearly half of those having some challenges with the "online approach". The survey found that only 10% had no remote capabilities. See the graphic below for more details
• Closing offices: Closely related to the previous result, only 13% fully shut down their office. The survey did not reveal why this was the case.  But if you can't work remotely, what other choice do you have? 
• Communications: Although more than half used traditional means of communication, 33%were looking at new forms of communication. 

https://www.accountingtoday.com/list/the-accounting-profession-and-the-coronavirus-the-crisis-in-numbers

CPA firms provide COVID-19 services free of charge
Many small businesses have been drastically impacted by the coronavirus shutdown. As reported by the Wall Street Journal, "about 20% of them had enough cash saved to operate normally for only two months if their revenue were to dry up. Among less financially secure companies, only 10% could operate normally on savings alone for two months". The survey found that 1/3rd of CPA firms are stepping up to help by not charging for COVID-19 related services. 

Agility in time of uncertainty

Virtual firms, like Live.ca, seem to have been well prepared for this pandemic. With no offices to speak of, the firm was online from day one. The firm was featured on this CPA Canada promotional video:

Being agile in times of adversity is key to success. Understandably, tech can be daunting for small firms. However, it is also daunting for small businesses. Consequently, the tech-savvy CPA firms are able to offer consulting services like business continuity planning. But before getting there, firms need to ensure that they have the underlying capabilities to be agile. For example, if the firm has limited capability to service clients remotely it not only reduces the ability to service clients but also prevents the firm from being viewed as adaptive by current and prospective clients.

That being said, it's a matter of will. With nearly three-quarters of the firms already offering CARES Consulting, just shows how agile firms can be when the mindset is there.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else

Have you heard of Zoom Fatigue? Killing the commute is not all it's cracked up to be

We are all probably familiar with "Zoombombing" by now.  This is where nefarious hackers (FBI has a warning about this) or Australian comedians (like Hamish Blake) invade your Zoom calls.



But have you heard of Zoom Fatigue?

Well, according to the BBC, USA Today, and The Wall Street Journal (WSJ), it is real.

COVID-19 has forced a locked-down, requiring people to work from home. That is, those who are fortunate enough to work from home during this pandemic, can use Zoom, Skype or other video chat apps to conduct business as usual. Except there are challenges. As noted in the USA Today article:

"From having to focus on 15 people at once in gallery view or worrying about how you appear as you speak, a number of things may cause someone to feel anxious or worried on a video call. Any of these factors require more focus and mental energy than a face-to-face meeting might, said Vaile Wright, the American Psychological Association's director of clinical research and quality."

BBC echoes something similar:

"Being on a video call requires more focus than a face-to-face chat, says Petriglieri. Video chats mean we need to work harder to process non-verbal cues like facial expressions, the tone and pitch of the voice, and body language; paying more attention to these consumes a lot of energy. “Our minds are together when our bodies feel we're not. That dissonance, which causes people to have conflicting feelings, is exhausting. You cannot relax into the conversation naturally,” he says"

To mitigate these impacts, both articles suggest being judicious on what calls should have the video turned on. USA Today quoting Vaile Wright (see above): "Be thoughtful about how you're using Zoom calls. You probably don't need video chat for all your work."

The WSJ sees this new reality differently.

They looked at the premise that working from home would result in free time for people. One of the individuals they interviewed for the story, thought that they would learn how to crochet. That didn't happen. What they found instead was that the inability to physically separate oneself from the work environment has enabled an "always-on" mentality. We all know no one is going anywhere, so the default assumption is that you are available. This is both for work as well as non-work meetings. For example, another individual in the article noted that they had to maintain an online calendar for their social life just to manage things.

For me, it's the commute. It takes about 20 minutes to drive to the commuter train station, then about an hour on the train. Then another 10 to 15 minutes to walk to the office. What I hadn't fully realized until now is a couple of things. Over time I have learned to use that time productively. It was during these gaps in my day that I could catch up with audiobooks and podcasts.

But there was another thing that was surprising.

The changing of scenario from home to the car to the station to the streets of Toronto and then the office gave me a chance to take a mental break automatically. At each point in commute, I was refreshed. With life at home, you can just be stuck behind a computer. (I am fidgety, so I guess that helps!) My podcast and audiobook consumption has collapsed, but I am writing more blog posts :)

Is this what the future holds?

I think that after this is over, the mental barrier that some executives had against working from home will be reduced dramatically. Even prior to the COVID-19 shut down, I knew of a fellow Hamiltonian who worked at a start-up where everyone was online. There was no office to speak of. With this being the new normal, weighed with the cost savings may convince some businesses that it's worth it to abandon the office lease altogether. That being said, there will need to be some kind of periodic physical meetings. But that can be accommodated in free public spaces like parks.

We often see in futuristic scenarios, how someone rolls out of their bed, slips a microphone/earpiece into their ear and then starts working with the hologram downstairs. Who would have thought it would have taken a pandemic to bring this future closer.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else

How can blockchain help us deal with the COVID-19 pandemic?

One of the post-peak challenges, we will face with COVID-19 is to determine who is immune and who is not. Assuming that people can get immunity (and there are reasons to believe that this may not be the case), there needs to be a way to determine who is capable of being in "high contact" area.

In other words, how do we verify that you have the COVID-19 anti-bodies that would enable you to work at a restaurant, grocery store or drive a bus?

Now the infrastructure to deliver this type of testing is still not there. For example, in "Laredo, officials discovered the tests they received were woefully inadequate. The local health department found them to have a reliability of about 20 percent."

Assuming we can get a test that works, then we would need a way to certify that the person has achieved the desired immunity.

Think about how this process could work manually:

1. The walk-in or doctor/lab will process the test.
2. The person waits for the test results.
3. They will then need to produce the results to the government.
4. The government will need to issue some type of official certification. 

There could be an incentive to fake the certification. Well, let's rephrase. That there will be an incentive to doctor these things. Not just to get a job. But also to defy quarantine orders using fake certificates. Consider the people protesting the quarantine that blocked healthcare workers in Michigan:

And so that's where blockchain comes in.

To be a bit more specific, this is the permissioned blockchain (unlike bitcoin which is a public blockchain) that is implemented between trusted parties. As noted in the process described above, there are many parties involved - the doctor, the clinic and the government - all these parties would need to be on-boarded through a KYC process that would give each participant a private key that enables them to "sign" the "digital paperwork" at each phase of the process.

This would then allow "digital immunity certificates" to be issued instantaneously. No need to wait for test results. No need to get an official document from the government.

As it turns out, Vottun is working on some type of "Immunity Passport" that "can be verified at any time using cryptography by any mobile phone that can read a QR code". The company is working in Spain and is in discussion with Dr. Fauci of the CDC.

There are a lot of assumptions on how this could work. But it could be the killer app that helps saves lives.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else

What do the Sony Car and the Visa acquisition of Plaid have in common?

Visa announced in early that they were going to buy Plaid for $5.3 billion. Who is Plaid, and why are they worth so much? 

According to the CNBC article that published the announcement: 

“Plaid’s API software, often referred to as the “plumbing” behind fintech companies, lets start-ups connect to users’ bank accounts. It’s well-known among financial technology developers, but the average person interacting with it most likely wouldn’t recognize the name. High-profile Plaid customers include popular peer-to-peer payment app Venmo, mobile investing app Robinhood and cryptocurrency exchanges Coinbase and Gemini.”

The article went on to note that about 25% of American bank account holders have “connected” the company’s app. 

Meanwhile, at the Consumer Electronics Show (CES), Sony unveiled its electric concept car, the Vision-S, in Las Vegas earlier this month. 

The car is a novel way for Sony to market its various technologies within the automotive space. The approach is not dissimilar from what Microsoft did with the Surface Book: allowing each company to put their stake in the ground as to what they see as the ‘art of the possible.’ 

This TheVerge video does an excellent job of highlighting its features and showing what the car:

Although these two innovations occur in vastly different fields, they speak to a common reality: data. The concept of big data has been with us for a while, but what separates it from innovations like AI and blockchain is that its underlying elements can give us insights into how a particular innovation lies on the value spectrum:

• Cars are increasingly being “datafied.” According to Intel, autonomous vehicles will produce about 4 terabytes of data per day. So it should be no surprise that Sony’s concept car looks to harness the power of data. According to Time, the car has “33 sensors inside and outside the car” that help with ensuring the safety of passengers by detecting external threats and internal threats (e.g. falling asleep at the wheel). Coindesk takes this one step further, speculating that this type of move will help auto-makers more broadly make machine-to-machine cryptocurrency payments a reality. 
• Plaid and the value of verified data: The Plaid acquisition highlights the “4th V” that some use – veracity. Visa's purchase of Plaid illustrates how “boring data” that is of how quality can be worth billions of dollars. But such value proposition is not limited to the financial realm. Blockchain databases can offer a similar value proposition, as they force standardization and data quality standards. 

In future posts, we will test this model further to see how the four Vs: volume, variety, velocity and veracity help us understand the value of up-and-coming technologies and trends. 

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else

Are we too confident in Artificial Intelligence? A look at AI's "stupid problem"

In the rise of AI over the past few decades, the victory of IBM's Big Blue over Garry Kasparov is the stuff of legend. However, what may not be as well known is how the actual artificial intelligence alone didn't result in machine defeating man.

Many chalked up the win to Big Blue being superior technology that allowed the computer to defeat the chess champion. He narrowed down his defeat to a move that "was too sophisticated for a computer". 

What actually happened? 

It turns out that the specific move that Kasparov attributed the win too was executed by the computer. However, the chess move didn't come from the AI programming specific. It rather was more attributable to "technology controls" that there programmed into the system. The system was designed to conduct a random legal move if the system started going into an endless loop (go to 6:35 in this video to see the full story):

As noted in the video, the move through off Kasparov as the move made no sense. In the video, it insinuates that Kasparov put too much faith in the machine. However, according to Wired, he attributed the win to some type of human intervention. Either way the computer threw-off the chess championing; a factor that arguably contributed to his loss.

Enter Janelle Shane.

She did a Ted Talk entitled "The danger of AI is weirder than you think". In the talk, she notes how she applied machine learning to discover new ice-cream flavours based on 1,600 pre-existing flavours. The result:

Anyone want to hire this machine as their next culinary expert? Probably, not.

The example is illustrative of AI's "stupid problem".

As Shane notes, AI "has the approximate computing power of an earthworm, or maybe at most a single honeybee, and actually, probably maybe less. Like, we're constantly learning new things about brains that make it clear how much our AIs don't measure up to real brains."

The challenge with programming nuance into algorithms and AI more broadly speak to the classic accounting problem that goes with architecting proper incentives. We should not forget that the underlying equations that are built into such incentives are algorithms in their own right. For example, strictly profit-oriented incentives have incentivized management to look at short-term and forgo the long-run. This, in turn, resulted in more comprehensive incentive structures such as Kaplan's balanced-score-card. Putting the two together, if we programmed an algorithm to increase "shareholder value", what would happen? Would it launder money for drug cartels (i.e. because the benefit of the revenues outweighed the cost of the fine), clear-cut Amazon rainforests or outsource manufacturing to take advantage of low-cost labour in China, Bangladesh and elsewhere? As the links suggest, these are all practices that would be programmed into the sharehoder-maximizing algorithm. 

With this in mind, it requires risk and control specialists to approach AI like any system. They are ultimately programmed by regular human beings who make mistakes. If a system can throw off a reigning chess champion due to a coding flaw, we need to take heed.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else