"The Wars to Come," Blockchain - A Game Changer for Auditors
Blockchain technology has the potential to upend Audit, Assurance and Control functions —Auditors need to stay attuned to emerging use cases. As Role and skillsets of Auditors will change as new Blockchain-based techniques and procedures emerge.
Every industrial revolution was driven by different automation. The "Steam Engine" began the "First Industrial Revolution", Previous industrial revolutions were driven by "Factory Machines and Fossil Fuels". Whereas, the on-going automation revolution is based on "Data-Driven Artificial Intelligence" (AI) and "Blockchain Technology".
If "data is the fuel "of the Fourth Industrial Revolution, "blockchain will be the engine" driving it forward. Both of them have a positive relationship because blockchain distributed ledger nature allows for safe and secure storage of data. Working together not only will advance their own adoption & implementation but will shape the next Industrial Revolution.
"Blockchain is a decentralized ledger of transactions across a peer-to-peer network that cannot be changed, tampered with, or lost due to blockchain’s decentralized and distributed nature. The blocks in a Blockchain consist of digital information ("block") stored in a public database ("chain").
Blockchain technology was first introduced as the core technology behind digital currency bitcoin, but it has now evolved far beyond bitcoin and has the potential to transform and disrupt a multitude of industries, from financial services to the public sector to healthcare.
Among various use cases are payment processing, online voting, executing contracts, signing documents digitally, creating verifiable audit trails and registering digital assets.
Blockchain Impact on Accounting & Auditing World
Blockchain-based world would create new requirements for audits with new risks. A blockchain ledger would provide an assurance baseline that eliminates the need for traditional auditing entirely as blockchains, by definition, create up-to-date immutable, historical records.
This technology has the potential to impacts all record-keeping processes, including the way transactions are initiated, processed, authorized, recorded and reported. All information is recorded in real-time which is immutable and it brings transparency in financial reporting and accounting process with certainty over the provenance (origin) of those transactions.
Distributed ledgers working together with artificial intelligence can automate a range of processes, from payments through to foreign exchange trades and the filing of tax returns.
“Auditors will need the skills and capabilities to review blockchains as they are created.”
Blockchain Feature- Immutability & Transparency
In Blockchain immutable accounting records are created. Manipulating transaction entries to falsify or eliminate them is practically impossible. Since all the information is stored as a block and every block is associated with others, anyone trying to change one block needs to alter the associated blocks which becomes a daunting task for the hacker.
Auditors spent a lot of time in the verification of the transactions trail to ensure there is sufficient evidence and information is transparent. The use of Blockchain will save time that traditionally goes in manual auditing & detailed analysis. That time can be utilized in formulating more strategic work & delivering future business value.
Blockchain Feature- Real-Time
Gone are those days when auditors had to wait for it for the end of the year or month to carry out the audit.
In blockchain all the information is recorded on "Real-Time" i.e it is time-stamped. By the use of blockchain technology, it is now possible to perform an audit whenever it is required improving the pace of financial reporting and auditing.
A blockchain-based ledger lays out the entire history of related transactions, updated in real-time and visible to all parties involved — creating a clear, auditable record that is virtually impossible to falsify or destroy, promising to radically improve the fight against challenges like fraud and money laundering.
Malcolm J. Murray, Fellow and VP, Gartner
With access to unalterable audit evidence, the auditor could have real-time data access via read-only nodes on blockchains. Blockchain combined with artificial intelligence could transform the way in which fraud investigations and forensic accounting are undertaken.
The real-time systems would highlight and investigate anomalies and unusual transaction patterns as they emerge. It cannot eliminate fraud completely; however, it may help identify fraud in real-time.
Blockchain Challenges “New world of digital risk”
Blockchain-based world would create new requirements for audit with new risks. While block chain's design brings transparency, immutability and security in the transactions, but still the occurrence of frauds cannot be eradicated. The Blockchain environment is still susceptible to various technology risks.
The auditors will need to audit whether the distributed ledger systems are working correctly.
Professor Nigel Smart, University of Bristol
In Blockchain the data is validated by a majority of other users on the system. If the majority of the users on the distributed ledger become corrupt, it is possible to break the chain.
The DAO–HACK
Blockchain can also be vulnerable to programming mistakes, for instance in June 2016, Swiss-based DAO – actually called "The DAO" lost virtual currency when a hacker found a loophole in the coding that allowed him to drain funds from The DAO. In the first few hours of the attack, 3.6 million ETH were stolen, the equivalent of $70 million at the time. Once the hacker had done the damage he intended, he withdrew the attack.
The DAO was a digital decentralized autonomous organization and a form of investor-directed venture capital fund. It launched in April 2016 after a crowdfunding campaign. The DAO had an objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises.
The DAO’s hack was not due to a problem inherent on the Ethereum blockchain; it came from a coding loophole exploited by an intelligent hacker. Had the code been written correctly, the hack could have been avoided
There is currently no standard way to validate blockchain-based business processes and the related control environment.
The reality is that no system is flawless – not even blockchain.
Assess the Reliability of the Blockchain Consensus Protocol
Auditor needs to understand and assess the reliability of the consensus protocol for the specific blockchain taking into risk consideration of whether the protocol could be manipulated.
Evaluate Management’s Accounting policies for Digital Assets
Auditor will also need to evaluate management’s accounting policies for digital assets and liabilities, which are currently not directly addressed in international financial reporting standards or in the U.S. generally accepted accounting principles.
Auditors will always be needed to design the appropriate audit strategies in complex systems making decisions about what level of audit is required, how data should be captured, and the type of audit analytics that should be applied.
No way to Reverse Transactions
In a case, if a user accidentally or deliberately transfers an amount (in the form of digital currency) to the wrong or unauthorized address (recipient) account, then there’s currently no way to reverse the transaction.
To avoid such situations, Auditors are therefore required to assess whether effective automated controls General information technology controls (GITCs) related to the blockchain environment are in place to validate transactions before they are executed.
Impossible to recover the Account if Private key is lost
If in any case, a user loses his private key (e.g. through a software or hardware malfunction), then the user loses his access to his virtual currency account. All his amounts will remain inaccessible forever and cannot be recovered easily.
Auditors need to review effective disaster recovery procedures are in place and verify whether controls that address the risks associated with blockchain can be relied upon.
No Reporting Authority
If an entity experiences a phishing attack, there is no central authority to report any incident since in blockchain there is no central administration. This situation can also translate into a risk of fraud.
When faced with such risk, Auditors will be expected to determine whether internal controls to prevent and detect phishing attacks are indeed operating effectively.
Top Auditing Firms have Undertaken Blockchain Audit Initiative
An auditor will need to stay abreast of recent developments in this space to consider how to tailor audit procedures to take advantage of blockchain benefits as well as address incremental risks.
EY has recently announced the launch of its "Blockchain Analyzer tool" to help audit teams assemble an organization’s entire transaction data from multiple blockchain ledgers. It also supports testing of multiple cryptocurrencies managed or traded by exchanges and asset managers.
PwC has also launched"Blockchain Validation Software", which combines risk & control framework with continuous auditing software. It will test for anomalies in real-time.
The Committee of Sponsoring Organizations of the Treadway Commission, or COSO, is developing voluntary guidelines for companies to strengthen their oversight of blockchain-technology projects. The guidance is expected to be released in the first quarter of 2020.
Blockchain technology has the potential to upend Audit, Assurance and Control functions —Auditors need to stay attuned to emerging use cases — As Role and skillsets of Auditors will change as new Blockchain-based techniques and procedures emerges.
Get ready for "The Wars to Come"
Image source: Shutterstock
Tags
Latest
