Trust in Financial Ecosystems: Technology and Accountability

“Numbers may be precise, but trust arises not from numbers alone. It is built through transparency, strengthened by accountability, and sustained through independent verification.”

Introduction

Trust has always been the cornerstone of financial systems. Businesses across time and the globe have been extending credit facility based on trust. The ability of financial institutions to mobilise savings and support economic growth depends fundamentally on the confidence stakeholders place in them. Depositors expect banks to safeguard their funds; investors rely on credible information to make decisions; citizens expect public money to be spent as intended and honestly accounted for. For decades, this confidence rested on institutional reputation, regulatory oversight and periodic audit. That foundation of trust is still running the system. However, the environment around it has changed beyond recognition.

As the Supreme Audit Institution of India, the Comptroller and Auditor General (CAG) occupies a distinctive vantage point on this change.

Under Article 148 of the Constitution, the CAG audits the receipts and expenditure of the Union and the States.

CAG also audits the accounts of Public Sector Undertakings and Autonomous Bodies including numerous entities in the public financial landscape dealing in niche sectors such as: NBFCs & Development Finance Institutions; Insurance; Capital Markets & Securities; Asset Management, Pension & Trusteeship; Payments, FinTech & Digital Financial Infrastructure; Asset Reconstruction & Stressed Assets; Credit Rating, Risk & Credit Guarantee, Trade Finance & Financial Services; Consultancy, Project Development & Infrastructure; and Regulators, Foundations & Governance Institutions.

CAG has been increasingly auditing the digital systems through which public money now moves i.e., Aadhaar-enabled welfare payments, the Unified Payments Interface, and the core operations and IT systems of financial sector service providers.

Audit reports placed before Parliament and State Legislatures have, for over a century, served as a foundational mechanism of public accountability, placing this institution squarely at the intersection of how financial systems are evolving in the digital age, why accountability remains indispensable despite rising automation, and how audit must adapt to preserve trust in an increasingly interconnected world.

Financial systems today are powered by integrated ERP platforms, cloud-based accounting, AI, Machine Learning, blockchain, robotic process automation and digital payment infrastructure. Data is generated continuously and decisions are increasingly made in real time. India’s own digital public infrastructure has been built on exactly these technologies, and the CAG’s audit mandate has grown alongside it.

Financial systems today are powered by integrated ERP platforms, cloud-based accounting, AI, Machine Learning, blockchain, robotic process automation and digital payment infrastructure. Data is generated continuously and decisions are increasingly made in real time. India’s own digital public infrastructure has been built on exactly these technologies, and the CAG’s audit mandate has grown alongside it.

Trust Has Become Ecosystem-Centric

A financial ecosystem is no longer a single institution but a network of interconnected banks, fintechs, payment processors, regulators, auditors and technology vendors operating through shared digital infrastructure. A citizen’s experience of a single welfare payment or digital transaction may depend on the coordinated functioning of a mobile app, a payment gateway, banking infrastructure, cloud servers and fraud-monitoring tools working simultaneously. A weakness anywhere in that chain can damage confidence in the whole. Trust has, therefore, evolved from institution-centric to ecosystem-centric, which is precisely why audit has had to widen its lens from individual entities to the systems connecting them.

The economic value of this trust is considerable. High-trust environments see lower transaction costs, deeper market liquidity and faster capital allocation; deficiencies bring higher compliance costs and reputational damage that can take years to repair. As Warren Buffett observed, “it takes twenty years to build a reputation and five minutes to ruin it”. The 2008 global financial crisis showed how governance and transparency failures can erode confidence rapidly; more recent cyber incidents confirm that threats to trust now extend well beyond financial reporting into the integrity of the technology itself. For a public audit institution, the stakes are no different in kind: a citizen’s trust in digital governance rests on the same foundations as an investor’s trust in a balance sheet.

Technology: An Enabler of Trust, and a Source of New Risk

The modern financial system can be understood as operating through three interconnected layers: a transaction layer i.e., ERP systems, payment platforms and APIs that captures financial events in real time with minimal manual intervention; an analytics layer that converts this data into insights through dashboards and AI, letting management monitor risk on near real-time information rather than historical reports alone; and a reporting and assurance layer where information is consolidated into financial statements and regulatory filings, and audit validates its reliability. This structure is as visible in government financial management, through systems such as the Public Financial Management System (PFMS), as in the private sector, and audit must engage with all three layers, not the last alone.

AI and Machine Learning now support credit assessment, fraud detection, anti-money laundering monitoring and predictive analytics, identifying patterns that traditional methods would miss; government auditors increasingly encounter the same tools in beneficiary-identification systems built into welfare schemes. But outcomes are only as good as the data behind them: biased datasets can produce unfair results, and complex algorithms can generate decisions that are difficult to explain. The auditor’s task of examining an insurance company’s credit model or a scheme’s eligibility algorithm alike is shifting from testing only a model’s output to questioning the model itself; an unusual flag is a reason to ask further questions, not proof of fraud. Advances like blockchain would create tamper-resistant, time-stamped records that strengthen confidence in cross-border payments and digital identity, reducing some manual checking since the technology leaves its own trail. But it does not remove the need for audit; it relocates scrutiny to whether the data was accurate when first entered and whether the underlying code does what it claims, since incorrect data on a ledger remains permanently wrong even as it looks authoritative.

Cloud computing has made sophisticated financial systems accessible even to smaller entities and enabled real-time reporting, but it creates dependence on third-party providers visible in government systems too, as departments migrate core applications to the cloud. This is double-edged for audit: it offers direct, read-only access to systems for testing, but requires auditors to understand the cloud provider’s own controls, making reports such as SOC 1 and SOC 2 essential reading wherever systems are hosted externally. Cybersecurity threats and weak data governance sit behind all of this: institutions holding vast amounts of sensitive data are natural targets for attackers, and every downstream decision depends on the integrity of the data feeding it. Technology, in short, creates trust only when matched by sound controls and governance.

Accountability Still Matters Most

Many of the most damaging failures in modern finance occurred not because technology malfunctioned, but because organisations lacked adequate oversight of it. Accountability i.e., the obligation to explain and accept responsibility for decisions, needs examining at three levels, and audit itself is one of the principal mechanisms through which that examination occurs.

Governance accountability requires boards and audit committees, and in the public sphere, secretaries, public sector boards and the legislatures to whom they report to understand the technologies generating the information placed before them. A director relying on an AI-driven model for a critical estimate, or a department relying on an algorithm for welfare eligibility, must be able to challenge its assumptions, not merely accept its output. CAG’s audit reports, tabled before Parliament and the State Legislatures and examined by Public Accounts Committees, exist precisely to test whether that challenge function is being exercised.

Process accountability requires rethinking internal controls built for a manual world. Where automated tools now perform work once divided among several people, segregation of duties must be redesigned around new questions: who designed the automated process, who can change it, and who monitors its exceptions? Internal Financial Controls frameworks under the Companies Act, 2013 and equivalent requirements within government financial rules must address these automated control points explicitly, since weaknesses here directly affect the reliability of financial reporting in both sectors. CAG’s financial audit of Government Companies under Section 143(6) of the Companies Act exists precisely to point out these weaknesses.

Professional accountability rests on the principle that technology is a powerful aid but never a substitute for judgment. Auditors, whether examining a listed company or a government scheme, remain responsible for the tools they use, including AI-enabled analytics, and must understand their limitations rather than treat their output as self-evidently correct.

India’s own digital financial ecosystem illustrates the scale of what is at stake, and much of it now falls directly within this institution’s audit purview. Digital India, Aadhaar-enabled authentication, UPI, the Account Aggregator Framework and early CBDC experimentation have transformed access to financial services within a decade. As these platforms have scaled, CAG’s audits have correspondingly expanded to examine the IT systems and control environments underpinning them, alongside the Reserve Bank of India, SEBI, IRDAI, the IFSCA and the Ministry of Corporate Affairs, each raising its own expectations on governance and technology oversight. Sustainable innovation, in government and the financial sector alike, must be matched step for step by accountability.

The Audit Profession Is Being Redefined

The traditional image of an auditor, i.e. checking vouchers, tracing entries, and confirming balances, is giving way to a professional fluent in data and technology, in government audit, no less than in the Chartered Accountancy profession. CAG’s own offices have built dedicated data analytics and IT audit capabilities to keep pace with the systems they examine.

The traditional image of an auditor, i.e. checking vouchers, tracing entries, and confirming balances, is giving way to a professional fluent in data and technology, in government audit, no less than in the Chartered Accountancy profession. CAG’s own offices have built dedicated data analytics and IT audit capabilities to keep pace with the systems they examine. We have comprehensively moved towards data-driven audits through our high-performance computing centre at our Centre for Data Management and Analytics (CDMA). This Centre has been the nodal driver for this transformation, guiding field offices, and developing analytics models and audit toolkits. In addition, we have recently inaugurated the Centre of Excellence in Financial Audit (CoEFA) at Hyderabad to lead our digital transformation by becoming a global leader in leveraging technology for strengthening and transforming financial audits.

This mirrors the framework Standards on Auditing provide for the profession at large. SA 315 requires auditors to understand an entity’s IT environment and automated controls when identifying risk; SA 330 requires responses that increasingly involve testing automated controls and data analytics rather than sampling alone, scanning entire ledgers or scheme databases for unusual patterns to build conclusions on a broader evidence base. SA 240’s fraud-risk requirement in digital environments may now involve unauthorised system access rather than only manual misstatement, which is equally relevant to a government payment system as a corporate ledger. SA 402 has gained relevance as institutions outsource cloud services to third parties, and SA 500’s requirement for sufficient evidence now extends to system-generated logs and metadata, making IT General Controls core audit competence rather than a peripheral specialism.

Continuous auditing takes this further by embedding monitoring directly within organisational systems, so exceptions are detected in near real time rather than months later, shifting audit from a retrospective exercise to a proactive one. Assurance is also expanding into ESG reporting, cybersecurity and data privacy compliance, domains where independence and scepticism remain directly transferable. None of this should reduce professional scepticism; if anything, it demands more. A well-designed algorithm can create false confidence, sometimes called automation complacency, and audit must remain alert to both human and machine output to protect the credibility of its conclusions.

Building Trust in Digital Financial Ecosystems

Organisations and audit institutions alike can anchor efforts to strengthen stakeholder confidence around four ideas. Transparency of design means being able to explain how critical systems and automated processes work, including the data, assumptions and controls behind them. A system that cannot be explained tends to undermine the confidence it was meant to inspire. Traceability of data means every material figure, in a corporate statement or a scheme’s expenditure report alike, should be traceable to its originating transaction through a clear, auditable trail. Resilience of controls means controls must withstand system failures and unauthorised overrides, not merely operate correctly under normal conditions. Independence of verification remains the cornerstone beneath all three: however, sophisticated internal systems that become an objective external assessment by professionals with no stake in the outcome are what ultimately allow investors, regulators and citizens to rely on what they are told, i.e. the same principle, exercised through Parliament’s oversight of public accounts, that has anchored the CAG’s work for over a century.

Conclusion

Trust in financial systems is not a static achievement but a continuous commitment that must evolve alongside changing technology and stakeholder expectations. The digital age has brought genuine gains in transparency and real-time insight, but it has also introduced complexities that demand stronger oversight, not less. Far from diminishing the relevance of audit, these developments reinforce it: as the means by which information is generated change, the need for independent assurance and professional judgement becomes more critical, not less.

Technology can make financial information faster and more accessible; accountability, supported by sound governance and independent assurance, is what makes it trustworthy. For centuries, financial systems have been built on trust. Technology may redefine how that trust is earned and verified, but it can never replace the need for it, and this institution remains committed to that enduring task.

For audit, under constitutional mandate or professional standards, the path forward lies neither in uncritical adoption of every new technology, nor in resistance to change, but in disciplined integration guided by independence, objectivity, skepticism, and integrity. Technology can make financial information faster and more accessible; accountability, supported by sound governance and independent assurance, is what makes it trustworthy. For centuries, financial systems have been built on trust. Technology may redefine how that trust is earned and verified, but it can never replace the need for it, and this institution remains committed to that enduring task.

Author may be reached at eboard@icai.in