Beyond open banking: transforming the audit process

With their popularity growing among consumers, open banking payments are predicted to increase by more than 460 per cent  by 2024. As user interaction improves and costs are reduced, many merchants in the UK are adding open banking to their payment mix.

Under PSD2 legislation, open banking allows banks to make their personal customers? account data available via APIs to authorised payment service providers. The main premise of open banking  is that data belongs to the customer and not the bank. Therefore, banks are now required to release this data to any regulated third party, as long as the customer has requested it and given their consent - the consumer is in full control.

What if the principles and technology of open banking were applied beyond consumer finance to corporate banking data?

Audit firms would be able to request account data within a secure platform, and their client could quickly authorise its release with ?no waiting, hassle or chasing?. Auditors could then download transactions from their client's banks, and new opportunities and benefits would open up - from continuous auditing to increasingly sophisticated data analytics.

In its recent agenda item, Technology Disruption in Audit and Assurance, the International Auditing and Assurance Standards Board (IAASB) cited ?API access to third-party data? as one of the five enablers of real-time auditing. Audit engagements could be spread throughout the year, with a ?continuous check on controls and payment cycles, verification of transactions when they occur, and earlier warning of risks?.

Data access via banks? APIs would provide more reliable audit evidence than, say, paper-based statements or spreadsheets submitted by the client. Such evidence is open to abuse, as the Wirecard fraud demonstrated. The FT exposed the problem in June 2020, describing how the auditor ?failed for more than three years? to request crucial account information from Singapore's OCBC Bank, where Wirecard claimed it had up to ?1 billion in cash. Instead it had relied on documents provided by Wirecard.

In a Journal of Accountancy podcast on audit evolution, Jennifer Burns of the American Institute of Certified Public Accountants (AICPA) discussed her organisation's latest statement on audit evidence, which addresses auditors? use of ?automated tools and techniques such as audit data analytics, AI, or robotic process automation as a means to obtain audit evidence?. She explained how these tools and techniques can interrogate entire data populations, using that information 'to transform how we assess risk, which is the foundation of our audit, and help us understand what we need to test and how to test it?.

 Auditors can request banking data from multiple sources and consolidate them into a single, comprehensive dataset. The audit team can then move from sampling to checking everything, running data analytics algorithms to identify any discrepancies in the data and generate more productive insights.

In order to test open banking for ourselves, we ran a three-month pilot with a carefully chosen group of auditors, their clients, and those clients? UK banks. Auditors requested their clients? consent to access selected bank accounts and transactions for up to 12 months prior to the consent date. The feedback we received from the pilot audit firms was very positive - they were able to use their clients? transactional data to run analytics tests, enriching and expanding their audit process and improving overall audit quality.

This experiment convinced us that adopting open banking techniques can transform the audit process - helping to make continuous auditing a reality, enhancing audit evidence, leveraging AI and data analytics to promote quality, and giving auditors the time and space to apply their skills and judgment to increasingly complex problems.

For more information on Confirmation or our open banking solution, feel free to contact me at Caroline.Winch@thomsonreuters.com.

Area of expertise:

Webinar - Letting go of Legacy IT systems in 2021 - 27 October 2021

Join our expert panel, led by Confirmation, part of Thomson Reuters as they discuss the survey data, the challenges and opportunities banks face when adopting technology, where they are prioritising and how they are implementing technology transformation.

Book now Read more