Two examples: artificial intelligence and blockchain
To illustrate what we mean, let’s look at two potentially game-changing technologies and their implications in terms of risks and controls.
First up, artificial intelligence. AI is set to revolutionise our systems, but what about accounting and controls? Procurement is a data-heavy, highly procedural process with a major bottom-line impact. The classic control is the three-way match to make sure you don’t pay incorrect or fraudulent bills. In practice, this control is known to create process delays, is subject to bypassing, and as a result requires a lot of effort across all lines of defence to get it right. Now imagine that AI handles the process from requisition to payment: figuring out the optimal vendor, volume and timing; monitoring timely delivery; chatting with vendors’ AI to negotiate discounts and clarify differences on good receipts, invoicing and payment differences; predicting and preventing processing errors based on known error patterns; and even intercepting any potential bypasses. Suddenly you’ve transformed a time-consuming impediment into a value-adding control that actually drives business, and which is fully embedded in your operational processes. How will this affect the second and third lines of defence? Are they still needed in this process?
Our second example is blockchain. In an era where everything is moving towards increasing collaboration with third parties, blockchain’s decentralised ledger set-up is a potential game-changer. Why not imitate what the auto industry has already done via electronic data interfaces (EDIs) by creating an integrated end-to-end process that can be managed, tracked and coordinated – even with third parties involved. Blockchain takes this even further: all the parties involved would be on (copies of) the same ledger, which is secure and trustworthy because it can’t be manipulated. The food industry is already using blockchain to track the supply chain, and the technology has also been adopted by watchmakers. This will be a huge disruptive factor in terms of the way companies work together.
But just think of the ramifications in terms of controls and the lines of defence. Because it leaves a clear trail that can’t be manipulated, blockchain will cover many of the bookkeeping activities, including controls, previously taken care of by the first line of defence. It’s trust by design, with little or no room for operational errors. Will the second and third lines of defence still need to check the operating effectiveness, or can they be freed up to concentrate on other risks and more value-adding tasks?
The possibilities are exciting. However, they also come with many challenges. Companies have to ask two questions in particular: Can we trust the data and predictions these new technologies are delivering? And are our defences organised in a way that enables us to harness the advantages of emerging tech while addressing the new risks – known and unknown – that they give rise to?