Blockchains and Collaborative Auditing

Courtesy of Sean Cao, Lin William Cong, and Baozhong Yang

Blockchain has taken the central stage of technology innovation in business, and could significantly disrupt traditional corporate governance, industrial organization, payments, and entrepreneurial finance. Given the labor-intensive nature of auditing and the need to improve audit efficiency and quality, there is increased media and industry attention on the role of blockchain in the world of auditing. For example, large accounting firms have investigated the use of blockchains and a “triple-entry accounting” system; the industry has also organized various symposiums and published research reports. Although all Big 4 audit firms are devoting large resources to blockchain development by establishing research labs or providing blockchain services, it is still unclear how exactly blockchain may affect the auditing industry, how it would influence auditors’ and their clients’ behavior, and what the regulator’s role would be with the emerging technology.

Our recent working paper, “Auditing and Blockchains: Pricing, Misstatements, and Regulation,” takes an initial step towards understanding these issues. In the paper, we analyze auditor competition, audit quality, client misstatements, and regulatory policy all in a unified framework. We demonstrate how collaborative auditing using a federated blockchain can improve auditing efficiency for not only within-auditor transactions recorded on private networks, but also cross-auditor transactions through zero-knowledge protocols that preserve data privacy. Consequently, the technology disrupts conventional audit pricing. Instead of pricing based on client size, auditors charge competitive fees dependent on clients’ counter-parties’ auditor association and corresponding transaction volume. For example, client firms with more transactions with off-chain firms, such as private or foreign firms, will face higher audit fees. Blockchain adoption also reduces clients’ incentives to misreport and auditors’ sampling costs. Importantly, auditors’ technology adoption exhibits strategic complementarity, hence a regulator can help select an equilibrium with lower endogenous misstatements, audit sampling, and regulatory costs.

Institutional Background

Auditing has unique needs for blockchain technology distinct from many other industries, such as digital payments or trade finance. While public blockchains such as Bitcoin and Ethereum can provide enhanced transparency by making all transactions openly accessible, they are not suitable in settings where client information must remain private. Consequently, many auditors develop permissioned private blockchains as an upgrade to their data systems. What is left out of the discussion is the possibility to connect isolated audit processes across audit firms while preserving data privacy. Examining records from both parties in a transaction is an efficient way of validating a record in the auditing process, because any inconsistency in transaction information between the two parties immediately suggests unintentional errors or intentional misstatement. Such cross-party verification is costly in the traditional system where an auditor has to contact the transaction counter-party directly to request records and manually confirm with clients’ transaction parties.

Figure 1 demonstrates how a federated blockchain with a zero-knowledge proof protocol can facilitate collaborative auditing and cross-party verification. In a federated blockchain, each auditor operates a private blockchain for its clients or has access to the blockchain ecosystem of its clients. Transactions among clients of the same auditor are verified by the auditing teams working with the clients and are recorded on the private blockchain. Records on the private blockchains are synchronized on all the nodes to ensure immutability. On the private blockchains, only permissioned nodes can manage records and the nodes usually adopt a majority consensus that is efficient and scalable, avoiding the costly mining process associated with public blockchains with proof-of-work protocols. Transactions between parties associated with different auditors, or cross-auditor transactions, utilize a crypographic verification method, i.e., zero-knowledge proof, that allows confirmation on the federated blockchain without revealing proprietary information.

Figure 1. Structure of a Federated Blockchain

We illustrate the details of the transaction verification process on the federated blockchain in Figure 2. A zero-knowledge proof/protocol is a cryptographic algorithm by which one party (prover) can prove to another party that she knows a value x, without conveying any information apart from the fact that she knows the value x. In particular, the prover does not need to reveal the value x. Such zero-knowledge proof protocols have been well-developed and have led to recent applications for facilitating bank communications (e.g., innovations by ING) and in public blockchains such as Zcash and Ethereum. Some zero-knowledge protocols, such as the zero-knowledge range proofs by ING, can help to verify whether a number is within a given range without revealing the number, see, e.g., Allison (2018).

As shown in Figure 2, for a transaction between two client firms audited by different audit firms, the verification occurs on the federated blockchain. The first auditor sends a request to the blockchain that can only be confirmed by the second auditor, who works with the counterparty of the transaction. Both the request and confirmation are encrypted without revealing client-specific information and following a zero-knowledge proof protocol, no other auditors can retrieve transaction information from them. This verification process can be automated to make cross-party information verification more efficient because an auditor does not have to manually contact the transaction counter-party directly to request records and verify the information.

Figure 2. Transaction Verification via Zero-Knowledge Proof

In the above, we have shown how a federated blockchain framework can facilitate both within- and cross-auditor transactions. An additional case involves off-chain transactions, in which a client’s transaction counterparty is not on the blockchain, for example, when it is a private or foreign firm that is unaudited. Even with blockchains, auditors still need to conduct conventional auditing procedures for the sample of off-chain transactions. However, this sample can be significantly smaller than the entire sample that requires manual labor without blockchain.

Model of Auditing and Blockchains

We take the above blockchain functionalities as given and examine how auditors and clients respond. Specifically, our model features two auditing firms and two representative clients. Without blockchains, auditing firms compete for clients along the dimension of fees and auditing services they perform. Once a client is matched with an auditor, the client endogenously chooses the level of misstatement to tradeoff the private misreporting benefit and the cost of being detected by regulators or the market, whereas the auditor determines the auditing quality (represented by auditing sample size) to minimize auditing costs and the expected penalty when its clients’ misreporting is detected. In equilibrium, auditors offer competitive fees, and larger firms with larger transaction volume face greater misstatement risk and higher auditing fees.

When an auditor adopts a blockchain system, auditing costs of transactions among clients are significantly reduced, but auditing transactions across auditors remain costly if other auditors do not adopt a blockchain system or the blockchain systems are independent. That said, with a federated blockchain, two auditors who have their clients’ transaction information and are both using blockchains can audit transactions with little cost, thanks to the zero-knowledge proof algorithm. This also implies that a federated blockchain can disrupt auditing pricing. Instead of being largely based on clients’ total transaction size, audit price also crucially depends on the nature of transaction counterparties, as the number of transactions the clients have with firms who are not in a federated blockchain, such as foreign/private firms, can also impact the cost. On the client side, when both auditors adopt blockchain technology, clients more truthfully report transactions, leading to a lower auditor risk and a lower fraction of costly audit sampling. Although our model focuses on reducing intentional misstatements, it is straightforward to see that collaborative auditing can also significantly reduce the costs of detecting unintentional errors, either made by clients or auditors. We leave this outside the model for parsimony.

Regulators, such as the PCAOB, have access to all transactions among clients of auditing firms. Therefore, it naturally should also have access to auditing blockchains if implemented. We show that the adoption of blockchains can help lower both auditing and regulatory costs and increase auditing quality.

The auditors’ technology adoption decision exhibits strategic complementarity because the cost of auditing cross-auditor transactions goes down when both auditors adopt. When clients strongly value the benefit of misreporting, even after taking detection into consideration, they would prefer to work with auditors not using blockchain, notwithstanding that the auditor using blockchain can offer a lower auditing fee. Consequently, when other auditors are not adopting, an auditor would not find it profitable to adopt because it would not only fail to attract more clients, but also could result in losing clients that the auditor would get with traditional auditing. That said, if other auditors adopt, an auditor would also find it attractive to adopt after gaining new clients because the reduction in auditing costs outweighs the adoption cost.

To illustrate the evolution of equilibria, we plot in Figure 3 the scenarios with respect to two key parameters of the model: the blockchain adoption cost c and the clients’ misstatement incentive γ. Several patterns emerge from the plot. First, for fixed γ, full adoption and no adoption equilibria correspond to regions with low and high values of c, respectively. This is intuitive since auditors are more likely to adopt the technology with lower cost. Second, there is a region in which the two equilibria co-exist, due to strategic complementarity between the auditors. Third, when the misstatement incentive of clients is very high, only the no-adoption equilibrium remains. The intuition is that blockchain auditing makes it harder for clients to misstate and thus is not preferred by those with stronger misreporting incentives. Catering to clients’ preferences, auditors opt not to adopt the technology. Interestingly, when γ is very low, we also see the region with full adoption equilibrium shrinks. This is due to that clients with very low γ misreports less, reducing the benefits of adopting blockchains netting costs.

Figure 3. The Evolution of Equilibrium Adoption of Blockchains

Given that there could be both a full-adoption equilibrium and a no-adoption equilibrium, regulators have a potential role in coordinating an industry-wide adoption when the technology matures sufficiently, which could reduce equilibrium misstatements and expenses associated with auditing and regulation. This role is especially salient when auditing firms and clients are dispersed or lack coordination power. While the concept of coordination is well-studied, it is important and novel to highlight its manifestation and implications in auditors’ adoption of blockchain technology.

Conclusion

In summary, our study documents how blockchain could disrupt the auditing industry. First, audit pricing becomes independent of clients’ total transaction size but depends on the nature and volume of transaction counterparties. Second, such technology adoption improves the efficiency of audit sampling by allowing auditors to focus on transactions that cannot be automatically verified. Third, adopting this technology discourages clients’ misstatements. Fourth, regulators benefit from reduced monitoring costs since they can focus on smaller samples for inspections, and auditors or hackers find it more difficult to tamper with transaction records. Finally, given the costs of adoption and strategic behaviors of market participants, our theory suggests that auditors and clients are less likely to adopt such technology individually, even when it is socially beneficial to do so. However, regulators can coordinate technology adoption in order to reduce equilibrium misstatements and costs associated with auditing and its regulation.

To the best of our knowledge, we are the first to study the implementation of blockchain and zero-knowledge proof algorithms in auditing and accounting and their implications on auditor pricing, auditor sampling, client misstating incentive, and regulation. We differ from earlier blockchain studies in our focus on permissioned blockchains. We also lay out a framework for future studies, especially empirical tests of our model predictions, when the technology sees wider adoption and data become available.

As a first study on blockchain implications for financial reporting and auditing, we have abstracted away from several realistic features. For example, the federated blockchain in our model can automate audit processes of mainly transaction-based accounts in income statements. We also omit the oft-discussed disruption in the auditor labor market and other costs of the technology due to imperfect design. Enriching our framework and empirically testing our model predictions once data are available constitutes interesting future research. For example, in practice, many auditing jobs still remain for off-chain transactions and high discretionary accounts. Thus, the impact of these features may be more nuanced (the auditing labor market may lose demand for less skillful auditors but expand demand for more skillful auditors) and warrant separate studies.

 (Cao is an Assistant Professor of Accounting at the J. Mack Robinson College of Business at Georgia State University (Email: scao@gsu.edu). Cong is an Assistant Professor of Finance at the Booth School of Business at the University of Chicago (Email: will.cong@chicagobooth.edu). Yang is an Associate Professor of Finance at the J. Mack Robinson College of Business at Georgia State University (Email: bzyang@gsu.edu).)

 

Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *