Open banking refers to a process of allowing third-party service providers access to a customer’s banking data including transaction and payment history.
This flow of information between the bank and third-party service providers is enabled through Application Programming Interfaces (APIs – if you want to find out more then join our upcoming API 101 webinar). Applications that allow consumers to analyse their spending in a consolidated view, or keep track of their credit score, all use open banking.
It’s not only retail banking that can benefit from open banking. There has been a growing conversation around the use of open banking in audit. The International Auditing and Assurance Standards Board (IAASB), in their 2020 Technology Disruption in Audit paper, described API access to third-party data sources, including banking information, as “low-hanging fruit” that would significantly impact audit in the short term.
Accordingly, representatives from several audit firms recently attended a roundtable to discuss the use of open banking in audit and explore the opportunities and challenges this presents. Representatives from ICAEW and FRC were also present.
Auditing with open banking
A key area of focus is the transformation of the bank confirmation process. In contrast to traditional written confirmations which can often take weeks to obtain, open banking gives auditors an opportunity to directly obtain confirmation of period-end balances from the bank once the client has provided consent. This process is almost instant and bank balances can be confirmed in real-time, which means that cash balances can be monitored continuously throughout the audit cycle from planning to evaluating going concern.
Applications that use open banking to facilitate confirmations can also provide continuous transactional information and banking history. Thus, general ledger and sub-ledger data, including sales and purchases evidence obtained from the client, can be matched directly to banking data when performing substantive testing.
Historical and real-time data can also be used to enhance the use of data analytics. With access to transactional detail from the bank, there’s scope to connect analysis performed on revenue, debtors and cash ledgers directly to the external points of data collected from open banking.
While there is some scepticism around the reliability of the data collected from open banking, it was raised during the roundtable that auditors currently rely on bank statements provided by the client which isn’t exactly risk-free either. Rather than eliminating all risks, the adoption of open banking will likely change the profile of audit risks which still need to be considered.
The problem of standardisation
A significant barrier limiting the use of open banking data in audit is standardisation. While there are some challenges on the banks’ side – particularly around the data fields provided as part of the core open banking specifications, and the available date ranges of the information (banks need only replicate what is offered through their front-end online banking systems) – the bigger challenge is on the clients’ systems. The quality and format of the data obtained from clients can differ significantly depending on the accounting or ERP (Enterprise Resource Planning) systems used, and the clients’ processes (e.g. around batching of transactions). Some added that this issue isn’t only encountered at the client level, entities of the same group can often lack standardisation at the general ledger level.
If data obtained from the client isn’t standardised, more time and expertise will be required to ensure data can be used to perform analytics and substantive procedures which could outweigh the benefits. Indeed, similar issues were highlighted with HMRC’s Making Tax Digital, as businesses without MTD-compatible software reported experiencing fewer benefits from the adoption.
While innovators such as Engine B are stepping up to address this issue by developing a standard data model for audit regardless of the source system, some suggested that further work involving ERP and accounting software vendors to establish a standard in data extraction may be the next step forward – an approach which is already used by tax authorities in other countries.
What’s clear is that it will be necessary to gain a deeper understanding of the client’s systems, and the management of their payments and banking to determine how open banking technology can be utilised effectively. This is in line with audit standards which are changing to acknowledge the use of new software and technology in audit. ISQM 1 considers technology a fundamental resource in the quality system and outlines the key matters of consideration when evaluating the use of tools and technologies.
Bridging the skills gap
A practical challenge highlighted by multiple audit firms is the impact new technologies like open banking have on the skillset of the future auditor. The roadmap of skillsets for chartered accountants is already changing. Data analytics and knowledge of technologies disrupting accounting and practice are now embedded within the ACA. Interest in data analytics and the use of technology is also growing among members and students, indicating that a focus on digital and data analytics skills could help attract and retain new audit staff.
Some argued that while digital and data analysis skills are important, it’s still crucial that auditors retain the knowledge of how to perform standard audit procedures, including bank confirmation testing, even if they end up using software and applications in the future. Certainly, the growing overlap between technology and audit practice suggests that a balance between the core audit and data analysis and digital skills will be necessary going forwards.
Moreover, it will be important for accountants in business and industry to be upskilled. During the roundtable it was discussed that this knowledge and education on new technologies will be important in the early transitionary years as there’s a risk that clients could refuse access to data. Transparency will be important here and auditors will need to take clients on a journey by initiating conversations regarding the changes in audit - open banking being just one of the drivers.
Open banking technology will no doubt transform the audit. However, firms first need to acknowledge that the skillset of the future auditor needs to adapt. Along with the ACA, ICAEW offers programmes, such as the Data Analytics Certificate programme, to encourage these skills.
Moving towards an industry standard on data extraction from accounting systems is also likely to be a critical step in the adoption of open banking technology, though we must avoid creating yet another standard which lacks the necessary sector-wide support.
Lastly, it’s important to clarify what open banking technology does and how it can be used, to aid wider public understanding. Audit quality is an area of focus and to guide the conversation on the future of audit, continued discussion on technological concepts, including open banking, among regulators and audit firms is something we hopefully all encourage.