The International Auditing and Assurance Standards Board (IAASB) is pleased to welcome two new members to the IAASB following their appointments by the Public Interest Oversight Board (PIOB) in November 2022.
Neil Morris (based in the UK) is the global head of assurance and ESG methodology at KPMG with more than two decades of experience in South Africa and the UK. A Chartered Accountant, his work experience includes risk management, climate change and sustainability, financial audit, and assurance.
“I’m looking forward to the challenge that this role will bring and working with my fellow members to deliver on the IAASB’s objectives, especially on the sustainability assurance standard,” Mr. Morris noted on joining the IAASB.
Greg Schollum (based in New Zealand) is the Deputy Controller and Auditor-General of New Zealand, a position he has held since 2015 after first joining the Office of the Auditor-General in 2004. His career includes serving as a member of the International Public Sector Accounting Standards Board, the New Zealand Accounting Standards Board, and the Financial Reporting Standards Board of the New Zealand Institute of Chartered Accountants (now Chartered Accountants Australia & New Zealand).
“I’m looking forward to getting back involved in international standard setting and I hope that I can make a positive contribution in the public interest to the important work of the IAASB,” Mr. Schollum said following his appointment.
In addition to welcoming Mr. Morris and Mr. Schollum, the IAASB also welcomes the appointment of Josephine Jackson as Vice-Chair. Ms. Jackson is Director of International Audit and Assurance Standards Policy at the UK Financial Reporting Council and leads the FRC’s ESG Group. She is entering her second term as member of the IAASB and previously served as a board member Technical Advisor.
“I am delighted to welcome our new IAASB members and congratulate Josephine on behalf of the IAASB,” said IAASB Chair Tom Seidenstein. “Greg and Neil bring new experience and perspectives to the IAASB, and we look forward to including their thinking in deliberations at our next IAASB meeting in March. I also look forward to partnering with Josephine to help guide the IAASB through its important work in the public interest.”
The IAASB is also pleased to share that three members were re-appointed by the PIOB for terms that began on January 1, 2023:
Sue Almond, a consultant with Grant Thornton International based in the UK with experience in global audit and assurance policies;
Julie Corden, a partner with Deloitte Canada who is responsible for leading audit methodology, policies and guidance, including the firm's ISQM 1 implementation; and
Josephine Jackson, the newly appointed Vice-Chair.
The PIOB’s Invitation for Application for IAASB members for terms of service beginning in January 2024 is currently open. The IAASB encourages qualified candidates to apply.
About the IAASB The International Auditing and Assurance Standards Board develops auditing and assurance standards and guidance for use by all professional accountants under a shared standard-setting process involving the Public Interest Oversight Board, which oversees the activities of the IAASB, and the IAASB Consultative Advisory Group, which provides public interest input into the development of the standards and guidance. The structures and processes that support the operations of the IAASB are facilitated by the International Federation of Accountants (IFAC). For copyright, trademark, and permissions information, please go to permissions or contact permissions@ifac.org.
New Members Began their Terms of Service January 1, 2023
International Standard on Auditing (ISA) 315 (Revised 2019), Identifying and Assessing the Risks of Material Misstatement, replacing ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment. The handbook also incorporates in other relevant standards conforming and consequential amendments from ISA 315 (Revised 2019). ISA 315 (Revised 2019) is effective for audits of financial statements for periods beginning on or after December 15, 2021.
The following standards, which are not yet effective for this version of the handbook, have been included in the back of Volumes 1, 2 and 3, as appropriate:
International Standard on Quality Management (ISQM) 1, Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements
ISQM 2, Engagement Quality Reviews
ISA 220 (Revised), Quality Management for an Audit of Financial Statements
Conforming and Consequential Amendments to Other ISAs Arising from the Quality Management Projects
ISA 600 (Revised), Special Considerations—Audits of Group Financial Statements (Including the Work of Component Auditors)
Conforming and Consequential Amendments to Other International Standards Arising from ISA 600 (Revised)
Conforming and Consequential Amendments to the IAASB’s Other Standards as a Result of the New and Revised Quality Management Standards
The handbooks can be downloaded from the IAASB website, where users can also order print copies of the three-volume handbook. It will also be available in the e-International Standards (eIS) online platform in 2023.
The International Auditing and Assurance Standards Board (IAASB) has published a new fact sheet on the interactions between International Standard on Audit (ISA) 220 (Revised), which addresses quality management at the engagement level, and ISA 600 on group audits. The fact sheet highlights aspects of a group audit that may be affected by ISA 220 (Revised) and International Standard on Quality Management 1 addressing quality management at the firm level. This includes the revised definition of engagement team and leadership and direction, supervision, and review responsibilities.
The factsheet will be particularly useful for group audits in which component auditors are involved.
The Invitations for Applications are open to all individuals and interested organizations, including those representing investors and the corporate governance community, regulatory bodies, national standard setters, audit practitioners, professional accountancy organizations and public sector organizations, and those in academia. Individuals may also make nominations on their own behalf.
These vacancies are exciting opportunities for experienced individuals from diverse backgrounds to contribute to the evolving multi-stakeholder and multi-cultural composition of each board. Importantly, there is a tremendous opportunity to contribute to safeguarding the proper functioning of financial markets and economies worldwide. Successful candidates take part in the IAASB´s efforts to gain further global acceptance of its standards to have high-quality audit and assurance as a foundational element of trustworthy financial and sustainability information.
About the IAASB The International Auditing and Assurance Standards Board develops auditing and assurance standards and guidance for use by all professional accountants under a shared standard-setting process involving the Public Interest Oversight Board, which oversees the activities of the IAASB, and the IAASB Consultative Advisory Group, which provides public interest input into the development of the standards and guidance. The structures and processes that support the operations of the IAASB are facilitated by the International Federation of Accountants (IFAC). For copyright, trademark, and permissions information, please go to permissions or contact permissions@ifac.org.
The International Auditing and Assurance Standards Board (IAASB) has published new guidance to help users understand the impact on the International Standards on Auditing (ISAs) due to narrow-scope amendments made to International Accounting Standard (IAS) 1, Presentation of Financial Statements by the International Accounting Standards Board (IASB).
While the IAASB remains framework neutral when developing the ISAs, it considers financial reporting framework developments that may affect the ISAs, such as changes to the International Financial Reporting Standards (IFRS). Amendments to IAS 1 and the Impact on the ISAs: Disclosure of Material Accounting Policy Information, among other matters, provides users with guidance on how to address the effect of the amendments on a number of illustrative auditor reports throughout the ISAs that assume, as part of the fact pattern, that the financial statements are prepared by the management of the entity in accordance with IFRSs.
The new guidance does not amend or override the ISAs, the texts of which alone are authoritative. Reading the new guidance is not a substitute for reading the ISAs.
Amendments to IAS 1 and the Impact on the ISAs: Disclosure of Material Accounting Policy Information has been developed by the International Auditing and Assurance Standards Board’s (IAASB’s) International Accounting Standards Board (IASB) Liaison Working Group to address the impact on the International Standards on Auditing (ISAs) of certain narrow-scope amendments made by the IASB to International Accounting Standard (IAS) 1, Presentation of Financial Statements (the “amendments”).
Today, the International Auditing and Assurance Standards Board (IAASB) opened the public consultation for proposed changes to one of its fundamental standards, International Standard on Auditing (ISA) 500, Audit Evidence. The current ISA 500 addresses an auditor’s responsibility to design and perform audit procedures to obtain sufficient appropriate evidence to draw reasonable conclusions on which to base the auditor’s opinion.
The proposed changes:
Clarify ISA 500’s purpose and scope and explain its relationship with other standards;
Provide a principles-based approach to considering and making judgments about information intended to be used as audit evidence and evaluating whether sufficient appropriate audit evidence has been obtained;
Modernize ISA 500 to be adaptable to the current business and audit environment, while considering scalability for different circumstances, including the entity and the auditor’s use of technology, such as automated tools and techniques; and
Emphasize the role of professional skepticism when making judgments about information intended to be used as audit evidence and evaluating the audit evidence obtained.
Proposed International Standard on Auditing 500 (Revised), Audit Evidence, provides a “reference framework” for auditors when making judgments about audit evidence throughout the audit.
“The audit and the environment in which an auditor conducts the audit and assess audit evidence has evolved significantly in recent years,” commented IAASB Chair Tom Seidenstein. “For example, the changing nature and sources of information used by the auditor and the increasing role played by technology demanded a re-examination of the audit standard. These proposed changes will ensure that the standard keeps pace, while retaining a principles-based approach to standard setting.”
The IAASB invites all stakeholders to comment on the Exposure Draft via the IAASB website. Comments are requested by April 24, 2023.
About the IAASB The International Auditing and Assurance Standards Board develops auditing and assurance standards and guidance for use by all professional accountants under a shared standard-setting process involving the Public Interest Oversight Board, which oversees the activities of the IAASB, and the IAASB Consultative Advisory Group, which provides public interest input into the development of the standards and guidance. The structures and processes that support the operations of the IAASB are facilitated by the International Federation of Accountants (IFAC). For copyright, trademark, and permissions information, please go to permissions or contact permissions@ifac.org.
Proposed Changes Reflect the Standard’s Nature, Role within the Suite of IAASB Standards
Welcome to the fifth Market Scan from the IAASB's Disruptive Technology team. Building on our previous work, we issue a Market Scan approximately every two to three months. Market Scans cover exciting trends, including new developments, corporate and start-up innovation, noteworthy investments and what it all might mean for the IAASB. Special thanks to Maddie Zietsman for helping to author this edition.
In this Market Scan, we explore Homomorphic Encryptionfor Analyzing Encrypted Data, a technology which has applications within Protecting Information. This technology has the potential to impact how data is used in the audit—creating opportunities for greater collaboration and access to specialist skills.
We cover:
What is Homomorphic Encryption and why is it important?
The latest developments
What this might mean for the IAASB
What is Homomorphic Encryption? Why is it important?
Homomorphic Encryption (HE) is a set of algorithms that allows computations to be done on encrypted data without the need for decryption. Homomorphic encryption lets data be protected while “in use”, so analysis can be run directly on encrypted information without disclosing it and providing complete confidentiality during analysis.
Source: What is Homomorphic Encryption?, OpenMined
There are two main types of homomorphic encryption, Partial Homomorphic Encryption, which supports only a single operation over encrypted data, and Fully Homomorphic Encryption, which supports multiple operations. Federated Learning (FL) is another privacy-enhancing technology that distributes machine learning across devices or servers, thereby reducing latency and security risk whilst protecting privacy.
Fully Homomorphic Encryption: Why it Matters, IBM News, three-minute watch
Homomorphic encryption has many potential benefits for a wide range of industries from healthcare to financial services. From an audit and assurance perspective, there are several areas where homomorphic encryption can be leveraged.
Using aggregated data tosecurely achieve common goals –Audit firms or other organizations that may perceive privacy or confidentiality risks when working together could collaborate using encrypted data to achieve a common goal such as developing fraud pattern detection applications. Using homomorphic encryption, encrypted data sets from multiple sources could be linked together, used to train an AI application, and develop a technology product for all parties to use.
Enabling use of third parties without compromising data privacy – Homomorphic encryption may enable audit practitioners to leverage third parties with greater analytics capabilities or expertise to perform analysis on encrypted data to support audit procedures—an approach that would be difficult if not impossible without the encryption technology.
Enhancing effectiveness of cross-border audits – Homomorphic encryption could be used to enable data analysis across borders while respecting data residency and privacy laws. This would be particularly beneficial to group audits with components in jurisdictions with strict data residency restrictions.
Greater capability to perform benchmarking – Homomorphic encryption could be used to provide benchmarks across industries, including competitive companies, without exposing market sensitive data. Benchmarking data may be used when performing an audit, for example when performing analytical procedures.
Mitigating bias whilst stress testing models – Using homomorphic encryption, machine learning models and algorithms could be stress tested using encrypted data sets, so the data could not be fitted to the model ahead of time.
All these areas focus on homomorphic encryption’s ability to increase the data analysis that can be done while still ensuring data security and privacy. As the technology gains wider traction, it offers audit and assurance practitioners opportunities to increase their analytical capabilities and leverage the specialized skills of other entities or parties, without compromising data privacy.
Recent Noteworthy Developments in Homomorphic Encryption
This section is designed to provide examples of recent developments that may signal future disruption in this area. It is not a complete list of all activities in Homomorphic Encryption. For a reminder of Key Venture Capital and Investment terms please refer to the first Market Scan.
1. Big player activity
Homomorphic Encryption is gaining traction and growing fast. Top companies, such as Intel, Microsoft and Google, are leveraging the power of this technology and working to develop its use in various sectors of the economy.
Study shows growing interest in homomorphic encryption technologies
A December 2021 study by Deloitte noted 19 different “publicly announced pilots, products, and proofs of concept for homomorphic encryption”. Companies that are leading these pilots include large companies like Apple, Google, Microsoft, Nvidia, IBM, and more. Finance, health, and social care currently dominate the pilot projects, but the expectation is that more industries will reap the benefits from the technology as it continues to gain leverage. These pilots also present opportunities for the audit and assurance industry to capitalize on the power of homomorphic encryption and how the using data encryption may contribute to or enhance the performance of quality audit or assurance engagements.
Intel and Microsoft announce collaboration on security technology
Intel and Microsoft have partnered together as part of a DARPA program to focus on reducing the overhead that is associated with using homomorphic encryption. To reap the benefits of this technology, it is important that it is both accessible and affordable. Both Intel and Microsoft’s investment in time and research in homomorphic encryption reveals the importance that both companies see in the technology’s ability to change the working world. As these large companies continue their research and testing, it may not be long before homomorphic encryption is accessible to companies of all sizes.
2. Start-up activity
As homomorphic encryption becomes more prominent, there have been a few key start-ups that have spearheaded its development, including those highlighted below.
Duality advances Homomorphic Encryption Landscape
Duality, a leader in enabling privacy-enhanced collaboration on sensitive data launched their open-source fully homomorphic encryption (FHE) library, OpenFHE, in July 2022. This was a collaborative project with other leaders in cryptography including Intel, Samsung, University of California-San Diego and MIT. OpenFHE is considered a next generation open-source FHE software library providing even greater security, robust privacy protection and wider useability.
Enveil announces new encrypted training solution
Enveil, a start-up company founded in 2016, has been a key leader in developing homomorphic encryption and federated learning technologies. In June 2022, Enveil announced a new solution called ZeroReveal ML Encrypted Training (ZMET), which enables encrypted federated learning and usage of decentralized datasets for machine learning applications.
New start-up sees web3 opportunity using homomorphic encryption
Brand new start-up, Sunscreen, just raised $4.65 million in seed funding to develop advanced privacy technology for the next generation of the world wide web, web3. Currently zero-knowledge proofs (ZKPs), which allow for a transaction to be verified on a blockchain without the underlying data being shared, are seen as the main solution for improving privacy in web3 but require significant processing power. However, co-founder and CEO of Sunscreen, Ravital Solomon, thinks “fully homomorphic encryption is even more promising in its potential to bolster privacy in web3.”
What this might mean for the IAASB
The IAASB is interested in maintaining its collective knowledgebase on digital technologies (including on specific sub-topics such as homomorphic encryption), promoting digital readiness and enablement through its engagement with stakeholders, and encouraging action by others to supplement and support the IAASB’s standard-setting activities. The IAASB is also keen to explore how technologies could be used to enhance interaction with auditing standards. Subject to IAASB’s work plan decisions, possible use cases of digital technologies for audited entities and audit engagements might provide input to further modernize IAASB’s standards to be adaptable to and reflect the current business and audit environment (while recognizing that the standards would address digital technologies in a principles-based manner).
Access to appropriate and reliable data is fundamental to being able to use automated tools and techniques in the audit. Considerations around data protection and privacy are key to this approach and homomorphic encryption presents a potential solution to current data access restrictions.
Homomorphic Encryption also offers opportunities for those in audit and assurance to develop advanced analytics, machine learning and AI technologies through enabling more options for data management.
However, using this technology may present unique practical challenges with applying certain principles set out in existing standards that address aspects of, for example, quality management, audit evidence, service organizations and using the work of others which may indicate the need for additional guidance. Given the nascent nature of this technology it is too early to fully comprehend the practical implications related to its use, but the IAASB will continue to monitor developments in this area.
Scientists at the University of Texas have developed an ink containing polymers that can store data and have used it to write a letter containing a hidden message. “The idea of writing a message but the real, hidden message is contained in the molecular structure of the ink is fascinating, although maybe not the most practical method,” says Alan Woodward at the University of Surrey, UK.
What do you think about this bulletin?
Please take the time to fill out our quick survey to let us know your thoughts about this bulletin, how it can be improved and what you would like to hear about going forward.
