Sunday, October 15, 2017

What's missing from this Top 5 uses of Blockchain list?

TechRepublic's Tom Merritt  walks us through the "Top 5" uses of blockchain in the following video. The accompanying post lists the following 5 use cases:
  • Stocks
  • Shipping
  • Diamonds 
  • Livestock 
  • Law

What's missing? 

Stocks use case is actually limited to Initial Coin Offerings (ICOs). For more on an overview of ICOs, check this article. However, the post excluded Linq's blockchain that allows for the settlement of private securities.

But on a broader note, the post excluded the financial industry altogether in terms of being a forerunner for the use of blockchain. Following the hype-cycle, one of the early areas of interest for the use of the permissioned blockchain were financial institutions. It seemed like every week that a company joining the R3 Consortium.


However, since that initial fervor, a number of players, such as Goldman Sachs, Santander, Morgan Stanley and the National Australian Bank, have left the consortium.

Why?

The problem lies in understanding the actual business case for the permissioned blockchain (for the differences between public and private/permissioned, see this post). The permissioned blockchain helps parties to have a common view of transactions that they have transacted with each other via a shared ledger database. With the use of digital signatures, it incorporates authorization into this as well, so in addition to sharing information, it also enables the ability to "sign-off" on that information.

The banks could decide that they would use such a framework to make it easier to settle payments, however, how do they keep things private such as pricing and other data? This is something that needs to be sorted out but points to a bigger question as to what is the strategic advantage of blockchain for FIs. That is, this exponential technology doesn't lead to cost savings like robotic process automation or strategic insights like big data analysis.

And that's why I think something like shipping or supply chain more broadly is a much better beachhead for blockchain. With multiple partners involved in supply chain, have a shared database enables the partners to see where things are at between the wholesaler, shipper, and retailer, enabling each partner to get better insights into movement of goods and other business information. Such a system would allow for creative ways to settle payments or even enhance the ability of retailers to design consignment contracts with wholesalers. For example, BestBuy is marketplace (e.g. Brainydeal is one such retailer) within its retail front requiring such coordination. The one caveat, however, is to ensure that (cheaper) existing technology doesn't actually do this already. After all, shared databases are not a novel concept.

I would contend that legal would be a great place for the blockchain to expedite paperwork - more so than supply chain. However, such technology would be fought tooth and nail by lawyers. And they have unlimited resources to fight such technology in the courts. Also, politicians have little incentive to look into such advances as most of them are lawyers, depend on lawyers or have friends who are.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else.

Tuesday, October 3, 2017

Should drone inventors have thought about this risk?

Came across this article on Wall Street Journal about how the wedge-tailed eagles have turned out to be the drones worst nightmare. Here are some videos that illustrate the problem:



Being someone who works on innovation as the GRC Strategist - risk is something that I think about daily. Of course, you need need to be prudent and make sure that you've documented. All the known risks and have a plan and how to mitigate them.  For example, you should patch your software when the vendor tells you there is an issue.

But how could drone inventors possibly think about the risk formula about the impact and likelihood of eagles tearing up your drone?

It's a good illustration of how innovation requires taking risks of which you will only encounter when actually deploying innovation into the real world. They're just some things that literally will fall out of the sky that you didn't think of and a workaround will need to be designed after the fact.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else

Monday, October 2, 2017

What can driving algorithms tell us about robo-auditors?

On a recent trip to the US, decided to opt for a vehicle with the sat-nav as I was going to need directions and wanted to save on the roaming charges. I normally rely on Google Maps for guiding me around traffic jams but thought that the sat-nav would be a good substitute.

Unfortunately, it took me on a wild goose chase more than once – to avoid the traffic. I had blindly followed the algorithm's suggestions assuming it would save me time. I ended up being stuck at traffic lights waiting to a left-turn for what seemed like forever.

Then I realized that I was missing was that feature in Google Maps that tells you how much time you will save by taking the path less traveled. If it only saves me a few minutes, I normally stick to the highway as there are no traffic lights and things may clear-up. Effectively, what Google does is that it gives a way to supervise it’s algorithmic decision-making process.


How does this help with understanding the future of robot auditors?

Algorithms, and AI robots more broadly, need to give sufficient data to judge whether the algorithm is driving in the right direction. Professional auditing standards currently require supervision of junior staff – but the analogy can be applied to AI-powered audit-bots. For example, let’s say there is an AI auditor assessing the effectiveness of access controls and it’s suggesting to not rely on the control. The supervisory data needs to give enough context to assess what the consequences of taking such a decision and the alternative. This could include:

  • Were controls relied on in previous years? This would give some context as to whether this recommendation is in-line with prior experience.
  • What are the results of other security controls? This would give an understanding whether this is actually an anomaly or part of the same pattern of an overall bad control environment.
  • How close is it between the reliance and non-reliance decision? Perhaps this is more relevant in the opposite situation where the system is saying to rely on controls when it has found weaknesses. However, either way the auditor should understand how close it is to make the opposite judgment.
  • What is the impact on substantive test procedures? If access controls are not relied on, the impact on substantive procedures needs to be understood.
  • What alternative procedures that can be relied on? Although in this scenario the algo is telling us the control is reliable, in a scenario where it would recommend not relying on such a control.

What UI does the auditor need to run algorithmic audit?

On a broader note, what is the user interface (UI) to capture this judgment and enable such supervision?

Visualization (e.g. the vehicle moving on the map), mobile technology, satellite navigation and other technologies are assembled to guide the driver. Similarly, auditors need a way to pull together the not just the data necessary to answer the questions above but also a way to understand what risks within the audit require greater attention. This will help the auditor understand where the audit resources need to be allocated from nature, extent and timing perspective.

We all feel a sense of panic when reading the latest study that predict the pending robot-apocalypse in the job market. The reality is that even driving algos need supervision and cannot wholly be trusted on their own. Consequently, when it comes to applying algorithms and AI to audits, it’s going to take some serious effort to define the map that enables such automation let alone building that automation itself.

Author: Malik Datardina, CPA, CA, CISA. Malik works at Auvenir as a GRC Strategist that is working to transform the engagement experience for accounting firms and their clients. The opinions expressed here do not necessarily represent UWCISA, UW, Auvenir (or its affiliates), CPA Canada or anyone else