“The Wars to Come” —Blockchain- A Game Changer for Auditors
By Alia Noor, FCMA, CIMA, MBA, Oxford fintech programme, GCC VAT Comp Dip,COSO Framework.
Associate Partner Ahmad Alagbari Chartered Accountants, UAE
Every industrial revolution was driven by different automation. The “Steam Engine” began the “First Industrial Revolution”, Previous industrial revolutions were driven by “Factory Machines and Fossil Fuels”. Whereas, the on-going automation revolution is based on “Data-Driven Artificial Intelligence” (AI) and “Blockchain Technology”
𝕴𝖋 “𝕯𝖆𝖙𝖆 𝖎𝖘 𝖙𝖍𝖊 𝖋𝖚𝖊𝖑”𝖔𝖋 𝖙𝖍𝖊 𝕱𝖔𝖚𝖗𝖙𝖍 𝕴𝖓𝖉𝖚𝖘𝖙𝖗𝖎𝖆𝖑 𝕽𝖊𝖛𝖔𝖑𝖚𝖙𝖎𝖔𝖓,
“𝕭𝖑𝖔𝖈𝖐𝖈𝖍𝖆𝖎𝖓 𝖜𝖎𝖑𝖑 𝖇𝖊 𝖙𝖍𝖊 𝕰𝖓𝖌𝖎𝖓𝖊” 𝖉𝖗𝖎𝖛𝖎𝖓𝖌 𝖎𝖙 𝕱𝖔𝖗𝖜𝖆𝖗𝖉.
Both have a positive relationship because blockchain distributed ledger nature allows for safe and secure storage of data. Working together not only will advance their own adoption & implementation but will shape the next Industrial Revolution.
Blockchain is a decentralized ledger of transactions across a peer-to-peer network which cannot be changed, tampered with, or lost due to blockchain’s decentralized and distributed nature. The blocks in a Blockchain consist of digital information (“block”) stored in a public database (“chain”)
Blockchain technology, along with the adoption of cryptocurrencies, is gaining momentum. The enterprise blockchain market is expected to reach $21 billion over the next five years. Just eleven years on, and both sectors have matured greatly, resulting in well-established organizations taking the technology more seriously as they tackle challenges that come with implementing blockchain and the use of digital assets.
This technology has the potential to transform and disrupt a multitude of industries, from financial services to the public sector to healthcare. Among various use cases are payment processing, online voting, executing contracts, signing documents digitally, creating verifiable audit trails and registering digital assets.
For Accounting world it will impacts all record keeping processes, including the way transactions are initiated, processed, authorized, recorded and reported. All information is recorded in real time which are immutable, and it brings transparency in financial reporting and accounting process with certainty over the provenance (origin) of those transactions.
Distributed ledgers working together with artificial intelligence can automated a range of processes, from payments through to foreign exchange trades and the filing of tax returns.
BLOCKCHAIN TWO MAIN FEATURES
1-𝕴𝖒𝖒𝖚𝖙𝖆𝖇𝖎𝖑𝖎𝖙y & 𝕿𝖗𝖆𝖓𝖘𝖕𝖆𝖗𝖊𝖓𝖈y
In Blockchain immutable accounting records are created. Manipulating transaction entries to falsify or eliminate them is practically impossible. Since all the information is stored as a block and every block is associated with others, anyone trying to change one block needs to alter the associated blocks which becomes a daunting task for the hacker.
Auditors spent lot of time in verification of the transactions trail to ensure there is sufficient evidence and information is transparent. Use of Blockchain will save time that traditionally goes in manual auditing & detailed analysis. That time can be utilized in formulating more strategic work & delivering future business value.
“Gone are those days when auditors had to wait for it for the end of the year or month to carry out the audit.”
In blockchain all the information is recorded on “Real Time” i.e. it is time-stamped. By use of blockchain technology, it is now possible to perform an audit whenever it is required improving pace of financial reporting and auditing.
With access to unalterable audit evidence, auditor could have real-time data access via read-only nodes on blockchains. Blockchain combined with artificial intelligence could transform the way in which fraud investigations and forensic accounting are undertaken.
The real-time systems would highlight and investigate anomalies and unusual transaction patterns as they emerge. It cannot eliminate fraud completely; however, it may help identify fraud in real time.
Blockchain based world would create new risks. While blockchain’s design brings transparency, immutability, and security in the transactions, but still the occurrence of frauds cannot be eradicated. The Block chain environment is still susceptible to various technology risks.
“The DAO –HACK CASE”
Blockchain can also be vulnerable to programming mistakes, for instance in June 2016 , Swiss-based DAO – actually called “The DAO” lost virtual currency when a hacker found a loophole in the coding that allowed him to drain funds from The DAO. In the first few hours of the attack, 3.6 million ETH were stolen, the equivalent of $70 million at the time. Once the hacker had done the damage he intended, he withdrew the attack.
The DAO was a digital decentralized autonomous organization, and a form of investor-directed venture capital fund. It launched in April 2016 after a crowdfunding campaign. The DAO had an objective to provide a new decentralized business model for organizing both commercial and non-profit enterprises.
There is currently no standard way to validate blockchain-based business processes and the related control environment.
“The reality is that no system is flawless – not even block chain.
BLOCKCHAIN BASED WORLD HAS CREATED NEW REQUIREMENTS FOR AUDIT WITH NEW RISKS
A𝖚𝖉𝖎𝖙𝖔𝖗𝖘 𝖜𝖎𝖑𝖑 𝖓𝖊𝖊𝖉 𝖙𝖍𝖊 𝖘𝕶𝖎𝖑𝖑𝖘 𝖆𝖓𝖉 𝖈𝖆𝖕𝖆𝖇𝖎𝖑𝖎𝖙𝖎𝖊𝖘 𝖙𝖔 𝖗𝖊𝖛𝖎𝖊𝖜 𝖇𝖑𝖔𝖈𝕶𝖈𝖍𝖆𝖎𝖓𝖘 𝖆𝖘 𝖙𝖍𝖊𝖞 𝖆𝖗𝖊 𝖈𝖗𝖊𝖆𝖙𝖊𝖉.
A 𝖇𝖑𝖔𝖈𝖐𝖈𝖍𝖆𝖎𝖓 𝖑𝖊𝖉𝖌𝖊𝖗 𝖜𝖔𝖚𝖑𝖉 𝖕𝖗𝖔𝖛𝖎𝖉𝖊 𝖆𝖓 𝖆𝖘𝖘𝖚𝖗𝖆𝖓𝖈𝖊 𝖇𝖆𝖘𝖊𝖑𝖎𝖓𝖊 𝖙𝖍𝖆𝖙 “𝕰𝖑𝖎𝖒𝖎𝖓𝖆𝖙𝖊𝖘 𝖙𝖍𝖊 𝖓𝖊𝖊𝖉 𝖋𝖔𝖗 𝕿𝖗𝖆𝖉𝖎𝖙𝖎𝖔𝖓𝖆𝖑 A𝖚𝖉𝖎𝖙𝖎𝖓𝖌” 𝖊𝖓𝖙𝖎𝖗𝖊𝖑𝖞 𝖆𝖘 𝖇𝖑𝖔𝖈𝕶𝖈𝖍𝖆𝖎𝖓𝖘, 𝖇𝖞 𝖉𝖊𝖋𝖎𝖓𝖎𝖙𝖎𝖔𝖓, 𝖈𝖗𝖊𝖆𝖙𝖊 𝖚𝖕-𝖙𝖔-𝖉𝖆𝖙𝖊 𝖎𝖒𝖒𝖚𝖙𝖆𝖇𝖑𝖊, 𝖍𝖎𝖘𝖙𝖔𝖗𝖎𝖈𝖆𝖑 𝖗𝖊𝖈𝖔𝖗𝖉𝖘.
Auditor will need to stay abreast of recent developments in this space to consider how to tailor audit procedures to take advantage of block chain benefits as well as address incremental risks.
A𝖘𝖘𝖊𝖘𝖘 𝖙𝖍𝖊 𝖗𝖊𝖑𝖎𝖆𝖇𝖎𝖑𝖎𝖙y 𝖔𝖋 𝖙𝖍𝖊 𝕭𝖑𝖔𝖈𝕶𝖈𝖍𝖆𝖎𝖓 c𝖔𝖓𝖘𝖊𝖓𝖘𝖚𝖘 P𝖗𝖔𝖙𝖔𝖈𝖔𝖑
Auditor needs to understand and assess the reliability of the consensus protocol for the specific blockchain taking into risk consideration of whether the protocol could be manipulated. In Blockchain the data is validated by many other users on the system. If majority of the users on the distributed ledger become corrupt, it is possible to break the chain.
𝕰𝖛𝖆𝖑𝖚𝖆𝖙𝖊 M𝖆𝖓𝖆𝖌𝖊𝖒𝖊𝖓𝖙’𝖘 A𝖈𝖈𝖔𝖚𝖓𝖙𝖎𝖓𝖌 P𝖔𝖑𝖎𝖈𝖎𝖊𝖘 𝖋𝖔𝖗 𝕯𝖎𝖌𝖎𝖙𝖆𝖑 A𝖘𝖘𝖊𝖙𝖘
Auditor will also need to evaluate management’s accounting policies for digital assets and liabilities, which are currently not directly addressed in international financial reporting standards or in U.S. generally accepted accounting principles.
Auditors will always be needed to design the appropriate audit strategies in complex systems making decisions about what level of audit is required, how data should be captured, and the type of audit analytics that should be applied.
N𝖔 w𝖆y 𝖙𝖔 𝕽𝖊𝖛𝖊𝖗𝖘𝖊 𝕿𝖗𝖆𝖓𝖘𝖆𝖈𝖙𝖎𝖔𝖓𝖘
In a case, if a user accidentally or deliberately transfers an amount (in the form of digital currency) to wrong or unauthorized address (recipient) account, then there’s currently no way to reverse the transaction.
To avoid such situations, Auditors are therefore required to assess whether effective automated controls General information technology controls (GITCs) related to the blockchain environment are in place to validate transactions before they are executed.
𝕴𝖒𝖕𝖔𝖘𝖘𝖎𝖇𝖑𝖊 𝖙𝖔 R𝖊𝖈𝖔𝖛𝖊𝖗 𝖙𝖍𝖊 A𝖈𝖈𝖔𝖚𝖓𝖙 𝖎𝖋 P𝖗𝖎𝖛𝖆𝖙𝖊 k𝖊y 𝖎𝖘 𝖑𝖔𝖘𝖙
If in any case, a user loses his private key (e.g. through a software or hardware malfunction), then the user loses his access to his virtual currency account. All his amounts will remain inaccessible forever and cannot be recovered easily.
Auditors need to review effective disaster recovery procedures are in place and verify whether controls that address the risks associated with blockchain can be relied upon.
N𝖔 𝕽𝖊𝖕𝖔𝖗𝖙𝖎𝖓𝖌 A𝖚𝖙𝖍𝖔𝖗𝖎𝖙y
If an entity experiences a phishing attack, there is no central authority to report any incident since in blockchain there is no central administration. This situation can also translate into a risk of fraud.
When faced with such risk, Auditors will be expected to determine whether internal controls to prevent and detect phishing attacks are indeed operating effectively.
“The auditors will need to audit whether the distributed ledger systems are working correctly “
—Professor Nigel Smart, University of Bristol
The Big Four—PricewaterhouseCoopers (PwC), Ernst & Young (EY), KPMG and Deloitte all four companies have pointied out the dangers of cryptocurrencies and blockchain, such as price volatility, poor code or hacks, and have build “enterprise solutions” (software) for their clients.
“𝕿𝖍𝖊 𝕭𝖎𝖌 𝕱𝖔𝖚𝖗 A𝖗𝖊 𝕲𝖊𝖆𝖗𝖎𝖓𝖌 𝖀𝖕 𝖙𝖔 𝕭𝖊𝖈𝖔𝖒𝖊 𝕮𝖗𝖞𝖕𝖙𝖔 𝖆𝖓𝖉 𝕭𝖑𝖔𝖈𝖐𝖈𝖍𝖆𝖎𝖓 A𝖚𝖉𝖎𝖙𝖔𝖗𝖘”
The Big Four firms and Fortune 500 companies are working with a number of blockchain and crypto companies on ways to combat regulatory uncertainty, interoperability challenges, consensus models and development of the technology.
Ernst & Young (EY) is using its “Blockchain Analyzer tool” to help audit teams assemble an organization’s entire transaction data from multiple blockchain ledgers. In audit, tax, compliance and security platform it let auditors to look up transaction history and apply tax rules to blockchain business transactions.It also supports testing of multiple cryptocurrencies managed or traded by exchanges and asset managers.
PricewaterhouseCoopers (PwC) in 2019 had launched “Blockchain Validation Software”, which combines risk & control framework with continuous auditing software. It will test for anomalies in real time.
Firm is also using “Halo auditing suite” to provide assurance services for entities engaging in cryptocurrency transactions. It provides independent evidence of private-public key pairing (to establish crypto asset ownership), and gather information about transactions and balances from blockchains.
To audit the smart contracts, PwC this year, 2020 partnered with Swiss firm ChainSecurity to focus on technical audits of smart contracts and blockchain platforms as well that risk hedging services for customers with crypto assets.
KPMG in June , 2020 Launchesd “KPMG Chain Fusion” to help manage Crypto and Traditional Assets over Public and Private Blockchain networks. New suite of capabilities helps clients address global regulatory considerations for strong system controls and processes for crypto and digital assets. The suite allows these customers to collect and organize data from both traditional systems as well as blockchain databases
Moreover, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), has issued voluntary guidance published “Blockchain and Internal Control: The COSO Perspective” for companies to strengthen their oversight of blockchain-technology projects.
Blockchain technology has the potential to upend Audit, Assurance and Control functions.
Auditors need to stay tuned to emerging use cases ,
As Role and skill sets of Auditors will change
As new Blockchain-based techniques and procedures emerges
They should Get ready for “𝕿𝖍𝖊 W𝖆𝖗𝖘 𝖙𝖔 𝕮𝖔𝖒𝖊”
- Unlearn What is UnTrue! - September 7, 2021
- Big ideas are so hard to recognize, so fragile, so easy to kill. - September 5, 2021
- No Username or Password… No Wishes! - September 4, 2021