Smart Contracts and Risk

One of the outcomes of blockchain technology has been the development of smart contracts. At first blush, it sounds like a great idea - contracts that execute themselves without needing help from humans. The opportunities for automation and cost savings lurch into view.

The leader in this field has been Ethereum, which uses blockchain and its own bitcoin type currency to process transactions without the need for a trusted third party. Others are emerging.

There are definitely situations where smart contracts can be very useful, but as with any IT application, there are risks involved. One of the oldest rules around computer processing is that of GIGO (Garbage in, Garbage out). This applies in spades for smart contracts, since they at some point require inout from other systems, and the contracts will often execute wrong data as well as any other. This could goon for some time before being discovered.

Another basic issue is the computer code being used to write and execute the contracts and the transactions. Code can always be unreliable and or wrong. Possession of the encryption keys is always an issue as well.

So smart contracts might be useful, but it is really important to be cautious before implementing them. For a good summary, check out the ISACA Tech Brief "Understanding Smart Contracts" at https://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/understanding-smart-contracts.aspx

Gartner's Top Ten Technology Trends

Gartner has released a report on the top ten technology trends for 2020. The 10 strategic technology trends highlight trends that enterprises need to consider as part of their five-year strategic technology planning process. Strategic technology trends have the potential to both create opportunity and drive significant disruption.

The list incorporates items that would be expected, such as AI and Internet of Things, but takes them a step further to focus on the aspects of those obvious trends that will be most important.

In the case of AI, the focus is on AI related security, which is and will be a major issue along with ethics. For Blockchain the focus in making it more usable. With the cloud it’s on distributed cloud.  

The report includes the following recommendations for companies:

■          Center their innovation efforts on people and use tools such as personas, journey maps, technology radars, and roadmaps to evaluate opportunities, challenges and time frames for adoption.

■          Build an overarching view across functional and process silos and exploit a complementary set of tools including RPA, iBPMS, DTO, application development, and AI domains that guide how the tools are used and the systems they create are integrated.

■          Embrace multiexperience and implement development platforms and design principles to support conversational, immersive and increasingly ambient experiences.

■          Establish governance principles, policies, best practices and technology architectures to increase transparency and trust regarding data and the use of AI.

The report is available at this link. https://www.gartner.com/en/doc/432920-top-10-strategic-technology-trends-for-2020

Incorporating Data and Analytics into Corporate Strategy

Recent Gartner research provides some great guidance into the management of data and analytics for companies. It urges companies to go beyond simply declaring that data is an important asset and begin treating it like one. It points out that not only must data be specifically incorporated as an asset but the related competency of data analytics must also be recognized and developed within the enterprise.

In one of their reports on this topic, they make the following recommendations:

• “Express to executive leadership your intent to manage information as an actual asset, which requires you to measure it as if it is one.
• Enlist the support of your CFO to develop or adapt established information valuation models, first expressing an understanding that they are not balance sheet assets but that you intend to measure them as if they are.
• Audit, valuate and communicate the improved (or degraded) potential and actual value of key information assets. And do this periodically. Since information valuation standards do not yet exist, emphasize the change over time rather than the discrete metrics.
• Apply information valuations to influence culture, priorities, resources and investments in information-related initiatives — and not just those for information management, but also information deployment (such as analytics). And, of course, use these valuations to demonstrate your own performance and success.
• Experiment with an enterprise strategy for sharing your estimated financial valuations of your information portfolio with investors, partners and potential licensees.”

To obtain and read the report, “Predicts 2019: Data and Analytics Strategy”
published 26 November 2018, follow this link.

Data Lakes May Help With Big Data

Big data is a generally poorly defined term, despite it being one of the most common terms used these days. There is a general recognition that data is expanding rapidly in volume, and is being used for various purposes more often, thanks to the many tools available for using it.

Indeed, it’s become something of a mantra that data is a major asset of many a business.

This is even more compelling given the growth taking place in the Internet of Things, where virtually every physical asset/item/thing opened by a business is potentially connected to the internet and a source of reams of new data. The potential value of this data is not lost on management and stakeholders of companies.

And so this gives rise to several questions – Does the data need to be standardized? How does it get stored? By what tools is it best used?

Data lakes constitute one of the current favoured approaches to these questions.

Traditionally, data is stored in data warehouses, which require some standardization and structure. They are therefore limited in their capacity and therefore lacking in usefulness for big data, which comes in all kinds of forms (structured, semi structured, unstructured, etc.) from many sources (just about anything imaginable).

Data lakes accommodate just about any form of data and are tied into analytical tools, such as Hadoop, that can handle such data.

Like big data, data lakes are poorly defined but they fit well with big data. Data, big data, data lakes, Hadoop type tools, all form a critical new field for modern management. One that cannot be ignored.

ThinkTWENTY20 Newsletter, September – October, 2019

The Fall issue was released in September. Here are some of the highlights:
• Making Auditing Standards Fit-for-Purpose in a High-Tech World
By Gregory Shields, CPA
Auditing standards urgently need to change, both to reflect the significant use of technology in business and to promote the use of automated audit procedures, including data analytics.
• Enhancing Relevance: Shaping the Future of Corporate Reporting
By Alan Willis, FCPA, FCA
Financial statements alone cannot provide the information necessary for stakeholder assessment of enterprise performance.

• Data Privacy and Confidentiality An Ethical Primer for Professional Accountants in Business and Private Practice
By Eric E. Cohen, CPA
What impact might emerging accounting and audit technologies have on a practitioner’s ethical responsibilities for data confidentiality and privacy?

• How to Succeed in Business in a Disruptive World
By Gundi Jeffrey, Managing Editor, ThinkTWENTY20
There are ten major political, social, environmental and technological transformations that will have profound implications for Canada’s business community and those who serve it.

• Advanced Technologies in Financial Accounting
By Gerald Trites, FCA, FCPA, CISA
The Internet of Things is pervading the supply chains of business and creates a high volume of data

• Book Review of Meltdown - Why Our Systems Fail and What We Can Do About It, by Chris Clearfield and Andras Tilcsik (Penguin Books, 2019).
By Jonathan Andrews, CPA
Meltdown is both entertaining and instructive, particularly for those with an interest in risk and risk mitigation. 

NEWS ITEMS
The following news Items have been posted for the period August 15 – September 15
on www.ThinkTWENTY20.com – Your source for thoughtful news and blog items.
• Sept 27, 2019 - IASB Amends IFRS Standards in Response to the IBOR Reform
• Sept 27, 2019 - Tentative FASB Decisions
• Sept 19, 2019 - SEC Charges Silicon Valley-based Issuer With Misleading Disclosure Violations
• Sept 17, 2019 - FASB Proposes Guidance to Assist in Transition Away From Interbank Offered Rates to New Reference Rates
• Sept 17, 2019 - FASB Issues Revised Pproposal to Improve Balance Sheet Debt Classification
• Sept 12, 2019 - Statement on Status of the Consolidated Audit Trail
• Aug 29, 2019 - SEC Charges Brixmor Property Group Inc and Former Senior Executives With Accounting Fraud
• Aug 24, 2019 - Tentative FASB Decisions July 31, 2019
• Aug 24, 2019 - PCAOB Staff Provides Guidance for New Requirements on Auditing Estimates Auditor's Use of the Work of Specialists
• Aug 16, 2019 - SEC Proposes to Modernize Disclosures of Business Legal Proceedings and Risk Factors Under Regulation S-K

ERIC COHEN’S BLOG

Clarifying Auditor Coverage and Connecting for Context: Data Level Assurance
When XBRL was in its infancy, much of my attention was spent trying to improve the intersection between the auditor’s report and management’s financial statement.

Oh. the Places We’ll Go!
Dr. Seuss’s last book, on life’s journey and challenges, inspires the headline of this blog entry. As I last wrote on looking back on the twenty years since the FASB and IASC efforts to document the current state of Internet-based reporting and perhaps guess where the Internet might take corporate reporting, I also had time to think back on twenty years of XBRL.The Forum

THE FORUM

Look to Corporations for Action on Climate Change
A recent CEO Study on Sustainability, “The Decade to Deliver: A Call to Business Action”, conducted by the United Nations Global Compact and Accenture Strategy, involved obtaining the views of more than 1,000 top executives across 21 industries and 99 countries. The study shows some major change in the way corporate executives think about climate change and sustainability.- 27 September 2019

Disaster Recovery in the Age of Cloud and Edge Computing
Most companies are now running apps in the cloud and many are engaging in technology uses like Internet of Things (IoT), which calls for the installation of many computing services on the edge of the organization. The spreading out of computing services means that the IT department has less control and sometimes no control over the widespread resources in the organization. - 18 September 2019

Coming soon – Our Winter Issue

Disaster Recovery in the Age of Cloud and Edge Computing

Most companies are now running apps in the cloud and many are engaging in technology uses like Internet of Things (IoT), which calls for the installation of many computing services on the edge of the organization. The spreading out of computing services means that the IT department has less control and sometimes no control over the widespread resources in the organization.

Traditionally, IT has had responsibility for disaster recovery and it used to conduct tests and organize the responses in the event of a shutdown or protracted outage of IT services. They still generally have that responsibility, but now, with cloud and edge computing, their task is a lot more difficult. With other people in the organization responsible for those spread-out resources, it can be a lot like herding cats.

IT's role becomes one of coordination and oversight. System and Disaster planning documentation must be standardized and distribute in ways that will survive outages. Testing must be carried out on a coordinated basis, perhaps rotated around the organization and certainly reviewed and supervised by IT.

IoT often means that devices are being brought into the system on the edge regularly. The data from such systems, can enter into the main system databanks quickly and used for analysis. Therefore it must be accurate and secure. Routines for adding in new data sources must be part of the oversight done by IT and easily adapted to the parts of the organization adopting IoT Systems. 

Living on the edge is risky and calls for extended controls to manage that risk.

How IoT, Big Data, AI and Blockchain all Tie in Together

IoT, or the Internet of Things, is one of the most rapidly growing elements of internet usage. As everyone knows by now, IoT involves "smart" devices, like home appliances, heating systems, alarm systems. cars, indeed almost any device imaginable. The devices are connected to the internet and generate loads of data.

But it goes beyond mere collection of data - big data. "Intelligent devices will continuously acquire, configure, restock, refresh, optimize, repair, and otherwise manage every material and virtual facet of our lives." So your refrigerator orders milk and butter when they run out. Or calls the repairman if your security system encounters a bug. This is increasingly accomplished through the use of Artificial Intelligence.

"Essentially, the IoT is becoming the world’s most pervasive transactional platform."

In order to be relied upon for business transactions, the IOT needs an infrastructure that can be trusted. That's where blockchain comes in. By ensuring that all data is cryptographically verified and tamper proofed in a distributed hyperledger that is shared by all commerce participants."

Most of our day-to-day activities will be automated in this fashion. That applies to business as well as homes.

And the big data can be analyzed using advanced analytics augmented by AI for financial management and reporting purposes. But that's another story.

For more on this, check out this link.

New Blog/Forum

The Zorba Research Blog is being published by the ThinkTWENTY Forum to be found at

http://www.thinktwenty20.com/index.php/blog-issues-forum

Comments on the forum entries are encouraged.

Ten Questions Directors Should Ask About Cybersecurity Culture

A Board of Directors has a responsibility for overall cultural direction in an organization. To exercise this responsibility the organization must first have a cybersecurity culture that will minimize the risks. Cybersecurity culture is “the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding cybersecurity and how they manifest themselves in people’s behavior with information technologies.” (European Union Agency for Network and Information Security (ENISA), Cyber Security Culture in Organizations, Greece, 2017)

The directors need to ask the following questions:

1.     What are the business functions in the enterprise with the highest exposure to technology breaches?

2.     Is there a cybersecurity policy in place?

3.     Has the policy been infused into the cybersecurity culture of the organization?

4.     Has the policy been reflected in the operational processes of the organization, particularly in those areas of greatest risk

5.     Have people with the appropriate skills been empowered to implement those policies and procedures?

6.     What steps are being taken to reinforce the cybersecurity culture?

7.     Are appropriate educational and training programs in place?

8.     Is there a process in place for regular and periodic review of the health of the cybersecurity culture?

9.     Have the main policies and procedures supporting the cybersecurity culture been documented to provide a cohesive understanding of that culture?

10.  Are there steps in place for regular reporting and discussion with the Board of Directors involving the most responsible personnel?