Good morning. Thank you, Dr. Alles, for that introduction, and to Rutgers Business School for inviting me to speak here today. The 43rd World Continuous Auditing & Reporting Symposium provides an impressive forum for academics, external and internal auditors, and thought leaders to come together to discuss the intersection of auditing and technology. I am honored to play a part in this year's event.
With the theme of "Disruptive Innovation in Accounting," over the next two days, you will cover blockchain and other emerging technologies — such as artificial intelligence, robotics, and the use of big data — and their potential to transform accounting and auditing.
I would like to contribute to your agenda today by providing an audit regulator's perspective on blockchain and other emerging technologies. Specifically, I'd like to talk about what auditors need to know; how we, as regulators, are assessing emerging technology; and how teachers can help to prepare the next generation of assurance professionals for the future.
Before I do, let me briefly tell you about the new board at the Public Company Accounting Oversight Board (PCAOB), where we are heading, and how emerging technology fits within our plans.
The PCAOB has a statutory mandate to oversee the audits of public companies and broker-dealers in order to protect investors and further the public interest in the preparation of informative, accurate, and independent audit reports. We accomplish our mission by registering public accounting firms, setting auditing standards, conducting inspections, and pursuing disciplinary actions.
This year marks the crystal anniversary for the PCAOB and, for the first time in our 15years, the PCAOB has an entirely new board leading it. Also for the first time, each of the five board members has a different skill set, perspective, and experience. We have a legislative and operational expert, a retired Big Four partner, a former financial statement preparer from a Fortune 100 company, a professor who specializes in corporate governance, and me. I bring my background as a securities attorney, a governance, risk management, and control adviser, and, most recently, a fintech and cybersecurity professional.
When hiring us, the Securities and Exchange Commission's directive was clear: Bring our diverse abilities and experiences to the job and work in a collegial and collaborative manner to assess the PCAOB's activities and operations. Then together determine the organization's strategic direction and chart our course for long-term future success in promoting audit quality and investor protection. And that's what we're doing.
Over the past six months, we, as a board, have been reevaluating, bottom to top, the PCAOB's programs and operations. We asked for input through a public survey, dozens of in-depth one-on-one interviews, and a poll of our entire staff. Around the country, my fellow board members and I met with investors, audit committee and board members, chief financial officers, and others who play roles in preparing financial statements. We engaged with academics and met with foreign regulators. We spoke with auditors from an array of firms.
We learned a great deal about what works well and what needs improvement at the PCAOB. The general consensus in the marketplace affirms that, since the establishment of the PCAOB, audit quality has substantially improved and restatements of financial statements are dramatically down. But we also know that more needs to be done to improve the current state of audit quality.
Building on what the PCAOB has done well, while identifying where we can do better, we have established five strategic goals. Two goals look inward: we are dedicated to becoming more efficient and effective with our resources, while empowering our people to be successful and take prudent risks to drive our mission forward.
The remaining three goals focus externally. The first of these goals is to drive audit quality forward through a combination of prevention, detection, deterrence, and enforcement. The second goal centers on enhancing transparency and accessibility through proactive stakeholder engagement. The final goal focuses on anticipating and responding to the changing environment, particularly preparing for emerging and potentially disruptive technologies in financial reporting and auditing.
Take blockchain technology, for example. Some experts expect worldwide spending on blockchain technology to be $1.5 billion this year, double the amount spent last year. Four years from now, in 2022, these experts forecast spending on blockchain technology to reach almost $12 billion.
The technology relies on a single shared, decentralized ledger that uses consensus algorithms to validate information added to the ledger, and stores data through cryptography. In addition to underlying Bitcoin and other virtual currencies, the technology's current uses include tracking supply-chain processes.
For instance, Walmart has piloted the technology to track sliced Mexican mangos from orchards to its stores. Over 30 days, tens of thousands of mangos were traced on their journey from 16 Mexican farms, two packing houses, three brokers, two import warehouses, and one processing facility before eventually arriving on the store shelf.
Using traditional manual, paper-based methods, it took almost a week to trace a specific mango back to the farm. With blockchain, that time was cut to 2.2 seconds!
The technology promises to not only simplify and automate complex supply-chain records. It offers the potential to investigate food-borne illnesses in seconds, while ensuring the quality and authenticity of produce. Next fall, Walmart plans to launch blockchain to track every bag of spinach and head of lettuce placed on its shelves.
Maersk, the world's largest container shipping company, is also testing blockchain to track globally its cargo and related documents in near real-time. And the London-based company Everledger uses blockchain to digitally track diamonds.
By design, the technology sequentially links information about discrete events (such as a diamond traveling from mine to retailer), forming a chain that creates a complete history or audit trail of information.
Beyond supply-chain management, blockchain technology more broadly offers a potential solution to the perennial reconciliation challenges facing companies. Why is this so significant?
A recent survey of financial leaders for North American public and private companies noted that more than half still rely on manual processes for account reconciliation. Such processes are labor intensive, inefficient, costly, and prone to errors. If deployed automatically, in near real-time, reconciling not only internal ledgers but also external ledgers, blockchain could be revolutionary. But while many organizations are testing pilots, real-world transformational applications at scale are limited.
In contrast, some other emerging technologies — like robotic process automation, big data analytics, and artificial intelligence — are being used today as part of the financial reporting process. For example, according to a recent study, more than a third of all finance tasks at large global companies are being performed today by algorithms and robots. That figure is expected to grow to 45 percent within three years. 
Companies' use of advanced analytics and artificial intelligence has also more than doubled over the past two years. About a third of surveyed companies reported using advanced analytics in 2016; today, that figure tops 70 percent. And more than 60 percent of these companies currently deploy artificial intelligence; two years ago that figure was only about 28 percent.
These and other innovative uses of technology offer the potential to fundamentally change not only the financial reporting process, but also the audit. Auditors are already using drones to conduct inventory observations. Natural language processing is being experimented with to scan contracts and other documents to more swiftly identify areas of potential risk. And machine learning offers the opportunity to develop analytic models — whose predictive capabilities improve with use — to assist with assessment of fraud risk.
While technology can lead to efficiencies, it also offers the promise of improving audit quality. Freed from manual time-consuming rote reviews, technology offers the promise of providing auditors with more time to exercise deep business and financial expertise and to hone their professional skepticism to identify indicia of errors or fraud and probe their potential root causes.
Technology also offers the opportunity to build accounting and auditing standards and regulatory requirements into solutions from the start rather than bolting them on after the fact. From my perspective as an audit regulator — and for you, as auditors and academics — this is why technology can be so powerful and transformational.
With all these exciting innovations, it is important to remind ourselves that the advent of emerging technologies does not change the fundamental financial reporting framework. If an emerging technology is being used to meet financial reporting or internal control requirements established by the federal securities laws, then auditors need to understand the design and implementation of that technology. And at the risk of stating the obvious: For audits of public companies and broker-dealers, PCAOB standards still apply.
In the case of blockchain, if an audit client uses it for business or operational activities, the auditor must understand the information systems, including the related business processes, relevant to financial reporting and how the use of blockchain affects the client's flow of transactions.
Blockchain does not magically make information contained within it inherently trustworthy. Events recorded in the chain are not necessarily accurate and complete. Recording a transaction on a blockchain does not alleviate the risk that the transaction is unauthorized, fraudulent, or illegal. Blockchain also does not address threats that parties to a transaction are related, or that side agreements exist that are not reflected in the chain. And nothing in the technology ensures proper classification of transactions in the financial statements.
Moving beyond blockchain to other emerging technologies, auditors must be clear-eyed about the new challenges that these technologies create. For example, many of these applications require systematic access to quality data. Clients may be reluctant to provide their auditors unfettered access to such data for control and security reasons. Here is where an auditor's strong cybersecurity posture may go a long way to lessen those concerns.
Another challenge: the risk that the technology does not operate as intended due to coding errors when developed, or intentional or unintentional changes made after the technology is deployed. Audit firms, therefore, should have robust controls in place around developing and testing tools before deployment, and strong change-management processes for tools that are in use.
In addition, in changing environments, computer code underlying complex technology can degrade over time, becoming less responsive. As a result, processes should be in place to continuously monitor and confirm that the output of an application remains consistent with expectations.
How can colleges and universities — the professors in this audience — help with some of these challenges? Auditors of the future will need a combination of experience and skills — yes, accounting and auditing, but also coding and data analytics. In addition, personal characteristics like curiosity, imagination, tenacity, intuition, and empathy will be even more important than in the past. These characteristics cannot be automated or replicated by technology.
Communication and creativity will be in high demand. Accounting and finance professionals will need a broader range of communication skills to work effectively with others across organizations because digital transformation efforts require multi-disciplinary teams that entail extensive cross-functional collaboration.
Academic institutions that educate and develop their students with these combined skills and attributes will make a difference.
How is the PCAOB staying abreast of developing trends around innovative technologies? My fellow board members and I — along with PCAOB staff — are meeting with audit firms to see their most innovative applications of technology. We are also meeting with and learning from other regulators, both domestic and international, and academic institutions such as this one.
Our inspections staff is working to understand the systems of quality controls that firms have in place to provide assurance that current technology tools — including those used to screen large data populations — meet audit objectives. Our inspectors are also assessing whether engagement teams are applying appropriate due care, including professional skepticism, when using the tools and assessing their outputs.
Our standards team is spearheading a research project to assess the use of new technologies on the audit and audit quality. As part of that effort, it is obtaining advice from a data and technology task force of private-sector experts.
All of this work is also helping the board assess whether our standards may be constraining the use of technology in audits and, if so, to determine the most appropriate policy response. For example, we have three standards projects that are close to completion — accounting for estimates, the use of specialists, and supervision of other auditors. In addition to making sure that the new board is comfortable with the work previously done, our staff has re-reviewed the proposed standards with an eye towards better ensuring that they will remain evergreen as technology and data analytics evolve.
Based on what we know today, the PCAOB's standards do not appear to be inappropriately impeding the use of innovative technology in the audit. Our current standards also appear flexible enough, for now, not to hamper audit technology as it evolves.
But what about the future? How will we, as audit regulators, view innovative, potentially disruptive technology?
To the extent possible, I believe that, as regulators, we should use overarching principles that create a framework within which we can think about potentially novel technology. While high level and iterative, the framework should provide initial guideposts for the potential applications of emerging technology. As those applications become more defined, we should further refine those broad principles, eventually turning guideposts into guide rails. Done this way, we also minimize surprises, lessening the uncertainty around our general approach.
Today, for example, I apply five broad principles when I think about emerging technology.
First, when used for matters within our preview, as regulators, we are not here to pick winners and losers in the race for innovation through the use of emerging technology. Let ideas compete.
Second, as regulators, we should not inappropriately impeded creativity. We should be open-minded and prepared in appropriate circumstances to use our regulatory tool kit — guidance, experimental sandboxes, and, possibly under the right circumstances, no-action relief — to remove inappropriate hurdles to new, creative uses of technology. But what are those appropriate circumstances?
That leads to my third principle: When an innovation offers the potential to reinforce or enhance a public policy object, we as regulators should be open to removing barriers as appropriate. If the proposed solution offers the potential to drive audit quality forward, you have my attention. If a proposed solution reinforces one or more of the three pillars of the federal securities laws — investor protection, market integrity, or effective capital formation — I want to know more.
My fourth principle follows from this: I am particularly impressed by emerging technology that builds regulatory requirements and cybersecurity into solutions from the start, rather than bolting them on after the fact.
A fifth principle: To be most effective, as technology around financial reporting and auditing continues to evolve, stakeholders — including investors, preparers, boards, audit committees, auditors, regulators, and academics — should actively participate in that development, sharing their unique perspectives. Why? That way we can better ensure innovation and growth that maximizes value for investors and the economy in a safe and sustained manner.
So back to where I started: Mexican mangos, diamonds, cargo shipping containers and beyond, blockchain and other emerging and disruptive technologies offer immense promise; not only to change financial reporting, but also auditing and assurance activities. These are exciting times indeed!
Thank you for the opportunity to share my thoughts.
 The views I express here are mine alone, and do not necessarily reflect the views of my board colleagues or our staff.
 Audit Analytics, 2017 Financial Statements Review (June 2018). https://www.auditanalytics.com/blog/2017-financial-restatements-review/.
 IDC, Worldwide Spending on Blockchain Forecast to Reach $11.7 Billion in 2022, According to New IDC Spending Guide (July 19, 2018). https://www.idc.com/getdoc.jsp?containerId=prUS44150518.
 Specifically, with each link, or block, the technology does three things: First, it stores digitized transactional or event information. For a diamond that would include the mine of extraction, along with dozens of unique attributes of the gemstone, such as its carat, cut, color, and clarity. Second, the technology creates a unique digital fingerprint (or hash) from the event information. Third, the block containing the first two types of information is connected to the most current previous block containing related information. So, as a diamond moves through each step in the manufacturing and distribution process, that progress is reflected sequentially as new blocks are added to the chain.
 Robert Half and Financial Executives Research Foundation, Benchmarking Accounting and Finance Functions (June 2018).
 Accenture Strategy, a unit of Accenture PLC, surveyed 700 finance leaders, with 60 percent of the leaders coming from companies with annual revenues between $1 billion and $5 billion. From Bottom Line to Front Line, Accenture (Sept. 2018). https://www.accenture.com/t20180910T083815Z__w__/us-en/_acnmedia/PDF-85/Accenture-CFO-Research-Global.pdf.
 See paragraphs .28 and .29 of AS 2110, Identifying and Assessing Risks of Material Misstatement.