WEBVTT 00:00:05.580 --> 00:00:08.880 ESG and GenAI are everywhere, and the firm 00:00:08.880 --> 00:00:11.370 has been adapting quickly to seize opportunities. 00:00:11.940 --> 00:00:15.000 Let’s check in with Paloma, the audit partner for SEC audit 00:00:15.000 --> 00:00:17.990 client, Estatewood and Kai, a Tech Assurance managing 00:00:17.990 --> 00:00:21.120 director, as they talk through two opportunities for Estatewood. 00:00:21.120 --> 00:00:24.870 PALOMA: The planning workshop for Estatewood’s audit went 00:00:24.870 --> 00:00:27.720 really well! They were impressed with the new AI technology 00:00:27.720 --> 00:00:29.190 that we’ll be using on the audit this year. 00:00:29.190 --> 00:00:32.220 KAI: Yeah, they were! I agree! Actually - Estatewood’s CFO 00:00:32.220 --> 00:00:35.580 just reached out to me about helping with their GenAI transformation. 00:00:35.580 --> 00:00:38.880 I was thinking about an Ignition Experience at Lakehouse. We 00:00:38.880 --> 00:00:41.430 can share benchmarking and insights about their performance 00:00:41.430 --> 00:00:45.240 compared to their competitors, and brainstorm GenAI use cases. 00:00:45.240 --> 00:00:48.360 PALOMA: That’s a great idea! But let’s make sure we’ve 00:00:48.360 --> 00:00:50.820 considered any independence implications. 00:00:51.300 --> 00:00:54.600 If we plan to provide a benchmarking deliverable, we need to 00:00:54.600 --> 00:00:57.480 ensure that during that session, we aren’t providing 00:00:57.480 --> 00:01:00.750 services beyond the audit that haven’t been pre-approved. 00:01:00.900 --> 00:01:01.530 KAI: I see what you mean… 00:01:01.530 --> 00:01:04.740 PALOMA: The Independence Guidance on Ignition Experiences 00:01:04.740 --> 00:01:08.250 and AI services are helpful resources. The Ignition 00:01:08.250 --> 00:01:11.490 Experience you’ve described may be permissible, provided we 00:01:11.490 --> 00:01:15.690 don’t delve into developing their AI solutions. But it would 00:01:15.690 --> 00:01:18.780 be considered a separate non-audit service, regardless of 00:01:18.780 --> 00:01:19.680 whether we charge a fee. 00:01:19.950 --> 00:01:23.040 Kai is now more aware of the ways in which activities we 00:01:23.040 --> 00:01:26.370 plan to offer to our audit clients can expand into providing 00:01:26.400 --> 00:01:30.030 non-audit services. Although these non-audit services may be 00:01:30.030 --> 00:01:33.600 permissible, they still require evaluation in Sentinel and 00:01:33.630 --> 00:01:35.040 Audit Committee pre-approval. 00:01:35.610 --> 00:01:38.430 Paloma and Kai talk through what Estatewood would like to 00:01:38.430 --> 00:01:41.700 achieve with GenAI. They come up with an appropriate agenda 00:01:41.700 --> 00:01:45.060 to address the client’s needs that would also be permissible 00:01:45.060 --> 00:01:46.680 from an independence perspective. 00:01:47.220 --> 00:01:50.550 Because they also have an ongoing ESG reporting assessment 00:01:50.550 --> 00:01:53.940 engagement with Estatewood, Kai continues the discussion 00:01:53.940 --> 00:01:56.640 with Paloma, talking through the draft deliverable they 00:01:56.640 --> 00:01:57.930 would like to share with the client. 00:01:57.930 --> 00:02:00.870 KAI: Oh, I’ve been meaning to ask…Have you had a chance to 00:02:00.870 --> 00:02:03.240 review the draft deliverable for the ESG reporting 00:02:03.240 --> 00:02:06.660 assessment service? We had some valuable IT insights, and 00:02:06.660 --> 00:02:08.190 wanted to provide them as soon as possible! 00:02:08.000 --> 00:02:10.520 PALOMA: I have reviewed it. The team did a great job. 00:02:10.550 --> 00:02:11.090 KAI: Thanks, Paloma. 00:02:11.090 --> 00:02:13.460 PALOMA: And it’s great you used the standard deliverable 00:02:13.460 --> 00:02:17.630 template, but in certain places we do need to adjust our 00:02:17.630 --> 00:02:21.170 level of recommendations to avoid going beyond the scope of 00:02:21.170 --> 00:02:23.300 work in the approved ESG engagement letter. 00:02:23.300 --> 00:02:24.860 KAI: OK. Where were your concerns? 00:02:24.860 --> 00:02:28.280 PALOMA: There were a few places where we made assurance type 00:02:28.280 --> 00:02:31.790 statements like “the report is complete and accurate” or 00:02:32.300 --> 00:02:34.190 “the control is designed effectively”. 00:02:34.760 --> 00:02:37.940 We aren’t auditing here, so, our work can’t go beyond 00:02:37.970 --> 00:02:40.280 high-level observations and recommendations. 00:02:40.280 --> 00:02:44.000 KAI: Ok, I see what you mean. We can’t conclude or provide 00:02:44.000 --> 00:02:46.580 inadvertent assurance, since this is a non-audit service 00:02:46.580 --> 00:02:48.200 done under consulting standards. 00:02:48.740 --> 00:02:51.830 So - for our observations and recommendations, if we frame 00:02:51.830 --> 00:02:54.740 them as high-level feedback for the client’s consideration 00:02:55.040 --> 00:02:57.310 and categorize the feedback as high, medium, and low – would 00:02:57.310 --> 00:02:58.980 that be permissible? 00:02:58.980 --> 00:03:00.680 PALOMA: Yes, that’s permissible. 00:03:01.100 --> 00:03:04.550 We should avoid making recommendations that are too specific 00:03:04.580 --> 00:03:08.630 and extensive, as it could in substance be seen as designing 00:03:08.630 --> 00:03:12.230 or concluding on the client’s controls, or developing their 00:03:12.230 --> 00:03:14.450 action plan, which would be impermissible. 00:03:14.450 --> 00:03:15.800 KAI: That makes sense. 00:03:16.130 --> 00:03:17.810 I’ll make those changes to the ESG deliverable. 00:03:17.810 --> 00:03:20.840 Paloma emphasized the importance of staying within the 00:03:20.840 --> 00:03:23.810 approved scope and that teams need to take off their “audit” 00:03:23.810 --> 00:03:26.660 hat when drafting deliverables for non-audit services. 00:03:27.230 --> 00:03:30.170 She also reinforced the importance of providing objective 00:03:30.170 --> 00:03:32.900 recommendations and observations without conclusions, 00:03:32.900 --> 00:03:35.630 avoiding scope creep and maintaining independence. 00:03:36.230 --> 00:03:39.530 As Audit and Tech Assurance offer more non-audit services to 00:03:39.530 --> 00:03:43.308 audit clients, it is important to keep these considerations in mind. 00:03:43.308 --> 00:03:44.939