President Trump has just requested the SEC to consider half-year filings,1 a movement that could revert a very slow series of increased disclosures promulgated since the Securities Act of 1933 and 1934. Such a change in regulation, within the scope of the SEC's power, is argued for in the spirit of decreasing regulation and overhead for U.S. firms. The request immediately created controversies, as timelier financial reporting and better transparency are argued for the health of capital market,2 particularly when technology is disrupting and changing the dynamics toward more frequent trading, information processing, and financial reporting. For instance, Zhang, Pei, and Vasarhelyi (2017) argue that:
The generation of information has developed to be in smaller and smaller time increments, and the effects of one event … can ripple outward from the epicenter in mere seconds, owing to the power of the internet and connected devices. It is estimated that more than 70 percent of U.S. equity volume is completed through high-frequency and algorithmic trading. Since high-frequency trading is rooted in algorithms and automation, most of the process is based on predictions. Machines scour the vast market of information to find the optimal strategy. Additionally, information being amassed in the hands of a select few who seem to have superior algorithms creates additional information asymmetry, until it is released (Bhattacharya, Chakrabarty, and Wang 2017; Brogaard, Hendershott, and Riordan 2014). All the other market players, including individual investors, cannot compete. Financial reporting, a primary measure to reduce information asymmetry, needs to adapt to these changes. Pei and Vasarhelyi (2017) argue for the development of real-time XBRL (RT-XBRL), which uses a pre-mandated taxonomy to collect direct, indirect, and exogenous information about an entity on a real-time basis and allow it to be delivered in many forms to different stakeholders.
This editorial examines technological disruption in the methods of business measurement and assurance and provides some discussion on this matter within the frame of technological evolution and the proper functioning of financial markets. Christensen (2013) dichotomizes technology adoption into sustaining and disruptive technologies. Sustaining technologies progress at discrete evolutionary steps, while disruptive ones bypass established businesses that get destroyed by this change. In recent years, Robotic process automation (Moffitt, Rozario, and Vasarhelyi 2018) and artificial intelligence (AI) (Kokina and Davenport 2017; Issa, Sun, and Vasarhelyi 2016) are transforming the audit and will eventually either change business measurement or result in the practice remaining anachronistic and therefore progressively less useful. If these changes are adopted in a disruptive mode, there is the potential for major changes for the players in these markets, as happened with telecommunications (Western Union, versus AT&T Inc., versus major VoIP players), information technology (International Business Machines Corporation [IBM], versus Microsoft Corporation, versus Google LLC), and photographic industries (Eastman Kodak Company, versus Polaroid, versus digital photography) (Christensen 2013). Several questions come to our attention to be addressed throughout this paper.
Will disruption happen in the business measurement world that includes methods of capturing sources of data, data processing, algorithms to measure effects, and methods of disclosure and dissemination of data?
Will disruption happen in the process assurance world including the processes to be assured, frequency of the assurance, methods of assurance reporting, and providers of these services?
To answer Question 1, we start with the changing relational database for storage, access, and computing in enterprise resources planning (ERP) systems and we introduce blockchain in the core to disrupt business process and financial reporting. The blockchain disruption is further discussed in two subsections: (1) continuous reporting/monitoring in the world of blockchain, and (2) advanced continuous audit. To answer Question 2, we present progressive information irrelevance in and its disruption to business, accounting, and assurance, followed by the overall disruption to the business value chain. We summarize our editorial in the conclusions. A large set of research needs have emerged that perhaps require disruptive change in academic research with changing topics and methodologies. Some of these changes are also discussed throughout this editorial.
The Changing Relational Database for Storage, Access, and Computing
ERP systems are changing, increasingly incorporating emerging technologies and becoming cloud based. This change has been of the sustaining type. Large ERP vendors are keeping their user interfaces and the basic structures of business processes. At the same time, they are changing the back-end processing and storage to the cloud. However, the players are changing with new, more mobile, and technologically savvy market entrants taking up large swaths of the market share traditionally controlled by the larger less agile firms that have dominated industries in the past.
It is important to note that this dynamic has been changing now for decades. Decision making is no longer solely affected by financial reporting. ERP systems have expanded the scope of available data while at the same time avoiding the problems that file systems once presented. Also, it must be noted that the adoption of ERP systems is a long and painful process, which often leads adopters to become comfortable with their applications and avoid migration to other platforms. Consequently, large firms that strategically buy and sell divisions typically end up with a number of different ERP systems cooperating and using middleware for interfaces. While this happens, the large vendors progress their platforms from company-located relational databases to their cloud versions. This type of migration is of the sustaining nature, although it is a major change in technology.
Exogenous data (Brown-Liburd and Vasarhelyi 2015) are on the path toward affecting the decision making of financial statement users. Exogenous data come from sources such as social media, locational data, electronic sales data, web path analytics, or weather data. They are progressively becoming more and more incorporated into the main company's information systems. This information can be transformed for operational purposes or for integration into a corporate relational database system. Legacy software from traditional vendors such as IBM, Microsoft, SAP SE, Oracle Corporation, etc. tends to conform to the sustaining paradigm. However successive versioning of software tends to render it clumsy and anachronistic. Version-to-version compatibility ends up creating very rigid structures. This brings the possibility of major disruption to core ERP systems by a new generation of directly cloud-based systems. These emerging systems are more nimble, more flexible, and better able to accommodate corporate changes. This also opens up the possibility of disruption in the data storage markets.
Relational databases emerged (Codd 1970) and were superior in many ways to file systems. In particular, there were dramatic benefits provided for analytical queries and the nonduplication of data. It was therefore just a question of time for computing power to develop and become strong enough to make such systems central to corporate systems. ERP systems are a set of applications using a relational database approach for multiple purposes (O'Leary 2000). Distributed relational database architecture (DRDA) enables network-connected relational databases to cooperate and fulfill structured query language (SQL) requests. This further enhances and expands the capacity of ERP systems. With the advent of enormous cloud storage applications, operating systems became necessary to manage their distribution. As a collection of open-source software utilities, Apache Hadoop (Woodie 2014; Hemsoth 2014; IBM 2014) is a software framework for storing data and running applications on clusters of commodity hardware. It provides massive storage for any kind of data, enormous processing power, and the ability to handle virtually limitless concurrent tasks or jobs. It facilitates computers “as a utility” with costing models that are incremental, as opposed to large entry costs (Du and Cong 2010).
Blockchain in the Core to Disrupt Business Process and Financial Reporting
In the meantime, a very different philosophy of data storage and data sharing has emerged. In addition to the evolution or potential disruption of corporate owned systems, a new model of “shared trustless databases” has been developed and is known as a blockchain (Nakamoto 2008; Dai and Vasarhelyi 2017). A blockchain is a different paradigm where entities keep data in external stores and share these with partners in the value chain (Dai and Vasarhelyi 2017). A large number of industries are experimenting with different forms and approaches to the usage of blockchains.3 Eventually, a set of acceptable models and paradigms of usage will emerge.
Blockchain can be a truly disruptive force within the enterprise system markets, as the domineering forces (IBM, Oracle, and SAP)4 are forced to stay with their successive legacy solutions and remain vertically compatible. The blockchain, deemed very secure in its chain core, poses myriad questions for its usage in accounting and auditing. The basic paradigm change is the idea of shared data among organizations instead of organizations keeping data within four walls. Every accounting transaction is typically recorded in two or more organizations and updated independently. Already IBM is preparing for these changes (Hyperledger). These changes will come faster to emerging markets or startup companies. The established companies could be forced to move toward these changes. For example, while the credit card market was immature in China, its current consumer transactions are dominated by a disruptive technology that uses a form of mobile payment provided by Wechat. This technology for payment and banking is threatening even banks in China.
What will happen if businesses keep transactions outside their walls and update them in the public domain, or if systems are shared on a cloud architecture that has multi-organizational ledgers?
Figure 1 displays such a vision of blockchain based measurement and assurance in which there is no need of independent confirmation, intermediation in queries, and potentially shared manufacturing. With the evolution of online technologies and ubiquitous networks, customers already have the ability to directly query inventory and automatically place orders. For example, vendor-managed inventory5 allows for a better response to customer preferences at retail stores. Some applications would clearly benefit from a secure stream of data that in some forms may even be public. For example, property records, vehicle registrations, security trades, and government procurement are already public information. These examples, however, do not yet benefit from the use of public ledger systems. It is important that researchers create the framework necessary for deciding the determinants for public storage and multiple replications of common chains.
Continuous Reporting and Monitoring in the World of Blockchain
Technology now permits companies to book transactions and almost immediately post them into public or private ledgers for the use of stakeholders. Certain business cycles such as cash, receivables, payables, and just-in-time manufacturing inventory are already kept up to date in ERPs. Every transaction has its own indigenous risks, as well as controls that exist for the management of those risks. Blockchain technology allows for the public display of transactions or public recording of encrypted transactions. It also benefits from multi-party validation, which is lacking in ERPs. Because of these advances, companies could provide real-time balance sheets,6 income statements, labor reports, inventory records, oil reserves, patent applications, capital investments, and a wide range of internal information. This system would have relevance to some business partners, clients, auditors, and regulators in the value chain. However, few companies up to now have fully adopted these technologies. As a result, this is so far from our current reality that it is very difficult to understand all of the related benefits, needs, and implications. This however would be disruptive change allowing for model variance reports that could feed trading algorithms relinking corporate reporting to market values and potentially improving economic market allocation efficiency.
What kind of business reports should exist in a close to real-time reporting environment replacing or supplementing traditional financial statements? How could they deal with competitive impairment?
Advanced Continuous Audit
Even without emerging blockchain technology, continuous assurance and continuous monitoring (CA/CM) have been used in large businesses. For example, AT&T's CPAS (continuous process audit system) (Vasarhelyi and Halper 1991) extracted data from existing systems in an overlay extraction mode, where data did not come directly from databases, but from timely reports that were content scraped using text mining. The AT&T billing system collected data in 142 switches across the country, loaded them into magnetic tapes, and sent them to four large data centers around the nation. These centers processed the data and prepared a large set of reports that required pre-processing for integration into national reports, or were regional in nature around the data centers. The rhythm of monitoring a system's different elements of the process was related to the “pulse” of the application. However, the generic architecture of the system consisted (see Figure 2) of a methodology of continuous monitoring (within the framework of the pulse of the system) and two analytic layers on top of it that performed independent operations monitoring (Prometheus system) (Vasarhelyi, Halper, and Ezawa 1995) and assurance functions (CPAS system) (Vasarhelyi and Halper 1991). The features of this architecture are represented in Figure 2.
Currently, the design of a continuous assurance system could be greatly improved as cloud storage, blockchain, smart contracts, ubiquitous network and communication, and interface standards become available. The most desirable feature would be the real-time detection of faults7 and their automatic correction (Kogan, Alles, Vasarhelyi, and Wu 2014), or at least the blocking of such faults prior to their traveling downstream. Although the objective is clear, its implementation is fraught with questions relative to the cost × benefit of such an activity, the pulse of the application, and the processes of error correction. The blockchain offers a unique opportunity for continuous assurance as the moment of the block closing (and hashing) allows for validated data capture and their public (or private) disclosure. Overall the challenges and opportunities lie in the potential for placing transactions on a blockchain and allowing parties, such as clients, tax authorities, and other downstream and upstream participants, to see either whole transactions or part of a transaction's record.
Advanced continuous auditing (Bumgarner and Vasarhelyi 2015; Dai and Vasarhelyi 2016) provides assurance at the data level for both ERP systems and exogenous data. Emerging technologies make these daunting challenges possible, if not now, in the near future. Figure 2 shows a common data infrastructure for monitoring and assurance tasks. However, it does not put into context the evolving all-digital world where all data flows have to be progressively integrated into the digital world's info-ecosystem.
Therefore, in the digital world info-ecosystem, data flow from exogenous or operational sources into their application in organizational systems through homogenizing data standards,8 and onward to downstream systems for different purposes. All data must flow automatically, must be used for measurement, must be assured for integrity, must be used for operations, must be interrupted for discrepancies, and must be alarmed for unusual events. This data ecosystem will eventually be free from manual intervention and will be subject to progressive application enhancements.
This will initially be human generated but progressively will be actioned by embedded intelligence. Daugherty and Wilson (2018) propose a continuum of work from human only to machine only, adapted with a view of “auditor in the loop” (Zhang 2018) shown in Figure 3.
The same type of schemata is applicable to the measurement and assurance functions and the processes related to business measurement and assurance.
Advanced continuous audit (ACA) has been made more possible by emerging technologies in recent years. However, implementation is slow and mainly around the area of internal audit. Despite this, it is likely that, over time, continuous auditing will advance toward integration with artificial intelligence, blockchain, and smart contracts eventually formalizing a coherent ecosystem. Among the interesting features of ACA we may find:
Continuous audit alerts (Vasarhelyi and Halper 1991) handled by intelligent exception analysis and automatic error correction (Kogan et al. 2014), whereby an exception is detected, analyzed, and either blocked or corrected by semi-intelligent devices.
Blockchains used as an auditor chain to document audits, share audit data, or usage of the natural block closing to extract data and perform continuous audit functions (Dai and Vasarhelyi 2017).
Activation of robotic process automation-derived audit rules as smart contracts built in blockchains for a block-by-block continuous RPA audit (Moffitt et al. 2018).
An advanced continuous audit would be a disruptive technology because the current providers of external audits have not even embraced continuous audit (AICPA 2015). However, many internal audit departments are progressing toward that direction, with the Big 4 firms providing them consulting services.
Continuous monitoring and continuous audit create a layer of action and control in corporate systems. How does their management relate to the current schemata of three lines of defense9 and the breakdown by standards of the audit process?
Progressive Information Irrelevance
The information age is creating an era of large data, millions of applications, large sets of piggybacking technologies, and new types of products as well as data sources distributed inside, outside, and throughout partners of information creators. The consequence is that traditional financial reports are becoming progressively less and less relevant. This is leading to the consequent decrease in value of their assurance. On the other hand, the distance between the manager and his/her data is becoming larger and larger, with multiple layers and sources of information, overlaid applications, and conflicted reports leading to a highly increased need for understanding and verification.
The mode of doing business is rapidly changing and many of the traditional paradigms are either evolving or becoming irrelevant. Physical goods are becoming complemented with (e.g., taxis with substantive electronic routing, method of paying, and control created Uber Technologies, Inc.), or sometimes replaced by, virtual goods. The advent of a large number of “bytable goods” (Vasarhelyi and Greenstein 2003), which can also be called virtual goods, such as software, news media, education, virtual services, and click-based payment, created a much more fluid environment with electronic speeds of execution. At the consumer level, customers do not buy paper pads, they jot down notes on smart phones or tablets to create electronic records; they do not buy CDs, they download music; they do not buy software, but instead they use it over the internet. At an enterprise level, businesses no longer invest in computer hardware and software, they use web services and pay incrementally for the use of outside software (McAfee and Brynjolfsson 2017). With some of these developments come new business processes, or the difficulty of accepting new practices. Some key factors become prominent:
New business processes, in particular those related to virtual goods, are emerging.
Business risks have changed in both their nature and severity.
New industries have emerged and with them business processes.
Management compensation as well as enterprise ownership structures are changing.
Cybersecurity has become a big risk.
Cyber-currencies have emerged with supranational characteristics.
Business information is not mainly financial, it encapsulates all cycles, and stakeholders need to have access to some of this validated information.
There is substantive concern involving regulation, as virtual goods do not mesh well with traditional regulation. For example, regulation created for traditional taxis does not work well for Uber, regulation created for hotels does not work well for Airbnb, Inc., or regulation created for physical businesses, such as financial reports, does not work well for the 21st century business.
Consequently, President Trump's statements that quarterly reports are “overregulation” follow in the footsteps of traditional regulation ideology. Instead, new digital-era regulation philosophies should be enacted. These should require a new form of continuous reporting, monitoring, and assurance. Furthermore, one must not confuse the needs of business measurement, and its consequent assurance, with regulation. The imposition of quarterly financial reports is regulation, but the need for real-time measurement, assurance, and reporting is essential to a modern society. Traditional regulation, as in the above example, hampers the development of new stakeholder reporting models.
Accounting and Exogenous Data for Investment Decisions
Consequently, the question arises as to what information is relevant and how relevant today's reporting actually is. This question is pertinent to both internal business measurement (managerial accounting) and business reporting (financial accounting). Lev and Gu (2016) have shown that the relationship between accounting reports and market valuation has dramatically been reduced. Furthermore, the inclusion of nonfinancial information has improved this relationship (Lev 2018, 2014).
Business information is not only financial, it encapsulates all cycles, and there are methods (technology) that provide substantive improvements to the methods of production, accountability, and wealth sharing.
Inventory flow (physical or virtual) can now be measured in real time, yet accounting standards still use LIFO and FIFO.
Cash levels can be measured with continuous exactitude, but reports are quarterly.
Receivables and payables can be timed, linked to originators, assessed probabilistically in terms of validity, projected accurately for future collections and revenues, managed in different currencies, revalued with market fluctuations, etc.
Infrastructure can be peer valued, compared, tagged, just used, located in many countries, distributed around a multi-country value chain, and produce only virtual goods. OLAP (online analytical processing) methods with current revaluation can enrich this analysis, in particular if more detailed data are provided.
Important issues for traditional reporting such as comparability and articulation can now be better addressed by new analytic methods.
A wide spectrum of exogenous data from social media to government open data has become available to users (Dai and Li 2016; Brown-Liburd and Vasarhelyi 2015) through a click on a computer or a swipe on a smart phone. The convenient availability of exogenous data will forever change the landscape of investor decision making. Even if periodic, financial reporting, press releases, and conference calls still matter to investors, they are progressively wading deeper and deeper into a pool of exogenous data, which may matter more for decision making.
The desire to “drill down” has shifted attention toward disaggregated data. While public companies will still provide aggregated numbers to meet financial reporting mandates, the door is wide open for many other businesses to offer disaggregated data, or for them to be offered in an on-demand context. For example, private investors, business partners, and lenders will demand disaggregated data to help them better understand a business and to make more informed decisions. Advisory boards of financial standard setters typically wish to receive raw data, not data manipulated by companies within the limits of their flexible accounting standards. The same technologies such as blockchain, smart contracts, intelligent agents, and cognitive decision-operation aids that change business processes and accounting will drill down into the system to provide, examine, and extrapolate from disaggregated data. The provisioning of disaggregated data, maybe in a blockchain, would be disruptive in nature as it would in one sense violate standards and facilitate business reporting analytics that are unknown today. Once it is possible to drill down, the integration of smart contracts (Rozario and Thomas 2018) would also be very disruptive, changing substantively the demand for clerical and managerial labor intervention.
When both exogenous data and disaggregated data become so important for decision making, the issue of data quality must be addressed. Fortunately, continuous monitoring, auditing, and assurance over measurement systems and data have been in accounting research literature for decades. They continue to evolve, embrace emerging technologies, and address new challenges.
The first question is what is the value to investors and other stakeholders of assurance to information of limited relevance? For example, the value of owner's equity on financial statements is not informative enough. There seems to be limited value besides the direct value of verification that the (very pliable) standards were fairly applied to determine values. Assurance of measurements that are “adjustable” does not contribute too much, nor does it deal with the frequent information bursts that often determine/affect value. Also provided by traditional audits is a validation of the existence of the business and its reasonable functioning. Prior to the Securities Act of 1933 and 1934, there were listings and stock trades for firms that practically (or actually) did not exist. Real-time reporting and its continuous audit would certainly better attest to the existence and functioning of a business. Regardless of CA/CM, other issues can be raised:
Accounting standards allow for too much leeway.
Many methods of inventory valuation are allowed.
Property, plant, and equipment may have different life estimates, or thresholds of capitalization may be changed.
Estimates can be very flexible—fair valuation turned into an exercise of manipulation as standards give too much leeway—estimate assumptions can be self-serving.
Auditing standards are bound to tradition.
They have not adapted to the tradeoffs of effort (much reduced due to technology) and the benefits that they provide.
Judgmental sampling means little in a world of very large populations.
Materiality deals with these tradeoffs but does not apply very well to other dimensions of measurement (e.g., cyber-security, critical control weaknesses, qualitative factors).
Point-in-time measurement has not yet evolved into timely reporting and, consequently, is irrelevant for preventing errors from traveling downstream.
Exogenous variables have not been incorporated into the established methodology in practice.
Predictive or prescriptive analytics (Appelbaum, Kogan, and Vasarhelyi 2017) that are facilitated by modern Big Data and analytics have not been substantively adopted, therefore the “ex post facto enforcement attitude” still prevails.
Disruption to the Value Chain
A key disruptor of modern systems is the multiple information components that directly affect the modules of a value chain. A negative social media stream may be issued after a payment has been received, but also may be generated prior to it, or during the value contestation stage. The real-time economy (The Economist 2002) brings about different information needs and the questioning of traditional information metrics present in traditional accounting reports. The modern data analyst or business manager should be very interested in both the speed of processes as well as their value.
Figure 4 displays elements of the revenue cycle and the new progressive economy elements that are disrupting existing processes and changing the nature of business. “Social Media” utterances appear under each bubble as a ubiquitous affecter both of opinions as well as direct operations. The adjustment stream is much more immediate and can affect contiguous and noncontiguous modules simultaneously.
Large global corporations that used to dominate industries have lost their hegemony. We have seen that a string of big names such as Eastman Kodak, Western Union, IBM, and AT&T have either faded into history or gradually given up market share to newcomers like Amazon.com, Inc., Google, or Facebook (Christensen 2013). The progressive migration of large CPA firms toward advisory services may be a signal of their hedging against the impact of disruptive changes. If businesses, large or small, fail to adapt to new technologies and developments, history will repeat itself. With the introduction of automation, processes have completely changed. However, regulation and obsolete skill sets hold back the implementation of these changes and create serious market inefficiencies as well as an interrupted value chain. Data interface standards (i.e., XBRL and ADS) are being developed that progressively improve the flow of data in the value chain. In the longer term, the ecosystem of data flow will be continuous and without manual intervention. Much of the decision making will be robotic, predictive, and striving for dynamic optimization.
In addition, inapplicable rules and standards slow down this process and create data arbitrage opportunities born of either natural or fraudulent causes. Market forces, the same that changed the scenario of world economic dominance, will force these changes. At this stage, the potential for improvement and advancement is being restrained by a 15th century-based measurement model (Pacioli 1514) and a century-old set of assurance methodologies.
The New York Times, August 17, 2018 “Trump asks SEC to mull half-year corporate filings.”
Large vendors are very aware of disruption. IBM has Hyperledger (https://www.ibm.com/blockchain/hyperledger) as a consortium offering with open source, which is unlikely to blend easily with its main product offerings.
These should be 21st century reports on assets and income, not the current anachronistic format.
Exogenous variables offer a new way to improve fault detection.
The AICPA issued Audit Data Standards for five different audit cycles (https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/auditdatastandards.html) that allow for common audit applications to data represented within the standard.
See, https://assets.kpmg.com/content/dam/kpmg/ca/pdf/2017/01/three-lines-of-defense-kpmg.pdf, and https://global.theiia.org/standards-guidance/recommended-guidance/Pages/The-Three-Lines-of-Defense-in-Effective-Risk-Management-and-Control.aspx?gclid=CjwKCAjw85zdBRB6EiwAov3RisO4YvVXtyDonnDA6kCH9mSH2knoI3iIwfe49EjA2hjrCGKkI2sCGxoChwIQAvD_BwE
The authors appreciate the help and suggestions of Jamie Freiman, Chaniuan Zhang, and Arion Cheong.