NQ magazine, April 2019

NQ magazine April 2019

P20

THE VOICE OF ALL NQs Contact us

email: graham@pqaccountant.com twitter: @pqmagazine facebook: @pqmags call: 020 7216 6444

AUDIT REFORM Exposure of audit firm culture can curb poor practices

CRYPTOCURRENCY

ALL THE NEWS YOU NEED

P22

and a whole lot more Pages 4, 5, 6 and 7

BE PREPARED!

FIGHTING CRIME Why we should all be more vigilant about money laundering Page 10

AUDIT BY DRONE

How PwC took to the skies for a particularly problematic audit Page 12

HOW ACCOUNTANTS CAN DEVELOP THEIR SKILLS TO SURVIVE AND THRIVE IN A CHANGING WORKPLACE P16

22

CRYPTO ASSETS

NQ Magazine April 2019

How bitcoin and blockchain are changing global business

SOFTWARE THAT MAKES A DIFFRENCE How AccountancyManager can help you work smarter

P26

Stay a step ahead with Xero Advisor Equivalency Having a sound knowledge of cloud accounting software is invaluable in a competitive job market. Get the Xero Advisor Equivalency Certificate and stand out from the crowd. To get started, speak to one of these education providers or accounting bodies – ACCA, ICAEW, AAT, ICB, IAB, Kaplan, Avado, Premier Training, First Intuition, The Career Academy or Reed.

COMMENT

NQ magazine EDITOR’S COMMENTS

The future is here! So, blockchain has arrived! One of our lead stories this month is all about ICAS using PwC’s Smart Credential platform to issue digital certificates. Newly qualifieds will now be able to create their own electronic wallet in a secure electronic environment. It doesn’t end there, of course, as KPMG’s David Ferbrache outlines the 10 cyber security trends we can expect to see in the coming months (page 14). Professor Prem Sikka is also on hand (page 20) to explain why audit has to change. It was recently announcement that the FRC is to become the Audit, Reporting & Governance Authority (ARGA). And UK Business Secretary Greg Clark has said the government will start work on new laws to overhaul Britain’s audit market this year. The move will come as a blow for the Big 4 as part of that proposed legislation could be the separation of their businesses. At the very least, it will mean they have to deal with a new regulator with harsher sanctions at its disposal. The accountancy sector and many smaller professional bodies have also been accused of being too focused on representing their members rather than looking after money laundering supervising standards. By the OPBAS no less. In this issue (page 10) ACCA explains why it is working hard to ‘flag it up’. Graham Hambly, Editor (graham@pqaccountant.com)

NUMBER CRUNCHING

100

Chartered Institute of Management Accountants celebrates its centenary this year P4

669,855

Number of new companies formed in the UK in 2018 P6 Amount £40m KPMG invested in a technology platform for its SME initiative – that it has now scrapped P7 working in 23% Those accountancy who were suspicious about potential money laundering in the last year P10

£16bn The net savings to UK businesses of using drones by 2030 P12

£355,000

Figure PwC billed BHS in audit fees in the final year of the retailer’s life. It received £2,859,778 in non-audit fees from BHS in the same period P20

NEWS

HMRC uses its new powers to hunt out tax evasions Bruce Cartwright

Blockchain your certificates

ICAS has revealed it is trailing the use of blockchain technology to issue digital certificates to its newly qualifieds, with the help of PwC and its Smart Credential platform. All staff who have qualified with ICAS at the Big 4 firm in the past two years are being given access to a virtual wallet. This allows owners complete control over sharing their professional credentials digitally, reducing exposure to fraud. ICAS CEO Bruce Cartwright said: “Our newly qualified members involved in this trial can now take control of their personal data by replacing the paperbased certificate with a secure digital version. Not only this, but the technology allows instant verification of their credentials, putting an end to the backand-forth involved in establishing good standing and ensuring our members can get on with their jobs.” Steve Davies, global blockchain leader at PwC, explained: “The ability to prove your identity online is critical in today’s digital world and the same is true of the qualifications you hold.” He admitted that, like many others, he takes pride in the certificate hanging on his wall – but you cannot take it down and share it when you need to! However, the demand for verified, trusted and irrefutable identities from many different types of organisations is rising. Potential employers, in particular, want to ensure that an applicant holds the credentials listed on their CVs.

PwC goes top again PwC has retaken its FTSE 100 client crown from KPMG. Figures from Adviser Rankings also show with Hikma Pharmaceuticals and Hiscox PwC has 29 FTSE 100 clients, one more than KPMG. Rival KPMG lost 12 clients between November 2018 and February this year, while PwC added three clients to its list. That means PwC now audits 363 FTSE-listed companies compared to KPMG’s 358. 4

HMRC has launched its first investigations using new corporate money laundering powers. The taxman is apparently investigating a handful of cases (fewer than five) under the corporate criminal offence of failure to prevent the facilitation of UK tax evasion, which was introduced in the 2017 Criminal Finances Act. If found guilty the offenders face unlimited fines and orders for confiscation of assets. As a strict liability offence, companies can be convicted even if they claim the actions were of one rogue employees.

New accountancy watchdog unveiled A new ‘enhanced regulator to transform the audit and accounting sector has been unveiled by Business Secretary Greg Clark. The Financial Reporting Council is being replaced with a new watchdog – the Audit, Reporting and Governance Authority (ARGA). The UK government, in the guise of the Department for Business, Energy & Industry Strategy, said it now wants a new regulator with a new mandate, new leadership and stronger statutory powers. It has published a consultation for implementing these reforms and intends to move swiftly to implement the reforms and overhaul the sector. Recruitment for the new chair and deputy chair has been launched immediately. In the interim period until the new regulator is in place, the government will be working with the FRC taking forward 48 of the recent independent review’s recommendations. It hopes these will address the shortcomings identified by Sir John Kingman, such as the lack of transparency and to reinforce work to enhance enforcement activity.

No-deal Brexit expected Almost three-quarters (73%) of finance professionals believe that a no-deal Brexit is a ‘very’ or ‘quite’ likely outcome, according to a new survey from ICAS. Just over half (56%) of those surveyed said that their organisation is prepared for a no-deal Brexit. Only around one in three, however, believe that the UK will formally leave the European Union on the appointed date of 29 March.

HAPPY

CIMA

Earlier this month (on 8 March to be precise) the Chartered Institute of Management Accountants celebrated its 100th birthday. To mark the official anniversary date, CIMA is launching an official history book. Its President, Steven Swientozielskyj, said: “In 1919, a new breed of accountant was created to help industry leaders deal with the challenges of the early 20th century. One hundred years later CIMA members and students are at the cutting edge of finance, guiding decisions makers and driving business transformation.” You can check out the book at: https://tinyurl.com/yymzsnrq The Institute of Cost Accountants have come a long way! NQ Magazine April 2019

NEWS

IFRS 16 in the real world

Rooting for vegans

Tesco says changes to accounting standards will result in a big increase in Tesco’s debt, but in reality it will have “no economic impact” on the group. It told a briefing of analysts and investors that the standard will also have no effect on how the business is run, or on cash flows. It does, however, have a significant impact on the way the assets, liabilities and the income statement of the group are presented. The headline impacts of IFRS 16 on Tesco’s statements can, it told the briefing, be summarised as: • Group operating profit increases by £188m to £1,121m as rent is removed and only part-replaced by depreciation. Group operating margin increases by 59 basis points to 3.53%. • Net assets are reduced by £1.4bn to £13bn, as a ‘new’ lease liability of £10.6bn and the ‘new’ right of use asset of £7.8bn are recognised. • Total indebtedness increases by £3.3bn to £15.8bn due to lease extensions and contingent commitments being included and leasespecific discount rates being applied. Meanwhile, HSBC’s adoption of IFRS 9 on 1 January 2018 has reduced the bank’s net assets by £1bn. The biggest change was a decrease of £1.68bn from additional impairment allowances. There was also an increase in net deferred tax assets of £0.3bn.

At the start of the year some 500 PwC staff took part in the Veganuary Workplace Challenge. They were emailed with recipe ideas and also received a 10% discount on ‘Veganuary’ dishes in the staff restaurants. PwC’s chief sustainability officer, Bridget Jackson, said: “Our approach is all carrot and no stick – we know veganism might not be everyone’s taste, so our approach is about promoting curiosity about different foods and their impact. Research has shown that 4% of PwC employees are vegan (nationally it’s 1%), some 14% are vegetarian, and a further 39% are ‘flexitarian’ and are seeking to reduce the amount of meat they consume. ‘Vegan Curious’ is the latest stage in the firm’s Peas Please campaign, which encourages a sustainable diet and is part of a broader approach to support wellbeing. PwC joined the campaign 18 months ago. Together with its catering service, the firm has set a new commitment to increase spending on vegetables in its restaurants to 25% in 2020.

NEWS

Going concern to get ‘stronger’ according to FRC Auditors need to show that they have robustly challenged management’s assessment of going concern, say new proposals from the FRC. The watchdog is proposing to increase the work required of auditors when assessing whether an entity is a going concern. The consultation on important revisions to International Standard on Auditing (ISA) (UK) 570 ‘Going Concern’ follows concerns about the quality and rigour of audit, and the well-publicised corporate failures where the auditor’s report failed to highlight concerns about the prospects of entities that collapse shortly after, as well as findings of recent FRC enforcement cases. The FRC said it needed “auditors to make a greater effort to robustly challenge management’s assessment of going concern, thoroughly test the adequacy of the support evidence, evaluate the risk of management bias, and make greater use of the viability statement”. In addition, it wants to see an improved transparency with a new reporting requirement for the auditor to provide a conclusion on whether management’s assessment is appropriate, and set out the work they have done in this respect. Finally, the FRC is introducing a stand back requirement to consider all of the evidence obtained, whether corroborative or contradictory, when the auditor draw their conclusions on going concern.

New challengers for auditor work Tech firms look set to challenge the traditional audit firms’ dominance of the audit market, says new analysis from Source Global Research. It is predicting that many FTSE 100 companies are looking to break down their audit into different component parts, and the tech firms are favourites to get a piece of the action when this happens. Source found a third of executives are already splitting their audit work to some extent, while 44% said they are weighing up such options ‘right now’. The worry for accountancy firms is that nearly two-thirds of executives think tech firms would do a better job of automating their financial processes. They also think they will be able to gather data faster and at a lower cost than external accounting and audit firms. Source’s Fiona Czerniawska said: “When clients decide to split a professional service it paves the way for change in the competitive landscape, and that’s what is happening in audit at the moment.” So who could be the competition in the future? The Accentures and IBMs of this world are one group, and even Amazon and Google have been put in the frame. One of the Big 4 firms seems to be doing better than the others in this area. Just over half (52%) of those surveyed felt Deloitte was the best positioned to deliver when it comes to technology. That’s way ahead of KPMG (22%) and EY (18%).

A temporary fix The government’s digital services tax (DST) on digital companies should be a temporary measure and ideally last no more than five years, says the Chartered Institute of Taxation. The Institute wants the DST repealed as soon as there is a multilateral agreement through the OECD on a global method to tax such companies on the value created by users. The CIOT’s Glyn Fullelove said given the nature of the tax a pragmatic approach is required in order for it to be implemented effectively. “This is because revenue taxes such as this are a blunt instrument that cannot accurately represent the tax on the profits related to user based value on all businesses on which it is imposed,” he explained. That means, inevitably, some companies will be over-taxed and others under-taxed! Fullelove said that many companies will not have the necessary information to arrive at a precise answer to how much DST they should pay. So in practice the government will have to rely on companies to arrive at a ‘best estimate’ of the amount of the DST payable, based on a just and reasonable estimate of the UK revenues liable to DST.

IN BRIEF

6

Whistleblowing heaven

KPMG inquiry widens

Gradual progress

The US IRS has reported it collected a record-breaking $1.441bn in taxes, penalties and interest thanks to information provided by whistleblowers. That’s up from $190m in 2017. The IRS said that whistleblowers had received $112m in awards, an increase from $33m provided in the previous year. One group of whistleblowers who exposed significant corporate tax evasion and were awarded $62m dollars.

The FRC is extending its investigation into the preparation, approval and audit of the financial statements by KPMG of Carillion plc, to include certain matters relating to the financial statements for the year ended 31 December 2013. The FRC announced in late January 2018 its investigation into KPMG’s audit for the years 2014, 2015 and 2016, and additional audit work carried out during 2017. Former Carillion group FDs Zafar Khan and Richard Adam are also under investigation.

The UK has made ‘gradual progress’ on the Women in Work Index, rising to 13th place this year, according to the PwC report. The Big 4 firm said that increasing the UK’s female employment rate from 57% to Sweden’s 69% could boost GDP by £178bn. Scotland, the South West and Wales rank as the top three regions based on five key indicators of female economic empowerment. The bottom two places in the UK are occupied by the East and West Midlands, primarily due to high female unemployment rates. NQ Magazine April 2019

NEWS

KPMG closes small business service

Strengthening the Stewardship Code

KPMG Enterprise is to close its small business accounting service, five years after it promised its cloud-based platform would ‘disrupt and dominate the SME market’. The Big 4 firm invested £40m into the technology platform, which it promised would deliver the accounting services to small and micro-businesses affordable prices. It appears the firm has now written to all its current customers to tell them they need to find ‘alternative arrangements’. A KPMG spokesman said: “We can confirm that we are proposing to withdraw the provision of our small business accounting service in the UK, which offers cloud-based bookkeeping to small and micro-businesses.” KPMG obviously doesn’t see this as a growth area, and is re-focusing the business on services that are core to the firm. A small number of staff (there were 200 working on this) will be used to manage the handover to alternative suppliers.

Partner ‘pay envy’ may have moved to medium-sized accountancy firms, following the announcement of the new average salary levels at BDO. This means the average pay per partner for BDO’s 196 partners now stands at £531,000. It is being reported that this is the first time that partners at a mid-tier firm have out-earned one of the Big 4 firms. Just so you know, the biggest earners work for Deloitte, where average partners’ pay was £832,000 last year. The PwC average is £712,000 and at EY partners received £677,000. BDO is number six in the accountancy firm league table. It achieved revenues of £464m, a rise of 9% year-on-year.

HM RC

Lloyds appoints new finance director

Lloyds Banking Group has signed up a new FD is the form of William Chalmers. A long-standing banker at Morgan Stanley, he will pick up a basic salary of £794,938 plus a fixed share award of £504,000, delivered over five years. Chalmers is also being paid a ‘golden hello’ of £4.4m when he starts in June. What we can’t work out is if he is a qualified accountant! We know he has a degree in economics and then went to Harvard Law School before being admitted to the New York Bar.

Enquiries & Powers

SPECIALIST NEWSLETTER (6 ISSUES PER YEAR)

The go-to publication if your clients have an investigation or enquiry hmrctaxinvestigation.co.uk For more information go to https://hmrctaxinvestigationco.uk/

YOUR CAREER

Leaders of the

pack

8

NQ Magazine April 2019

YOUR CAREER

Are you ready for the new world of finance? Peter Simons of the AICPA outlines the challenges that lie ahead, and how you can tackle them

A

s a newly qualified accountant you will already be in, or about to join, an organisation coping with a significant pace of change and business transformation. New and emerging technologies are disrupting traditional ways of doing things and to come out ahead organisations are changing their operating models and how their finance teams work. In this environment, finance professionals are quickly moving away from focusing on governance and compliance roles to putting a greater emphasis on business strategy and guidance. Earlier research with Oracle, showed us that teams which take an ‘agile’ approach, have been taking advantage of cloud technologies to improve efficiency, centralise process management and expertise, and update skillsets. They are also better at using analytics to improve the quality of management information and business partnering, freeing up time to focus on strategy and guidance. It demonstrates that to get ahead and stay ahead, businesses and finance professionals need to have a good understanding of the ever-evolving working environment, be ready to take full advantage of new technologies, and keep up with digitisation if they are to avoid the risk of failing. As a build on this earlier work with Oracle, we recently partnered again to launch Agile Finance Unleashed, a report that looks at how businesses are coping with digital transformation. It looks at how business models are changing in the digital age and how finance functions are changing. This new report identified three dimensions that are critical in driving finance transformation and becoming Digital Finance Leaders:

NQ Magazine April 2019

1 Operational Excellence – improving the efficiency and effectiveness by driving process automation. 2 Digital Intelligence – using financial and non-financial to support innovation and business agility e.g. using AI to uncover hidden patterns. 3 Business Influence – using the role of business partnering to drive strategy and performance. Our research highlights that there is a relationship between how digitally savvy a business is and their revenues. For example, only 29% of businesses that aren’t Digital Finance Leaders achieve their projected revenue targets while nearly 50% of businesses, which have a finance team that has a high level of digital understanding, achieve theirs. Most company leaders know that their finance teams are the ones to go for information and guidance on managing risks and recognising opportunities. However, only 15% of Digital Finance Leaders questioned in the report believe their finance teams have strategic awareness of new technologies and are able to drive the new digitally based business models. And only 10% felt their finance teams have the skills they need to support the entire business’s transformation goals – worryingly, the report also reveals that most firms are experiencing challenges because of additional issues with structure and system capabilities. The report did however, show just over a third of companies are Digital Finance Leaders and have achieved progress in their digital transformation. So, what does all of this mean for you? As a finance professional, you can support your team’s digital transformation by understanding the skills you need to gain and share these insights with colleagues. You can also access a full catalogue of continuous

professional development courses (CPD) provided on our CGMA store (you don’t have to be a CIMA member to use it) as well as a library of free resources and tools to help develop your digital mind-set. We focus on giving you all the tools you need to keep pace with current and future changes: ● Our Future of Finance research identifies the digital skills needed by management accountants to harness the full power of technology and succeed throughout their careers in the digital world. ● Our free to members 2019 Digital Mindset Pack, worth £225 (nonmembers can purchase for £285), includes more than six hours of learning on hot topics, from data analytics to cybersecurity, to help you gain essential skills and competencies for the new world of finance. ● Our updated 2019 CGMA Competency Framework puts a greater emphasis on digital skills to help futureproof your career. ● Our Human Intelligence Series details all the leadership and emotional intelligence skills you will find useful and valued by employers. Today, career success comes from the ability to learn, unlearn and relearn and CIMA is here to help you through that life-long process. In the meantime, during your day-to-day work, if you come across routine tasks and processes that could be improved by new technologies, don’t be afraid to highlight them. It’s an opportunity for you to support your business’s digital NQ transformation. ● Peter Simons is Associate

Technical Director of Research – Management Accounting at the Association of International Certified Professional Accountants 9

MONEY LAUNDERING

Flagging up

the risks A recent poll conducted by ACCA and the Law Society of accountants in the UK makes interesting reading, says Maggie McGhee

N

ewly qualified accountants need to be very attuned to anti-money laundering (AML) legislation, especially in the modern globalised and digital age. It’s an issue the profession needs to be hypervigilant about, especially as there are clear rules and legalities about what should be done if suspicions are raised. The Flag it Up campaign rightly asserts that money laundering is a dirty business, with criminals using a wide range of ways to wash their cash. This on-going campaign works in partnership with UK government, the accountancy, legal and property sectors to drive professionals’ engagement with best practice in due diligence and Suspicious Activity Reports (SARs). ACCA supports Flag It Up, and has been working with other professional bodies such as the Law Society to raise awareness and understand better

10

where the gaps are with understanding. Recently, ACCA and the Law Society liaised with Flag It Up on a snapshot poll among 200 professionals working in the legal and accountancy professions. This poll found that while complying with AML regulations is high on their agenda, the majority of professionals are worried about becoming a target for criminals looking to exploit their professional skills and services to enable money laundering. Thankfully, the poll also reveals a strong belief among respondents that AML legislation and processes to prevent criminal activity are highly important. Accountants and lawyers also see AML legislation as a vital means to safeguard the reputation of the legal and accountancy professions. The impact of money laundering on society is devastating, and the

accountancy and legal professions are often the first to have concerns and suspicions raised. In this context, it’s important to understand the legal and regulatory difference between a concern and a suspicion. If an accountant has a suspicion about activity – if they see a ‘red flag’ – then they need to alert the National Crime Agency; they are unable to tell the client and must not ‘tip off’, especially after a SAR has been made. Tipping off is an offence under the Proceeds of Crime Act (POCA). What we have to remember is that most criminal activities involve money laundering, from the drug trade to tax evasion, firearms offences and also corruption. These are often linked. So the accountancy and legal professions need to be aware of the red flags – such as the structure of a business; or whether a client has taken steps to

NQ Magazine April 2019

MONEY LAUNDERING

hide their identity. However, the poll also shows that over the past year cause for suspicion around money laundering by clients is low – it suggests that only 23% of those working in accountancy were suspicious once about potential money laundering in the last year, with 22% saying they have not had any suspicions. For ACCA, the Flag It Up campaign is a reminder for the accountancy and legal professions to see the risks ahead especially when it comes to client relationships. Tackling money laundering is a multi-disciplinary effort between the relevant professions, banks, and government agencies – we all need to work together to tackle money laundering and be aware of the threats. For this recent campaign, the Professor of Economic Psychology NQ Magazine April 2019

at the London School of Economics, Dr Michael Muthukrishna, added the psychology angle about tackling money laundering. He echoed the fact that accounting and legal professionals need to remain alert to the warning signs of money laundering, adding that they need to be mindful of the potential cognitive and cultural barriers that could detract them from taking action and submitting a full and useful SAR. Dr Muthukrishna says: “Our minds work less like computers and more like simulators. Most of the time we see what we expect to see based on our past experience and motivations, but we also know when something in our simulation seems wrong. When our expectations are violated, a section of our brain tells us that something in our model of the world needs to be fixed. We feel suspicion as a gut feeling of

slight distress or unease. To ease this feeling, we seek out information that will once again leave us able to predict the world. In this crucial moment, various cognitive biases can lead us from suspicion to carrying on with our day rather than filing a SAR.” What’s important to remember here is that suspicions have to be handled in the right way – there is a requirement to report suspicious activity, but not to investigate; investigating is the responsibility of law enforcement, and not the accountant. Ultimately, Flag it Up is all about the profession working in the public interest in a very tangible way, to ensure trust is sustained in the work that accountants NQ do, day in and day out.

● Maggie McGhee is executive

director – governance at ACCA 11

DRONE TECHNOLOGY

Taking stock –

in the skies PwC has completed its first stock count audit using drone technology. Here’s how

I

n a global first for the firm, PwC UK has undertaken a stock count audit using a drone. This is all part of PwC’s wider drive to harness emerging technologies to enhance audit quality and efficiency and transform the audit process. The drone, which was manufactured and operated by QuestUAV, was used to capture over 300 images of the coal reserves at one the UK’s last remaining coal-fired power stations, Aberthaw in South Wales. The images from the drone were used to create a ‘digital twin’ of the coal pile in order to measure its volume, The value of the coal was then calculated to within 99% accuracy based on that volume measurement. PwC audit partner Richard French said: “Coal stock has a material value on RWE’s balance sheet, so we carry out an annual stock observation and evaluation as part of our audit process. We observe the manual coal count carried out by RWE’s external surveyor, then assess the resulting data, which feeds into the financial statements. The traditional stock method involves climbing over the coal pile and using a twometre GPS tracking pole to measure the area and elevation from the ground at various points. The data is then used to build a contour of the reserves and estimate its volume.” French explained that while the traditional method remains reliable and will still be used for RWE’s formal yearend financial statements, the drone trial was conducted to explore ways of challenging the traditional method of stock counting. “It was a classic example of new technology challenging the old – and based on our results, the potential is groundbreaking,” he pointed out. The main objective of the drone flight was to assess the accuracy, efficiency and logistical benefits of using drones when compared with traditional surveying methods. Initial

12

findings from the project concluded that: ● The traditional method of manually traversing the coal pile can take around four hours, whereas using a drone it can be done in half-an-hour – a reduction of 85%. ● The drone captured some 900 data points per cubic metre, obtaining impressive overall accuracy levels of 2cm. This compares with the 1,200 readings taken across the whole site using the traditional method. That means the drone enhances accuracy by providing a true, continuous representation of the coal pile. ● The preparation for the drone flight requires access to only a limited area of the coal pile and therefore poses less of a health and a safety risk, particularly when parts of the coal pile are unstable. ● The flight does not interrupt normal operations on the coal pile, for example movement of machinery, and so is a less disruptive method. The team viewed the drone data via PwC’s Geospatial app, a visualization tool that helps the audit team interrogate data about the inventory on site. It found the operational benefits of using the drone included: ● More efficient monitoring and management of the Aberthaw site, which covers a total area of 200 hectares (for example how to best store the coal to free up the most space). ● Improved knowledge on the landscape around the site using aerial images, for example for vegetation management. ● Providing valuable insights on the health and maintenance of the wider power station assets. While on site the multi-rotor drone was used to take photos of the wider site, allowing RWE to inspect the condition of assets that are high up and otherwise difficult to access. This, says PwC, is just one other use to demonstrate the benefits drones can have for businesses. PwC’s UK drone leader, Elaine Whyte, added: “Sectors with large assets in hard to reach areas are the most obvious starting points for expanding this kind of work further – from mining to agriculture and forestry.” She pointed out that a recent PwC report showed that drones have the potential to not only improve UK productivity, but to offer significant net cost savings for businesses to the NQ tune of £16bn by 2030. ● Check out PwC’s report, entitled ‘Skies the

limit: the impact of drone on the UK economy’. This article first appeared in the April 2019 issue of PQ magazine NQ Magazine April 2019

ROBOTICS

How do you audit a robot? AI is here to stay: what is vital is how organisations manage and control their ‘robots’, says Henry Irving

W

hen we talk about ‘robots’ people might think of humanoid, C3PO-like figures. But the robots taking over many aspects of modern workplaces are better explained as robotic process automation (RPA) – software that can be programmed to do basic, repetitive tasks. This has been part of many organisations for decades, but increasing levels of adoption, combined with the development of artificial intelligence, mean it is now one of the key issues for many businesses to consider. One aspect has hitherto been neglected: how do you audit robots? The benefits of automation are evident. It can reduce cost, help eliminate errors and increase profitability. As wasteful manual processes are replaced by automated ones, margins can increase. Robots can execute processes that otherwise take up thousands of staff hours – freeing up skilled employees to work on more complex, added-value work – but are also scalable, meaning it is easier to cope with increased demand. For example, they can be deployed 24/7 if necessary. Moreover, automation offers a secure alternative to outsourcing or offshoring as it does not create potential supply chain problems and is more easily subject to internal controls. But there are inherent risks to increasing automation, and auditors need to develop ways to provide assurance they are being managed to an appropriate level. One issue is how many robots an organisation can realistically manage. Multiple departments creating and maintaining their own robots, with varying standards of risk and control, could mean a fragmented – and potentially vulnerable – business, and IT departments cannot be responsible for them all. Strong internal governance frameworks, perhaps with centralised oversight, would be key to ensuring this does not become a business risk. Another is how to decide which processes are suitable for automation. Internal auditors need to consider areas where NQ Magazine April 2019

levels of subjectivity, complexity or variability mean it is better to have people in charge. Even the best AI cannot yet ‘think’ like humans, mixing instinct and intuition with logic. They can’t make ‘common sense’ checks, and do not assess irregularities or anomalies in the same way. Nor can they spot where something operationally useful might be socially or ethically disastrous. Finally, there is the issue of what happens when things go wrong. Robots strictly adhere to the ‘garbage in, garbage out’ principle. They operate as instructed, but if the information input is flawed robots can behave in surprising and unwelcome ways. This is amplified if there are not enough humans to operate processes manually when they go down. Automation acts as a form of leverage, enabling one person to oversee what would otherwise be the work of several, but if things go awry this can quickly become a business continuity issue. And afterwards, robots – unlike humans – cannot be interviewed retrospectively as to why they did what they did. All of this means it is it vital to have data governance and technical controls to ensure data integrity and security, and also that there is a ‘kill switch’, regularly tested, to immediately halt things in the event of a problem. Underlying all of this is how auditors can see how the robot is operating – in particular if it is learning. Data analysis, modelling and IT technical skills are becoming crucial for auditors to do this effectively. As RPA is increasingly implemented auditing around the computer is becoming less and less viable. Advances in robotics can drive businesses and boost productivity – a key worry for UK plc at the moment – but also raise challenges for auditors. RPA is in use right now. If auditors are to remain relevant they have work to do to keep up. NQ ● Henry Irving is head of ICAEW’s Audit Faculty This article first appeared in the March 2019 issue of PQ magazine 13

TECHNOLOGY

Ten tech tre

00110001 00101110 00100000 01000011 01101111 01101101 01101001 01101110 01100111 00100000 01101111 01100110 00100000 01100011 01111001 01100010 01100101 0111 01100101 01110011 00100000 01110111 01101001 01101100 01101100 00100000 01100011 01101111 01101110 01110100 01101001 01101110 01110101 01100101 00100000 0111 01101011 00100000 01101001 01101110 01100110 01110010 01100001 01110011 01110100 01110010 01110101 01100011 01110100 01110101 01110010 01100101 00100000 0110 01110100 01101000 01100101 00100000 01110000 01100001 01110011 01110100 00100000 01100110 01100101 01110111 00100000 01111001 01100101 01100001 01110010 0111 00100000 01010101 01010011 00100000 01101001 01101110 01110100 01100101 01101100 01101100 01101001 01100111 01100101 01101110 01100011 01100101 00100000 0111 01110011 01110011 01100101 01110011 01110011 01101101 01100101 01101110 01110100 00100000 01110011 01110101 01100111 01100111 01100101 01110011 01110100 0111 01110011 00100000 01101110 01101111 01110111 00100000 01101000 01100001 01110110 01100101 00100000 01100011 01111001 01100010 01100101 01110010 00100000 0110 01110011 00101100 00100000 01110101 01110000 00100000 01100110 01110010 01101111 01101101 00100000 01101010 01110101 01110011 01110100 00100000 00110001 0011 01101111 01110101 01101100 01100100 00100000 01110011 01100101 01100101 01101101 00100000 01110100 01101000 01100001 01110100 00100000 01100011 01111001 0110 01101101 01100001 01101110 01100100 01110011 00100000 01101000 01100001 01110110 01100101 00100000 01100010 01100101 01100011 01101111 01101101 01100101 0010 01101111 01100110 00100000 01100001 01101110 01111001 00100000 01101110 01100001 01110100 01101001 01101111 01101110 11100010 10000000 10011001 01110011 0010 00100000 01101010 01110101 01110011 01110100 00100000 01110100 01101000 01100101 01101001 01110010 00100000 01101001 01101110 01110100 01100101 01101100 0110 00100000 01010011 01100001 01100100 01101100 01111001 00101100 00100000 01110111 01100101 00100000 01101101 01100001 01111001 00100000 01110011 01100101 0110 01101100 01101100 01100101 01100100 00100000 01100001 01101110 01100100 00100000 01101111 01100011 01100011 01100001 01110011 01101001 01101111 01101110 0110 00100000 01100001 01110011 00100000 01100111 01100101 01101111 01110000 01101111 01101100 01101001 01110100 01101001 01100011 01100001 01101100 00100000 0111 01110100 01101111 00100000 01110010 01101001 01110011 01100101 00101100 00100000 01100001 01110011 00100000 01110111 01100101 01101100 01101100 00100000 0110 00100000 01101111 01110000 01100101 01101110 00100000 01100001 01110100 01110100 01110010 01101001 01100010 01110101 01110100 01101001 01101111 01101110 0010 01110011 00100000 01110000 01100001 01110010 01110100 00100000 01101111 01100110 00100000 01110100 01101000 01100101 00100000 01110000 01101111 01101100 0110 the censorship and removal of 01110100 01101001 01100011 00100000 01110010 01100101 01110011 01110000 01101111 01101110 01110011 01100101 00100000 01110100 01101111 00100000 01110100 0110 inappropriate content,01101111 however it 00001101 00001010 00110010 00101110 00100000 01001100 01100001 01100011 01101011 00100000 01101111 01100110 00100000 01100011 01101110 01110011 0110 00001101 00001010 01000011 01101111 01101110 01110011 01100101 01101110 01110011 01110101 01110011 00100000 01101111 01110110 01100101 01110010 00100000 0110 is defined. We will also see more 01110011 00100000 01101111 01100110 00100000 01100010 01100101 01101000 01100001 01110110 01101001 01101111 01110101 01110010 00100000 01101001 01101110 0010 automated targeting individuals 01101100 01101100 00100000 01110010 01100101 01101101 01100001 01101001 01101110 00100000 01100101 01101100 01110101 01110011of 01101001 01110110 01100101 0010 01100101 01100001 01110100 01101001 01101110 01100111 00100000 01101101 01101111 01110010 01100101 00100000 01101001interest 01101110 groups 01110100through 01110010 01110101 0111 and specific 01100100 00100000 01101100 01100101 01100111 01100001 01101100 00100000 01100110 01110010 01100001 01101101 01100101 01110111 01101111 01110010 01101011 0111 social media, whether that be 00100000 01110011 01100101 01100011 01110101 01110010 01101001 01110100 01111001 00100000 01100011 01101111 01101110 01100011 01100101 01110010 01101110 0111 01101110 11100010 10000000 10011001 00100000 01101111 01100110 00100000 01110100 01101000 01100101 00100000 01101001 01101110trolling 01110100or 01100101 tailored advertising, spear 01110010 0110 01100001 01101110 01100100 00100000 01100111 01101100 01101111 01100010 01100001 01101100 00100000 01100110 01101001 01110010 01101101 01110011 00100000 0111 phishing. The political debates about01100100 0010 01110011 01101001 01101110 01100111 01101100 01111001 00100000 01100110 01110010 01110101 01110011 01110100 01110010 01100001 01110100 01100101 01101111 01110010 00100000 01110100 01110010 01110101 01110011 01110100 00100000 01100001 01101110 01100100 00100000 01110011of01100101 01100011 01110101 0111 the appropriateness such activities 00100000 01110111 01100001 01110011 00100000 01100001 00100000 01110011 01110100 01100101 01110000 00100000 01101001 01101110 00100000 01110100 01101000 0110 will continue 2019 and beyond, 00100000 01100010 01110101 01110100 00100000 01101001 01110100 00100000 01100100 01101001 01100100 00100000 01101110 into 01101111 01110100 00100000 01110111 0110 01110010 01110100 00101100 00100000 01110111 01101001 01110100 01101000 00100000 01101101 01100001 01101110 01100011 01101111 but so01111001 will the00100000 build out of the tools 01110101 0110 01111001 00100000 01100100 01101001 01100110 01100110 01100101 01110010 01100101 01101110 01110100 00100000 01110110 01101001 01100101 01110111 01110011 0010 and infrastructure required to detect holding very different views on what Coming of cyber 01100101 01110011 00100000 01110100 01101000 01100101 00100000 01100011 01101111 01110010 01100101 00100000 01101111 01100110 00100000 01110100 01101000 0110 and takedown such content. the core of their national warfare 00100000 01110011 01100101 01100011 01110101 01110010constitutes 01101001 01110100 01111001 00101110 00001101 00001010 00001101 00001010 00110011 00101110 00100000 0101 10000000 10011000 01100110 01100001 01101011 01100101cyber 00100000 01101110 01100101 01110111 01110011 11100010 10000000 10011001 00001101 00001010 01010100 0110 security. 01110010 00100000 01110011 01110000 01100001 01100011 01100101 00100000 01101001 01110011 01101110 11100010 10000000 10011001 01110100 00100000 01101010 0111 Countries will continue to invest in00100000 01101001 01101110 01100110 01110010 01100001 01110011 01110100 The future in the01100011 01110100 0111 01101111 01101110 00100000 01101111 01100110 01110010is01110101 00100000 01110111 01101001 01101100 01101100 01100101 00100000of01100001 00100000 01100011 01101111 01101110 01100011 01100101 01110010 0110 attack infrastructure as they have 00100000 01100010Proliferation clouds 00101100 00100000 01101001 01110100 00100000 01101001 01110011 00100000 01100001 01101100 01110011 01101111 00100000 01100001 01100010 01101111 01110101 0111 over01100001 the past few years. The01110011 most 00100000 01100001‘fake news’ 01100101 01110010 01110100 01101110 01100100 00100000 01101101 01101001 01101110 01100100 01110011 00101110 00100000 0101 01101111 01110010 01100101 00100000 01100001 01110100 01110100 01100101 01101110 01110100 01101001 01101111 01101110 00100000 01100101 recent US intelligence worldwide New business models 01100010 are emerging to01101001 0110 00100000 01101110 01100101 01110111 01110011 11100010 10000000 10011001 00100000 01100001 01101110 01100100 00100000 01110100 01101111 00100000 01110100 0110 threat assessment suggests that 33 exploit the fl exibility offered by cloud battle for cyber space isn’t just 01110010 01100101 01101101 01101111 01110110 01100001The 01101100 00100000 01101111 01100110 00100000 01101001 01101110 01100001 01110000 01110000 01110010 0110 01101111 01110111 01100101 01100101 01110010about 00100000 01101001 01110100 00100000 01101001 01110011 00100000 01100100 01100101 countries now have 01110110 cyber attack solutions as firms continue to 01100110 migrate01101001 0110 disruption of infrastructure, 01110011 01100101 01100101 00100000 01101101 01101111 01110010 01100101 00100000 01100001 01110101 01110100 01101111 01101101 01100001 01110100 01100101 0110 capabilities, up from just 14 in legacy services while occasionally although that will be a concern 01101001 01110110 01101001 01100100 01110101 01100001 01101100 01110011 00100000 01100001 01101110 01100100 00100000 01110011 01110000 01100101 01100011 0110 01110000 01110011 01110100 01101000 01101111 01101000 01101111 01100011 01101001 01100001 01101100 0010 2012. So it00100000 would seem that cyber01110010for beginning to question the long-term many 01110101 nations,01100111 it is also about00100000 01110011 01100001 01110100 00100000 01100010 01100101 00100000 01110100 01100001 01101001 01101100 01101111 01110010 01100101 01100100 00100000 01100001 01100100 0111 forces and commands have become economics of doing so. Regulators will the battle for hearts and minds. 01100111 00100000 01101111 01110010 00100000 01110011 01110000 01100101 01100001 01110010 00100000 01110000 01101000 01101001 01110011 01101000 01101001 0110 an integral part of any nation’s armed agonise over the systemic risk that We expect to see more attention 01100100 01100101 01100010 01100001 01110100 01100101 01110011 00100000 01100001 01100010 01101111 01110101 01110100 00100000 01110100 01101000 01100101 0010 01100110 00100000 01110011 01100011 01101000being 00100000 01100001 01100011 01101001 01101001 01100101 01110011 0010 forces, not just their01110101 intelligence dependency on01110100 cloud providers creates paid to ‘fake news’01110100 and to01101001 01110110 01101111 00100000 00110010 00110000 00110001 00111001 00100000 01100001 01101110 01100100 00100000 01100010 01100101 01111001 01101111 01101110 01100100 0010 apparatus. Sadly, we may see these 01100010 01110101 01101001 01101100 01100100 00100000 01101111 01110101 01110100 00100000 01101111 01100110 00100000 01110100 01101000 01100101 00100000 0111 01110101 01110101 01110010 tools01100011 trialled01110100 and occasionally used01100101 00100000 01110010 01100101 01110001 01110101 01101001 01110010 01100101 01100100 00100000 01110100 0110 01101111 01110111 01101110 00100000 01110011 01110101 01100011 01101000 00100000 01100011 01101111 01101110 01110100 01100101 01101110 01110100 00101110 0000 in anger as geopolitical tensions 01101001 01110011 00100000 01101001 01101110 00100000 01110100 01101000 01100101 00100000 01100011 01101100 01101111 01110101 01100100 01110011 00001101 0000 01101100 01110011 continue to 00100000 rise, as 01100001 well as 01110010 a shift 01100101 00100000 01100101 01101101 01100101 01110010 01100111 01101001 01101110 01100111 00100000 01110100 0110 01101001 01100010 01101001 01101100 01101001 01110100 01111001 00100000 01101111 01100110 01100110 01100101 01110010 01100101 01100100 00100000 01100010 0111 towards open attribution of such 01110010 01101101 01110011 00100000 01100011 01101111 01101110 01110100 01101001 01101110 01110101 01100101 0010 01100001 01110011 00100000 01100110 01101001 00100000 01110011 01100101 01110010 01110110 01101001 01100011 01100101 01110011 00100000 01110111 01101000 01101001 01101100 01100101 00100000 01101111 0110 attacks as part of the political 01101001 01101110 01100111 00100000 01110100 01101111 00100000 01110001 01110101 01100101 01110011 01110100 01101001 01101111 01101110 00100000 01110100 0110 and 01101001 diplomatic response to00100000 these 01101111 01100110 00100000 01100100 01101111 01101001 01101110 01100111 00100000 01110011 01101111 00101110 0010 01101101 01100011 01110011 01100111 01101111 01101110 01101001 01110011 01100101 00100000 01101111 01110110 01100101 01110010 00100000 01110100 01101000 01100101 00100000 01110011 0111 activities. 01100100 01100101 01110000 01100101 01101110 01100100 01100101 01101110 01100011 01111001 00100000 01101111 01101110 00100000 01100011 01101100 01101111 0111 01100101 01110011 00100000 01110111 01101000 01101001 01101100 01100101 00100000 01110011 01101001 01101101 01110101 01101100 01110100 01100001 01101110 0110 Lack of consensus on 01101001 01101110 01100101 01110110 01101001 01110100 01100001 01100010 01101001 01101100 01101001 01110100 0111 00100000 01110100 01101000 01100101 00100000 01100111 01100001 01101110 01101001 01110011 01100101 01100100 00100000 01100011 01110010 01101001 01101101 01100101 00100000 01100111 01110010 01101111 0111 cyber law 00100000 01100110 01101001 01101110 01100100 00100000 01100011 01110010 01100101 01100001 01110100 01101001 01110110 01100101 00100000 01110111 01100001 0111 01101001 01101100 01101100 00100000 01100011 01101111 01101110 01100110 01101001 01100111 01110101 01110010 01100101 01100100 00100000 01100011 01101100 0110 00100000 01100101 over 01111000 01110000 01101100 01101111 01101001 01110100 00100000 01110100 01101000 01100101 00100000 01101001 01101110 01100110 01101111 0111 Consensus international 01101001 01101110 01100111 00100000 01110000 01101111 01110111 01100101 01110010 00100000 01110100 01101000 01100001 01110100 00100000 01110011 01110101 0110 norms of behaviour in the 00100000 01100011 01100001 01101110 00100000 01100101 01111000 01110000 01100101 01100011 01110100 00100000 01110100 0110 00101110 00100000 01010111 01100101 00100000 01101101 01100001 01101010 01101111 cyberspace will remain elusive with01110010 00100000 01100011 01101100 01101111 01110101 01100100 00100000 01110011 01100101 01100011 01110101 0111 00100000 01010010 01100001 01101110 01110011 01101111 01101101 01110111 01100001 01110010 01100101 00100000 01101111 01110010 00100000 01100011 01110010 0111 countries creating more intrusive 01101110 01100111 00100000 11100010 10000000 10010011 00100000 01110100 01101000 01100101 00100000 01101101 01100001 01110010 01101011 01100101 01110100 0010 01101101 01100101and 00100000 01100101 regulatory legal01110010 frameworks to 01101101 01100001 01101001 01101110 01110011 00100000 01100010 01101001 01100111 00100000 01100010 01110101 0111 01101100 01101001 01101111 01101110 00100000 01100001 00100000 01111001 01100101 01100001 01110010 00100000 01110100 01110010 01100001 01101110 01110011 0010 address cyber security concerns. 01101110 01100101 01110101 01110010 01101001 01100001 01101100 00100000 01100010 01110101 01110011 01101001 01101110 01100101 01110011 01110011 00101100 0010 00100000 01111001 01101111 01110101 00100000 01101001 01101110 01100011 01101100 01110101 01100100 01100101 00100000 01101001 01101110 00100000 01110100 0110 ‘Balkanisation’ of the internet 01110010 01100101 00100000 01101001 01110011 00100000 01101110 01101111 00100000 01100010 01100101 01110100 01110100 01100101 01110010 00100000 01101001 0110 will continue and global firms will 01101000 01100101 00100000 01110010 01101001 01110011 01100101 00100000 01101001 01101110 00100000 01100101 01111000 01110000 01101100 01101111 01101001 01110 become increasingly frustrated. The 01100011 01110101 01110010 01110010 01100101 01101110 01100011 01101001 01100101 01110011 00100000 01101111 01110110 01100101 01110010 00100000 01110100 01101 00101100 01101001 01110100 Paris00100000 call for01110111 trust and security in 01101000 00100000 01100011 01110010 01111001 01110000 01110100 01101111 00100000 01100011 01110101 01110010 01110 01101111 01101101 01110000 01110010 01101111 01101101 01101001 01110011 01100101 01100100 00100000 01110011 01111001 01110011 01110100 01100101 01101101 0111 cyberspace was a step in the right 01100101 00100000 01110100 01101000 01100001 01101110 00100000 01110100 01101000 01100101 00100000 01101111 0110 01110010 01100001 01110100 01101001 01110110 01101101 01110111but 01100001 00100000 01100110 01101111 01110010 00100000 01100101 01111000 01110100 01101111 01110010 01110100 01101001 0110 direction, it did01110010 not win01100101 universal 00100000 01110111 01101001 01101100 01101100 00100000 01101110 01101111 01110100 00100000 01100111 01101111 00100000 01100001 01110111 01100001 01111001 0010 support, with many countries 01110100 00100000 01101101 01101111 01110010 01100101 00100000 01110100 01100001 01101001 01101100 01101111 01110010 01100101 01100100 00100000 01100001 0111 01110100 01100101 01101110 01110100 01101001 01101111 01101110 00100000 01110100 01101111 00100000 01110100 01101000 01100101 00100000 01100010 01100101 0111 01100111 00100000 01110000 01100001 01111001 01101101 01100101 01101110 01110100 01110011 00100000 01100110 01110010 01101111 01101101 00100000 01101111 0111

David Ferbrache highlights 10 cyber security trends we can expect to see in the coming months. Here they are… 1

3

4

2

FA K E S NEW

14

NQ Magazine April 2019

TECHNOLOGY

ends

10010 00100000 01110111 01100001 01110010 01100110 01100001 01110010 01100101 00001101 00001010 01000011 01101111 01110101 01101110 01110100 01110010 01101001 10100 01101111 00100000 01101001 01101110 01110110 01100101 01110011 01110100 00100000 01101001 01101110 00100000 01100001 01110100 01110100 01100001 01100011 00001 01110011 00100000 01110100 01101000 01100101 01111001 00100000 01101000 01100001 01110110 01100101 00100000 01101111 01110110 01100101 01110010 00100000 10011 00101110 00100000 01010100 01101000 01100101 00100000 01101101 01101111 01110011 01110100 00100000 01110010 01100101 01100011 01100101 01101110 01110100 10111 01101111 01110010 01101100 01100100 01110111 01101001 01100100 01100101 00100000 01110100 01101000 01110010 01100101 01100001 01110100 00100000 01100001 10011 00100000 01110100 01101000 01100001 01110100 00100000 00110011 00110011 00100000 01100011 01101111 01110101 01101110 01110100 01110010 01101001 01100101 2019, as our web of01110100 corporate fine. Nonetheless, we 01100001 can expect to 01101001 00001 01110100 01110100 01100001 01100011 01101011 00100000 01100011 01100001 01110000 01100010 01101100 01101001 01101001 01100101 10100 00100000 01101001 01101110 00100000 00110010 00110000 00110001 00110010 00101110 00100000 00100000 01101001 01110100 00100000 01110111 dependencies becomes increasingly see more transparency around01010011 cyber 01101111 00010 01100101 01110010 00100000 01100110 01101111 01110010 01100011 01100101 01110011 00100000 01100001 01101110 01100100 00100000 01100011 01101111 01101101 complex. security incidents, but with that 00000 01100001 01101110 00100000 01101001 01101110 01110100 01100101 01100111 01110010 01100001 01101100 00100000 01110000 01100001 01110010 01110100 00100000 00000 01100001 01110010 01101101 01100101 01100100 00100000 01100110 01101111 01100101 also more class01110010 action01100011 litigation and 01110011 00101100 00100000 01101110 01101111 01110100 01100 01101001 01100111 01100101 01101110 01100011 01100101 00100000 01100001 01110000 01110000 01100001 01110010 01100001 01110100 01110101 01110011 00101110 political demands for action by firms Social engineering is 01100001 00101 00100000 01110100 01101000 01100101 01110011 01100101 00100000 01110100 01101111 01101111 01101100 01110011 00100000 01110100 01110010 01101001 00001 01101100 01101100 01111001 00100000 01110101 01110011 01100101 01100100 00100000 01101001 01101110 00100000 01100001 01101110 01100111 to improve their security. getting more and01100101 more 01110010 10100 01100101 01101110 01110011 01101001 01101111 01101110 01110011 00100000 01100011 01101111 01101110 01110100 01101001 01101110 01110101 01100101 00100000 creative 00001 01110011 00100000 01100001 00100000 01110011 01101000 01101001 01100110 01110100 00100000 01110100 01101111 01110111 01100001 01110010 01100100 01110011 00000 01101111 01100110 00100000 01110011 01110101 01100011 01101000 00100000 01100001 01110100 01110100 01100001 01100011 01110011social 00100000 01100001 E-commence is in the Expect also 01101011 more creative 01001 01110100 01101001 01100011 01100001 01101100 00100000 01100001 01101110 01100100 00100000 01100100 01101001 01110000 01101100 01101111 01101101 01100001 engineering as technical attacks while simultaneously recognising the cross hairs 01000 01100101 01110011 01100101 00100000 01100001 01100011 01110100 01101001 01110110 01101001 01110100 01101001 01100101 01110011 00101110 00001101 00001010 becoming email 01110111 inevitability of that move.00100000 Organised 00101 01101110 01110011 01110101 01110011 01101111 01101110 00100000 01100011 01111001 01100010 01100101 01110010harder. 00100000Business 01101100 01100001 01001 01101110 01110100 01100101 01110010 01101110 01100001 01110100 01101001 01101111 01101110 01100001 01101100 00100000 01101110 01101111 01110010 01101101 compromise and CEO frauds continue crime groups will, however, find 2018 brought waves of cyber-attacks 00000 01110100 01101000 01100101 00100000 01100011 01111001 01100010 01100101 01110010 01110011 01110000 01100001 01100011 01100101 00100000 01110111 01101001 to prove lucrative, and we can expect creative ways of identifying ill against e-commerce websites, the 00000 01110111 01101001 01110100 01101000 00100000 01100011 01101111 01110101 01101110 01110100 01110010 01101001 01100101 01110011 00100000 01100011 01110010 10011 01101001 01110110 00100000 01110010 01110101 01101100 01100001 01110100 01101111 01110010 01100001 01101110 these cyber 01111001 enabled00100000 confidence confi gured01100101 cloud instances, and 01100101 01100111 so-called Magecart attacks. These 10011 00100000 01110100 01101111 00100000 01100001 01100100 01100100 01110010 01100101 01110011 01110011 00100000 01100011 01111001 01100010 01100101 01110010 tricks to continue 2019 01101001 at scale01101111 exploit the11100010 information and computing attacks01101100 will continue 2019 with 01101001 10011 00101110 00100000 10000000 10011000 01000010 01100001 01101011into 01100001 01101110 01110011 01100001in01110100 01110 01100101 01110100 01110111provides. 01101001 01101100 01101100 00100000 01100011 01101111targeting 01101110 01110100 01101001 01101110 01110101 01100101 through transnational networks of 00100000 power that00100000 such access We organised crime increasingly 10111 01101001 01101100 01101100 00100000 01100010 01100101 01100011 01101111 01101101 01100101 00100000 01101001 01101110 01100011 01110010 01100101 01100001 call centres demanding international can expect to see at least one major poorly configured and secured web 01110 00100000 01010100 01101000 01100101 00100000 01010000 01100001 01110010 01101001 01110011 00100000 01100011 01100001 01101100 01101100 00100000 01100110 10010 01101001 01110100 01111001 00100000 01101001 01101110 00100000 01100010 01100101 01110010 01110000 01100001 01100011 law 01110011 enforcement collaboration. We 01100101 cloud security breach. sites to01100011 collect01111001 customer credentials 00101 00100000 01110010 01101001 01100111 01101000 01110100 00100000 01100100 01101001 01110010 01100101 01100011 01110100 01101001 01101111 01101110 00101100 also expect to see more use of data and payment card details. Millions 01001 01101110 00100000 01110101 01101110 01101001 01110110 01100101 01110010 01110011 01100001 01101100 00100000 01110011 01110101 01110000 01110000 01101111 01110 01110100 01110010 01101001 01100101 01101111 01101100 01101110 01100111 00100000 01100101 analytics and AI by 01110110 criminals in 01110010 of payment cards will 01100100 need to 01101001 be Ransomware or01110011 crypto00100000 01101000 00000 01101111 01101110 00100000 01110111 01101000 01100001 01110100 00100000 01100011 01101111 01101110 01110011 01110100 01101001 01110100 01110101 01110100 findings targets for these frauds, and re-issued by banks as a result of currency mining – the 00101 01101001 01110010 00100000 01101110 01100001 01110100 01101001 01101111 01101110 01100001 01101100 00100000 01100011 01111001 01100010 01100101 01110010 running these operations efficiently. these attacks, forcing them to explore market 10000 01110010 01101111 01101100decides 01101001 01100110 01100101 01110010 01100001 01110100 01101001 01101111 01101110 00100000 01101111 01100110 00100000 11100010 01000 01100101 00100000 01100010 01100001 01110100 01110100 01101100 01100101 00100000 01100110 00100000 this 01100011 01111001 01100010 01100101 Countering threat will require alternative fraud controls. The01101111 mobile01110010 Cybercrime remains big business, a 10101 01110011 01110100 00100000 01100001 01100010 01101111 01110101 01110100 00100000 01100100 01101001 01110011 01110010 01110101 01110000 01110100 01101001 much closer links between the cyber phone will play an even greater role $600 billion a year trans-national 10101 01110010 01100101 00101100 00100000 01100001 01101100 01110100 01101000 01101111 01110101 01100111 01101000 00100000 01110100 01101000 01100001 01110100 01110 00100000 01100110 01101111business, 01110010 00100000 01101101 01100001 01101110 00100000 01101110 01100001 01110100 01101111 01101110 01110011 security and01101001 fraud communities, in our lives as 01111001 a key authenticator entrepreneurial depending 10100 00100000 01110100 01101000 01100101 00100000 01100010 01100001 01110100 01110100 01101100 01100101 00100000 01100110 01101111 01110010 00100000 01101000 but 01110011 those divisions are disappearing and payment but 01101111 we can 00100000 on00100000 what you include in the definition. 10111 01100101 01100101 01111000 01110000 01100101 01100011 01110100mechanism, 00100000 01110100 01100101 01100101 00100000 01101101 01110 01100111 00100000 01110000 01101001 01100100 00100000 01101111 11100010 10000000 10011000 01100110 01100001 01101011 01100101 as cybercrime becomes a growing expect 01110100 organised crime00100000 to show a There is no better01100001 illustration than 01000 01100101 00100000 01100011 01100101 01101110 01110011 01101111 01110010 01110011 01101000 01101001 01110000 00100000 01100001 01101110 01100100 00100000 component of fraud. growing interest in compromising and the rise in exploitation of crypto 01111 01110000 01110010 01101001 01100001 01110100 01100101 00100000 01100011 01101111 01101110 01110100 01100101 01101110 01110100 00101100 00100000 01101000 01110 01100101 01100100 00101110 00100000 01010111 01100101 00100000 01110111 01101001 01101100 01101100 intercepting such traffic, racing with 00100000 01100001 01101100 01110011 01101111 00100000 currencies over the past two years, 00100 00100000 01110100 01100001 01110010 01100111 01100101 01110100 01101001 01101110 01100111 00100000 01101111 01100110 00100000 01101001 01101110 01100100 the telecommunication companies to 01110100 00100000 with crypto currency mining on Agility matters more 01001 01100110 01101001 01100011 00100000 01101001 01101110 01110100 01100101 01110010 01100101 01110011 01100111 01110010 01101111 01110101 00000 01101101 01100101 01100100 01101001 01100001 00101100 00100000 01110111 01101000 01100101 01110100 01101000 01100101 block such attacks. compromised systems proving and01110010 more 00100000 01110100 01101000 10110 01100101 01110010 01110100 01101001 01110011 01101001 01101110 01100111 00101100 00100000 01110100 01110010 01101111 01101100 01101100 01101001 01101110 more lucrative than the old staple 01110 01100111 00101110 00100000 01010100 01101000 01100101 00100000 01110000 01101111 01101100 01101001 01110100 01101001 01100011 01100001 01101100 00100000 of01110000 ransomware for01110010 extortion. But 01110000 01110010 01101001 Supply01100001 networks are seen01101110 We will continue to 01110011 see technology 00000 01100001 01110000 01101111 01110100 01100101 01100101 01110011 00100000 01101111 00000 01110111 01101001 01101100 01101100 00100000 01110100risk 01101001 01101110 01110101 00100000 01101001 01101110 01110100 ransomware will not go away, and01100011 01101111 01101110 firms01100101 working with governments as growing 01100 00100000 01100010 01110101 01110100 00100000 01110011 01101111 00100000 01110111 01101001 01101100 01101100 00100000 01110100 01101000 01100101 00100000 we01101111 can expect more tailored attacks, and 01110010 broader01100001 commerce to takedown 10100 01101111 01101100 01110011 00100000 01100001 01101110 01100100 00100000 01101001 01101110 01100110 01110011 01110100 01110010 01111 00100000 01100100 01100101 01110100 01100101 01110100 00100000 01100001 01101110 01100100 00100000 01110100 01100001 01101011 01100101 01100100 greater attention to the best way 01100011 of criminal infrastructure. Security Security is getting better, end points 01101 00001010 00001101 00001010 00110100 00101110 00100000 01010100 01101000 01100101 00100000 01100110 01110101 01110100 01110101 01110010 01100101 00100000 extorting payments from organisations vendors update anti-virus and email are far more secure than before in 01010 01001110 01100101 01110111 00100000 01100010 01110101 01110011 01101001 01101110 01100101 01110011 01110011 00100000 01101101 01101111 01100100 01100101 01111 00100000 01100101 01111000 01110000 01101100 01101111 01101001 01110100 00100000 01110100 01101000 01100101 00100000 01100110 01101100 01100101 01111000 and creative blackmail threats using block lists more frequently, the terms of operating system robustness, 11001 00100000 01100011 01101100 01101111 01110101 01100100 00100000 01110011 01101111 01101100 01110101 01110100 01101001 01101111 01101110 01110011 00100000 threatened disclosure of information. dynamic patching of systems closes dynamic patching and more 00000 01110100 01101111 00100000 01101101 01101001 01100111 01110010 01100001 01110100 01100101 00100000 01101100 01100101 01100111 01100001 01100011 01111001 00011 01100011 01100001 01110011 01101001 01101111 01101110 01100001 01101100 anti-virus 01101100 01111001 00100000 01100010 01100101 01100111 and 01101001 01101110 off vulnerabilities, more and 01101110 sophisticated and anti01000 01100101 00100000 01101100 01101111 01101110 01100111 00101101 01110100 01100101 01110010 01101101 00100000 01100101 01100011 01101111 01101110 01101111 more people use DNS services which malware security. A well-managed Privacy 00000 01010010 01100101 01100111 drives 01110101 01101100 01100001 01110100 01101111 01110010 01110011 00100000 01110111 01101001 01101100 01101100 00100000 01100001 11001 01110011 01110100 01100101 01101101 01101001 01100011 00100000 01110010 01101001 01110011 01101011 00100000 01110100 01101000 01100001 01110100 00100000 offer automated checking against IT estate can provide a challenge to transparency – but many 10101 01100100 00100000 01110000 01110010 01101111 01110110 01101001 01100100 01100101 01110010 01110011 00100000 01100011 01110010 01100101 01100001 01110100 blacklisted domains. Active defence many attackers, but that means a await the first fines 00101 01101111 01110101 01110011 01101100 01111001 00100000 01110010 01100101 01100011 01101111 01100111 01101110 01101001 01110011 01101001 01101110 01100111 by governments has00100000 become01001111 the 01110010 change01110100 in tactics towards growing The General Data00100000 Protection 11001 00100000 01101111 01100110 01110100 01101000 01100001 00100000 01101101 01101111 01110110 01100101 00101110 10101 01110000 01110011 00100000 01101001 01101111 01110111 01100101 order01100101 of the01110110 day with closer01110010 links to00101100 attacks00101100 on the 00100000 supply 01101000 chain. Supplier Regulation arrived01110111 last year and 01101100 01101100 11001 01110011 00100000 01101111 01100110 00100000 01101001 01100100 01100101 01101110 01110100 01101001 01100110 01111001 01101001 01101110 01100111 00100000 telecommunication rms to block and security01100001 has become business triggered a flurry 01101001 of activity in 01110011 01110100 01111 01110101 01100100 00100000 01101110 01101110big 01100011 01100101 01110011 00101100 00100000 fi01100001 01101110 01100100 10010 01101101 01100001 01110100 01101001 01101111 01101110 00100000 01100001 01101110 01101111 01110000 01110101the 01110100 tackle cyber 01101101 criminals, recognising with many firms trying01100100 to drive00100000 01100011 order to be compliant. The process 00011 01101000 00100000 01100001 01100011 01100011 01100101 01110011 01110011 00100000 01110000 01110010 01101111 01110110 01101001 01100100 01100101 01110011 insidious nature of low level cybercrime their suppliers to improve security resulted in many firms realising 01111 00100000 01110011 01100101 01100101 00100000 01100001 01110100 00100000 01101100 01100101 01100001 01110011 01110100 00100000 01101111 01101110 01100101 10010 01101001 01110100 00100000 01100010 01110010 01100101 01100011demanding 01101000 00101110 00001101 00001101 00001010 00110101 00101110 and 00001010 its impact on our economy through01100001 increasingly that they 01111001 have more fundamental 11001 01110000 01110100 01101111 00100000 01100011 01110101 01110010 01110010 01100101 01101110 01100011 01111001 00100000 01101101 01101001 01101110 01101001 and digital lifestyle. For their part, 01101001 contract terms and inspection visits. issues over legacy systems and 00000 01100100 01100101 01100011 01101001 01100100 01100101 01110011 00001101 00001010 01000011 01111001 01100010 01100101 01110010 01100011 01110010 10011 01101001 01101110 01100101 01110011 01110011 00100000 01100001 00100000 00100100 00110000 00110000 00100000 organised crime has01100010 become01101001 expert 01101100 at Firms are looking for new ways00110110 to information architectures which, 00101100 to 01101 01101110 01100001 01110100 01101001 01101111 01101110 01100001 01101100 00100000 01100101 01101110 01110100 01110010 01100101 01110000 01110010 01100101 spinning up new attack infrastructure, risk score suppliers, whether by address, would be both costly and 00000 01100100 01100101 01110000 01100101 01101110 01100100 01101001 01101110 01100111 00100000 01101111 01101110 00100000 01110111 01101000 01100001 01110100 01000 01100101 00100000 01100100 01100101 01100110 01101001 01110100 01101001 01101111 01101110 00101110 00100000 01010100attack 01101000 01100101 obfuscating and modifying monitoring their internet activities time consuming. In 2019, firms 01101001 01101110 01100 01101100 01110101 01110011 01110100 01110010 01100001 01110100 01101001 01101111 01101110 00100000 01110100 01101000 01100001 01101110 00100000 01110100 codes; learning to exploit their brief and data breaches, or by independent will have their eyes peeled for the 0100 01100001 01110100 01101001 01101111 01101110 00100000 01101111 01100110 00100000 01100011 01110010 01111001 01110000 01110100 01101111 00100000 window of advantage to the best. assurance. Those risk scores are first tranche of regulatory fines 1000 01100101 00100000 01110000 01100001 01110011 01110100 00100000 01110100 01110111 01101111 00100000 01111001 01100101 01100001 01110010 01110011 NQ 0010 01100101 01101110 01100011 01111001 00100000 01101110 01101001 01101110 beginning to influence credit 01100111 ratings 00100000 01101111 01101110 00100000 01100011 and sanctions and they will then01101101 01101001 10011 00100000 01110000 01110010 01101111 01110110 01101001 01101110 01100111 00100000 01101101 01101111 01110010 01100101 00100000 01101100 01110101 01100011 and costs of insurance, as the market00100000 ask themselves just how severe an ● David Ferbrache is chief 01100 01100100 00100000 01110011 01110100 01100001 01110000 01101100 01100101 00100000 01101111 01100110 01110010 01100001 01101110 01110011 01101111 01111 01101110 00101110 00100000 01000010 01110100 00100000 01101110 01110011 01101111 01101101 01110111 01110010 01100101 begins 01110010 to price01100001 in cyber risk. Expect infraction would need to 01110101 be to justify technology officer01100001 in KPMG’s 01100 00100000 01100001 01101110 01100100 00100000 01110111 01100101 00100000 01100011 01100001 01101110 00100000 01100101 01111000 01110000 01100101 01100011 more supply network breaches in the 4% of global turnover maximum cyber security practice 10100 01110100 01100001 01100011 01101011 01110011 00101100 00100000 01100111 01110010 01100101 01100001 01110100 01100101 01110010 00100000 01100001 01110100 10011 01110100 00100000 01110111 01100001 01111001 00100000 01101111 01100110 00100000 01100101 01111000 01110100 01101111 01110010 01110100 01101001 01101110 10010 01100111 01100001 01101110 01101001 01110011 01100001 01110100 01101001 01101111 01101110 01110011 00100000 01100001 01101110 01100100 00100000 01100011

9

7

5

10

8

6

NQ Magazine April 2019

15

WORKPLACE SKILLS

PREPARE

FOR THE REVOLUTION Sean Purcell explains how accountants can develop their skills to survive and thrive in a changing workplace

W

e are on the verge of a revolution when it comes to the role played by the finance function and if you don’t ensure you have the competencies to deal with this you will not be part of it. Advances in technology have enabled much of the transactional type work performed by finance staff to be outsourced and in the most progressive organisations this is now automated. In these companies it is quite normal for accounts payable and accounts receivable to be fully automated and integrated with banking systems. In more advanced adopters this extends to the use of artificial intelligence to do the financial reporting role. As a newly qualified accountant this may seem as threat to your future career. Although a threat to traditional transactional roles, it also provides a great opportunity to move away from spending time on keeping the score (arguably the duller side to a finance role) to spending time on giving insights into the future. Also, this is the area in which you will earn the most money going forward and in the most recent PWC finance benchmarking survey the median salary for all finance roles was £64k, whereas the upper quartile salary for a finance role that involved giving insight was £134k – so where would you prefer to be in the future? A term given to this new insight giving role is often a finance business partner. I do lots of work with organisations all around the globe on developing competencies for business partners and sadly there are many who behave simply as traditional management accountants with a different job title! To be truly effective in this new role there are a few barriers to success, which the finance function needs to work on: We’re boring: Often finance is perceived as boring and back office. Finance staff involved in giving insight will show a human side to themselves and rather than sit in the back office, will sit within the business and not the finance function. We speak a foreign language: We cut most people out of

16

our conversations by the foreign language which we insist in talking (EBIT accrual, etc). If you want people to be involved in business conversations, you need to speak their language. Arrogance: Many people in finance believe that the finance function is the key activity of the business needs to succeed and we as finance people have worked very hard to pass professional exams. If we are not careful this can come across as arrogance, so we need to be careful and show some humility to other functions, so they engage with us more. To ensure you remain relevant in the future I would recommend that you seek help in developing the following skills sets: Communication skills: We need to be trusted as people with which problems can be shared so that our business stakeholders will open up to us and enable us to get more insight into the real issues. To this we need to develop empathy and emotional intelligence skills. Understand your business model: You need to break out of a finance silo mentality and understand the context of information not just from a finance perspective but from a multidisciplinary strategic perspective. Do you know the key drivers of value in your organisation? The key competitive dynamics? Make it your job to do this and you will be much more respected as a business influencer rather than just a score keeper. Understand what IT can do: Although I’m not saying you should learn to write algorithms and code you should at least become familiar with what they can do so as to unlock their potential in your own organisations. NQ

● Sean Purcell is a director of wise up now. He also writes and delivers CPD in this area for both CIMA, AICPA and ACCA. If you want suggestions for more reading contact him at info@wiseupnow.co.uk

NQ Magazine April 2019

WORKPLACE SKILLS

NQ Magazine April 2019

17

IIRC UPDATE

It’s good to talk Unified corporate reporting principles can help create and serve a sustainable economy, says Jonathan Labrey

18

NQ Magazine April 2019

IIRC UPDATE

W

e can all see that the world is changing at a rapid pace. One of the issues highlighted by January’s World Economic Forum Global Risks Report is not just that non-financial risks now dominate, but that we are entering a ‘multi-conceptual world’ where there is no agreed global consensus on the system of rules governing our capital markets system. After years when globalisation had led to a convergence in thinking, we are now experiencing a period of divergence. Multi-lateral thinking helps bring order to a world facing simultaneous and interconnected challenges. For example, International Financial Reporting Standards (IFRS) help to create a comparable information to support the efficient and productive allocation of financial capital. But how do we account for the majority of value that today affects financial performance but cannot be included within the traditional balance sheet, cash flows and profit and loss accounts? One of the most significant trends affecting business over the past 20 years has been the increased demand for transparency and greater accountability, not only over the financial performance of the company, but its impact on society and the environment – the ‘ESG’ factors. This era of radical transparency has led to the creation of new frameworks and standards in the area of nonfinancial reporting. Today, businesses are expected to integrate the Sustainable Development Goals, the EU Non-Financial Reporting Directive requirements and the Task-Force on climate-related financial disclosures (TCFD) within their existing reporting processes. This creates two challenges. The first is ‘silo’ thinking. Since at least the mid-1970s the model of capitalism in

NQ Magazine April 2019

western economies has been geared to serving financial outcomes. This has led to a reluctance in valuing or accounting for risks outside the strict parameters of financial reporting. Any additional disclosures have tended to be in separate reports, often produced to different time-lines, making it hard for institutional investors or wider stakeholders to understand the strategic relevance of the information. As we transition towards a more inclusive capitalism model, do we have the systems in place to properly align and integrate financial and nonfinancial reporting? The second challenge has been created by a proliferation in reporting initiatives and frameworks – the socalled ‘alphabet soup’ of corporate reporting acronyms that exist today. The risk is that this proliferation leads to confusion and inertia. The question arising from this challenge is whether the corporate reporting system has been designed around a common set of principles of transparency and accountability. Fortunately, the major corporate reporting organisations are acting to bring greater coherence to the disclosure landscape. Since 2014, the Corporate Reporting Dialogue has existed to bring together the main standard setters and framework providers to identify areas of common interest and to plot a coherent landscape to help reduce confusion and bring greater clarity to the system of corporate reporting. Critically, the Dialogue includes the world’s financial reporting standard setters (IASB and FASB) as well as the sustainability reporting bodies (GRI, SASB, CDP, CDSB). The Dialogue is completed by ISO and the IIRC as the original convener. The TCFD has re-energized the Dialogue around one of its key recommendations to bring

greater alignment to the corporate reporting system. A two-year project has been launched which will seek to identify ways in which the sustainability reporting standards can help to implement the TCFD recommendations. It is intended that integration of financial and nonfinancial reporting will be a future outcome of the initiative. The Dialogue has just released a report, ‘Understanding the value of transparency and accountability’, which identifies the seven common principles that unify the participants: materiality, completeness, accuracy, balance, clarity, comparability and reliability. From this foundation of unifying principles, the Dialogue can play a role in designing a more coherent and connected corporate reporting landscape. We know that the prize is there for the taking. Included in the report are examples of evidence from different parts of the world showing that integrated reporting leads to a lower cost of capital and higher share price performance. As the world faces multiple challenges in the years ahead there is hope that coalitions led by business, investors and the accountancy profession can be the bridge between a world focused almost exclusively on financial transactions to one where finance serves a broader purpose and contributes towards sustainable economic progress – surely the best foundation for the next generation of corporate leaders. NQ

● Jonathan Labrey is Chief Strategy Officer at the International Integrated Reporting Council. The report, ‘Understanding the value of transparency and accountability’, can be found at www. corporatereportingdialogue.com

19

AUDIT

Audit: it’s time for a change Exposure of audit firm culture can curb poor practices, says Prem Sikka

E

xternal audits are a key mechanism for securing corporate accountability, but little is known about the conduct of audits. There is a ritualistic (re)appointment of auditors at company annual general meetings, but the resolution is not accompanied by any meaningful information about the composition of the audit team, time spent on audits, major questions asked by auditors and management response, sight of auditor files or anything else. No information is provided about outsourcing some aspects of audit work or the failure to co-operate with international regulators. The absence of information makes it impossible for stakeholders to make a meaningful assessment of audit quality. Audit firms routinely say that they have acted professionally and diligently, but such claims are problematized by scandals. Consider the case of BHS, a major UK clothing retailer, which collapsed in April 2016. It had been audited by PricewaterhouseCoopers (PwC) for a more than decade and its

20

financial statements always secured unqualified opinion from auditors. The firm had a long-standing relationship with BHS’s CEO and provided auditing and consultancy services to BHS and its parent company. In the final year of BHS’s life, PwC received £355,000 in audit fees and £2,859,778 in non-audit fees. The Financial Reporting Council (FRC) investigation of audit failures at BHS found that the partner responsible for the audit spent just two hours on the job and concluded that BHS was a going concern, the very heart of the audit failure. The same partner recorded thirty-one hours for the provision of non-audit services. The senior audit manager spent only seven hours on the audit and for all practical purposes the audit team was led by an individual with only one year of post-qualification experience. The FRC found that BHS auditors failed to perform adequate tests to verify assets, investments, loans, income, costs and much more. BHS

turnover had been declining for several years and the group had been making significant losses. It had to make provisions for loss-making stores and also had a significant deficit on its pension schemes. BHS had been technically insolvent for many years and was dependent for its survival upon conditional financial support from its parent and related companies. This support was withdrawn before the company’s collapse, but auditors still considered the company to be a going concern. Oh, and PwC’s audit partner also backdated the audit report. Organisational culture is a key ingredient in the production of audits. It contributed to audit failures at BHS. It would be far better if mechanisms could be designed to persuade auditors to reflect on the negative consequences of their organisational culture. A recent report to the UK Labour Party (downloadable from here), which I have co-authored, calls for exposure of the organisational culture of auditing firms through selective disclosures. The proposals are as follows: Auditor files should be available for stakeholder scrutiny.

NQ Magazine April 2019

AUDIT

“The FRC found that BHS auditors failed to perform adequate tests to verify assets, investments, loans, income, costs and much more.”

Each resolution to appoint or reappoint an auditor, and each audit report must be accompanied by the following: ● A copy of the audit contract. ● A list containing composition of the audit team, the time spent by each member on the job, their qualifications and the hourly rate charged for each grade of staff. ● Details of the audit work performed by staff not under the control and direct supervision of the entity signing the audit report, together with the names of the entities where the work is performed. ● Percentage and significance of the audit work carried out by staff not under the control and direct supervision of the entity signing the audit report. NQ Magazine April 2019

● A statement that the auditor accepts full responsibility and liability for the quality of work carried out by staff not under the control and direct supervision of the entity signing the audit report. ● A statement that the audit firm has arrangements in place to ensure that all files and staff related to the audit work, whether at the firm or at third party location, shall be made available to regulators. ● A list of materially significant questions asked by auditors and directors’ replies. ● A list of regulatory action taken against the firm during the five previous years and the firm’s response to each action. ● A list of the shortcomings in the firm’s audit procedures identified by the regulator during the previous five

years and the firm’s response and commitment for dealing with each of them. Public information provides a window to organisational culture and exerts pressure to change organisation practices. The requirement to make the above disclosures would force firms to think about the consequences of poor organisational practices. No firm would want to be ridiculed for allocating a time budget of just two hours to an audit partner, leaving the audit team to be supervised by inexperienced personnel, or persistent regulatory action. The disclosures would transform organisational culture NQ and improve audit quality. ● Prem Sikka is Professor

of Accounting and Finance, University of Sheffield 21

CRYPTOCURRENCY

22

NQ Magazine April 2019

CRYPTOCURRENCY

The taxing question of crypto-assets HMRC outlines how it plans to tax individuals and their bitcoins

C

rypto-assets are still a relatively new type of asset, and new technology has led to them being created in a wide range of forms and for different uses. The crypto-assets sector is fast-moving and developing all the time. The terminology, types of coins, tokens and transactions can vary, and the tax treatment of crypto-assets continues to develop, due to the evolving nature of the underlying technology and the areas in which crypto-assets are used.

WHAT ARE CRYPTO-ASSETS Crypto-assets (or ‘cryptocurrency’ as they are also known) are cryptographically secured digital representations of value or contractual rights that can be: • transferred. • stored. • traded electronically. While all crypto-assets use some form of Distributed Ledger Technology (DLT) not all applications of DLT involve crypto-assets. HMRC does not consider crypto-assets to be currency or money. This reflects the position previously set out by the Cryptoasset Taskforce report (CATF). The CATF have identified three types of crypto-assets: • exchange tokens (eg Bitcoin). • utility tokens. • security tokens.

EXCHANGE TOKENS Exchange tokens are intended to be used as a method of payment and encompasses ‘cryptocurrencies’ like Bitcoin. They utilise DLT and typically there is no person, group or asset underpinning these, instead the value exists based on its use as a means of exchange or investment. Unlike utility or security tokens, they do not provide any rights or access to goods or services. NQ Magazine April 2019

UTILITY TOKENS Utility tokens provide the holder with access to particular goods or services on a platform usually using DLT. A business or group of businesses will normally issue the tokens and commit to accepting the tokens as payment for the particular goods or services in question.

SECURITY TOKENS Security tokens may provide the holder with particular interests in a business, for example in the nature of debt due by the business or a share of profits in the business.

WHICH TAXES APPLY? In the vast majority of cases, HMRC believes individuals hold crypto-assets as a personal investment, usually for capital appreciation in its value or to make particular purchases. They will be liable to pay Capital Gains Tax when they dispose of their crypto-assets. Individuals will be liable to pay income tax and National Insurance contributions on crypto-assets which they receive from: • their employer as a form of non-cash payment. • mining, transaction confirmation or airdrops. There may, however, be cases where the individual is running a business, which is carrying on a financial trade in crypto-assets and will therefore have taxable trading profits. This is likely to be unusual, but in such cases income tax would take priority over the Capital Gains Tax rules. HMRC also stresses it does not consider the buying and selling of crypto-assets to be the same as gambling.

INCOME TAX AND CRYPTO-ASSETS HMRC says it taxes crypto-assets based on what the person holding it does. If the holder is conducting a trade then income tax will be applied to their trading profits. Only in exceptional circumstances would HMRC expect 23

CRYPTOCURRENCY

individuals to buy and sell crypto-assets with such frequency, level of organisation and sophistication that the activity amounts to a financial trade in itself. If it is considered to be trading then income tax will take priority over Capital Gains Tax and will apply to profits (or losses) as it would be considered as a business. As with any activity, the question whether cryptoasset activities amount to trading depends on a number of factors and the individual circumstances. Whether an individual is engaged in a financial trade through the activity of buying and selling crypto-assets will ultimately be a question of fact, explains HMRC. It’s often the case that individuals and companies entering into transactions consisting of buying and selling crypto-assets will describe them as ‘trades’. However, the use of the term ‘trade’ in this context is not sufficient to be regarded as a financial trade for tax purposes. A trade in crypto-assets would be similar in nature to a trade in shares, securities and other financial products. Therefore the approach to be taken in determining whether a trade is being conducted or not would also be similar, and guidance can be drawn from the existing case law on trading in shares and securities.

MINING Crypto-assets can be awarded to ‘miners’ for verifying additions to the blockchain digital ledger. Mining will typically involve using computers to solve difficult maths problems in order to generate new crypto-assets. Whether such activity amounts to a taxable trade (with the crypto-assets as trade receipts) depends on a range of factors such as: • degree of activity. • organization. • risk. • commerciality. If the mining activity does not amount to a trade, the pound sterling value (at the time of receipt) of any crypto-assets awarded for successful mining will be taxable as income (miscellaneous income) with any appropriate expenses reducing the amount chargeable. 24

If the individual keeps the awarded assets, they may have to pay Capital Gains Tax when they later dispose of them.

FEES FROM MINING Fees or rewards received in return for mining (for transaction confirmation) are also chargeable to income tax, either as trading or miscellaneous income depending on the: • degree of activity. • organization. • risk. • commerciality. If the individual receives crypto-assets as payment for the services provided then any increase in value from the time of acquisition will either give rise to a chargeable gain on disposal for Capital Gains Tax purposes or, in the case of a trade, get taken into account in computing any trading profits.

AIRDROPS An airdrop is where someone receives an allocation of tokens or other crypto-assets, for example as part of a marketing or advertising campaign in which people are selected to receive them. Other examples of airdrops may involve tokens being provided automatically due to other tokens being held or where an individual has registered to become eligible to take part in the airdrop. The airdropped tokens, typically, has its own infrastructure (which may include a smart contract, blockchain or other form of DLT) that operates independently of the infrastructure for an existing cryptoasset. Income tax will not always apply to airdropped cryptoassets received in a personal capacity. Income tax may not apply if they’re received: • without doing anything in return (for example, not related to any service or other conditions). • not as part of a trade or business involving crypto-assets or mining. Airdrops that are provided in return for, or in expectation of, a service are subject to income tax either as: • miscellaneous income. • receipts of an existing trade. NQ Magazine April 2019

CRYPTOCURRENCY

The disposal of a cryptoasset received through an airdrop may result in a chargeable gain for Capital Gains Tax, even if it’s not chargeable to income tax when it’s received. Where changes in value get brought into account as part of a computation of trade profits income tax will take priority over Capital Gains Tax.

INCOME TAX LOSSES An individual who is trading may be able to reduce their income tax liability by offsetting any losses from their trade against future profits or other income. If profits from activities are taxable as miscellaneous income, losses may be able to be carried forward to later years.

CAPITAL GAINS TAX HMRC would expect that buying and selling of cryptoassets by an individual will normally amount to investment activity (rather than a trade of dealing in crypto-assets). In such cases, if an individual invests in crypto-assets they will typically have to pay Capital Gains Tax on any gains they realise. Crypto-assets are digital and therefore intangible, but count as a ‘chargeable asset’ for Capital Gains Tax if they’re both: • capable of being owned. • have a value that can be realized.

WHAT CONSTITUTES A ‘DISPOSAL’ Individuals need to calculate their gain or loss when they dispose of their crypto-assets to find out whether they need to pay Capital Gains Tax. A ‘disposal’ is a broad concept and includes: • selling crypto-assets for money. • exchanging crypto-assets for a different type of cryptoasset. • using crypto-assets to pay for goods or services. • giving away crypto-assets to another person. If crypto-assets are given away to another person who is not a spouse or civil partner, the individual must work out the pound sterling value of what has been given away. For Capital Gains Tax purposes, the individual is treated as having received that amount of pound sterling even if they did not actually receive anything. If income tax has been charged on the value of the tokens received, section 37 Taxation of Capital Gains Act 1992 will apply. Any consideration will be reduced by the amount already subject to income tax. If an individual donates crypto-assets to charity, they will not have to pay Capital Gains Tax on them. This does not apply: • if they make a ‘tainted donation’. • where the individual disposes of the crypto-assets to the charity for more than the acquisition cost so that they realise a gain.

ALLOWABLE COSTS Certain costs can be allowed as a deduction when calculating if there’s a gain or loss, which include: • the consideration (in pound sterling) originally paid for the asset. • transaction fees paid before the transaction is added to a blockchain. • advertising for a purchaser or a vendor. NQ Magazine April 2019

• professional costs to draw up a contract for the acquisition or disposal of the crypto-assets. • costs of making a valuation or apportionment to be able to calculate gains or losses. The following do not constitute allowable costs for Capital Gains Tax purposes: • any costs deducted against profits for income tax. • costs for mining activities (for example equipment and electricity). Costs for mining activities do not count toward allowable costs because they’re not wholly and exclusively to acquire the crypto-assets, and so cannot satisfy the requirements of section 38(1)(a) Taxation of Capital Gains Act 1992 (but it is possible to deduct some of these costs against profits for income tax or on a disposal of the mining equipment itself). If the mining amounts to a trade for tax purposes the crypto-assets will initially form part of trading stock. If these crypto-assets are transferred out of trading stock, the business will be treated as if they bought them at the value used in trading accounts. Businesses should use this value as an allowable cost in calculations when they dispose of the crypto-assets.

RECORD KEEPING Cryptoasset exchanges may only keep records of transactions for a short period, or the exchange may no longer be in existence when an individual completes a tax return. The onus is therefore on the individual to keep separate records for each cryptoasset transaction, and these must include: • the type of cryptoasset. • date of the transaction. • if they were bought or sold. • number of units. • value of the transaction in pound sterling. • cumulative total of the investment units held. • bank statements and wallet addresses, if needed for an enquiry or review.

SELF ASSESSMENT TAX RETURNS Many crypto-assets (such as bitcoin) are traded on exchanges which do not use pound sterling, so the value of any gain or loss must be converted into pound sterling on the Self Assessment tax return. If the transaction does not have a pound sterling value (for example if bitcoin is exchanged for ripple) an appropriate exchange rate must be established in order to convert the transaction to pound sterling.

Other considerations Pensions: HMRC does not consider cryptoassets to be currency or money so they cannot be used to make a tax relievable contribution to a registered pension scheme. Inheritance Tax: Crypto-assets will be property for the purposes of Inheritance Tax. NQ

● This edited extract was taken from HMRC’s website 25

CUSTOMER RELATIONSHIP MANAGEMENT

All systems

go Phil Webb explains how you can effortlessly onboard new clients with speed and efficiency using AccountancyManager

G

rowing an accountancy practice is an exciting prospect. The fast-paced and ever-changing landscape keeps you on your toes and working your fingers to the bone. Growth requires more clients, and that moment they say “Yes!” is an exciting one, and one you’re most likely chasing. But then it happens… the admin. As an accountant you have a lot of boxes to tick, documents to collect, compliance and details to sort. However, those new clients don’t always prioritise getting them to you.

THERE’S A BETTER WAY… As an ex-accountant, James Byrne knew all about these onboarding tasks and he felt it was time to make the life of an accountant easier but, more importantly, more efficient and profitable. AccountancyManager is a CRM system built for accountants that (among a lot of other things) automates the onboarding process. 26

There’s a better and more efficient way to onboard your new clients.

Here’s the old way… • Take a call or enquiry and meet the client. • Take a pen and paper to record the client’s details and notes. • After the meeting you then re-type your notes onto a CRM or Excel spreadsheet. • Then you create an email (probably from scratch) to the client outlining the proposal and attach a letter of engagement and terms for them to print out and sign. • Once they sign, they need to scan and email back or post/bring into the office. • Request two forms of ID. If you’re unable to meet face to face, they will likely need to take a trip to a post office for a check to be carried out. • You receive this, scan it, and file it into a storage system. • If there are missing details from

the client, you’ll need to email or call them and then update the CRM or spreadsheet. • Get your client to complete a 64-8 and send back the hard copy so you can then send it on to HMRC. • Any further outstanding documents will need to be brought into your office manually.

And here’s the new way with AccountancyManager… 1 Meet the new client. 2 Add the details straight to AccountancyManager. 3 Select the services you’re providing them and automatically create a proposal email for the client there and then. 4 The proposal will contain a link to the secure client portal. 5 The client will click the link and then e-sign the letter of engagement and terms (which have been prepopulated depending on the services selected). 6 Use AccountancyManager’s Digital AML checking service to confirm the NQ Magazine April 2019

CUSTOMER RELATIONSHIP MANAGEMENT

client’s identity. 7 Submit a digital 64-8 through AccountancyManager’s direct integration with HMRC. 8 It even provides the client with a document-sharing facility for uploading sensitive information.

PORTAL GIVES TOTAL CONTROL Once your client is registered on the portal, they can update and add all the information you need based on an automated list created by the system. Then AccountancyManager will automatically notify you and update the CRM when anything happens and tracks what’s outstanding. This puts an end to the re-entry of data. Entering the client details manually can cause errors and double entry of data should be avoided at all costs. We’ve even integrated the system into Companies House, so you can simply type in their company name and it populates all the information for you! Of course, it’s not just the onboarding that’s a struggle. Getting NQ Magazine April 2019

engagement letters back signed and gaining permission to talk to the client’s incumbent accountant is also necessary, yet time-consuming. To get things rolling as effectively as possible we automated this, too. All you need is the email address of the previous accountant. The system will send clearance emails requesting all the relevant information you need.

MANAGEMENT OF WORKFLOW Once they’re on board, you may need to register your client for certain taxes. AccountancyManager will create a workflow for these initial tasks as well as the compliance tasks, distributing them across your staff users automatically. For example, once you’ve entered the period end dates or let AccountancyManager pull them automatically from Companies House (soon to include HMRC) you’ll have all the tasks you need to perform set up automatically, saving you and your practice time and ensuring nothing gets missed.

SUMMARY • Automated onboarding of new clients to gather the registration information and documents needed to bring them onboard. • Instant generation of tasks for all staff users to get your client set up. • Smooth and efficient chasing of clients and then notifications to your team. When you add up the admin time spent by your team on these tasks, it’s easy to see how automation has the potential to significantly lighten the load NQ and grow your profits.

● Phil Webb, Business

Development Manager, AccountancyManager. To find out more about our award-winning practice management software go to https://www. accountancymanager.co.uk/ 27

Your jobs board I need to find pqjobs.co.uk now!

PQ jobs pqjobs.co.uk