“The Wars to Come”โ€‹ โ€”Blockchain- A Game Changer for Auditors

By Alia Noor, FCMA, CIMA, MBA, Oxford fintech programme, GCC VAT Comp Dip,COSO Framework.
Associate Partner Ahmad Alagbari Chartered Accountants, UAEย 
Founder xpertsleague

 

 

Every industrial revolution was driven by different automation. Theย “Steam Engine”ย began theย “First Industrial Revolution”,ย Previous industrial revolutions were driven byย “Factory Machines and Fossil Fuels”. Whereas, the on-going automation revolution is based onย “Data-Driven Artificial Intelligence”ย (AI) andย “Blockchain Technology”

ย 

๐•ด๐–‹ย “๐•ฏ๐–†๐–™๐–† ๐–Ž๐–˜ ๐–™๐–๐–Š ๐–‹๐–š๐–Š๐–‘”๐–”๐–‹ ๐–™๐–๐–Š ๐•ฑ๐–”๐–š๐–—๐–™๐– ๐•ด๐–“๐–‰๐–š๐–˜๐–™๐–—๐–Ž๐–†๐–‘ ๐•ฝ๐–Š๐–›๐–”๐–‘๐–š๐–™๐–Ž๐–”๐–“,

“๐•ญ๐–‘๐–”๐–ˆ๐–๐–ˆ๐–๐–†๐–Ž๐–“ ๐–œ๐–Ž๐–‘๐–‘ ๐–‡๐–Š ๐–™๐–๐–Š ๐•ฐ๐–“๐–Œ๐–Ž๐–“๐–Š”ย ๐–‰๐–—๐–Ž๐–›๐–Ž๐–“๐–Œ ๐–Ž๐–™ ๐•ฑ๐–”๐–—๐–œ๐–†๐–—๐–‰.

Both have a positive relationship because blockchain distributed ledger nature allows for safe and secure storage of data. Working together not only will advance their own adoption & implementation but will shape the next Industrial Revolution.

Blockchain is a decentralized ledger of transactions across a peer-to-peer network which cannot be changed, tampered with, or lost due to blockchainโ€™s decentralized and distributed nature.ย The blocks in aย Blockchain consist of digital information (โ€œblockโ€) stored in a public database (โ€œchainโ€)

ย 

Blockchain technology, along with the adoption of cryptocurrencies, is gaining momentum. The enterprise blockchain market isย expected to reach $21 billion over the next five years. Just eleven years on, and both sectors have matured greatly, resulting in well-established organizations taking the technology more seriously as they tackle challenges that come with implementing blockchain and the use of digital assets.

This technology has the potential to transform and disrupt a multitude of industries, from financial services to the public sector to healthcare. Among various use cases are payment processing, online voting, executing contracts, signing documents digitally, creating verifiable audit trails and registering digital assets.

For Accounting world it will impacts all record keeping processes, including the way transactions are initiated, processed, authorized, recorded and reported. All information is recorded in real time which are immutable, and it brings transparency in financial reporting and accounting process with certainty over the provenance (origin) of those transactions.

Distributed ledgers working together with artificial intelligence can automated a range of processes, from payments through to foreign exchange trades and the filing of tax returns.

 

BLOCKCHAIN TWO MAIN FEATURES

1-๐•ด๐–’๐–’๐–š๐–™๐–†๐–‡๐–Ž๐–‘๐–Ž๐–™y & ๐•ฟ๐–—๐–†๐–“๐–˜๐–•๐–†๐–—๐–Š๐–“๐–ˆy

In Blockchain immutable accounting records are created. Manipulating transaction entries to falsify or eliminate them is practically impossible. Since all the information is stored as a block and every block is associated with others, anyone trying to change one block needs to alter the associated blocks which becomes a daunting task for the hacker.ย 

Auditors spent lot of time in verification of the transactions trail to ensure there is sufficient evidence and information is transparent. Use of Blockchain will save time that traditionally goes in manual auditing & detailed analysis. That time can be utilized in formulating more strategic work & delivering future business value.

 

ย 2๐•ฝ๐–Š๐–†๐–‘ ๐•ฟ๐–Ž๐–’๐–Š

“Gone are those days when auditors had to wait for it for the end of the year or month to carry out the audit.”

In blockchain all the information is recorded on “Real Time”ย i.e. it isย time-stamped. By use of blockchain technology, it is now possible to perform an audit whenever it is required improving pace of financial reporting and auditing.

With access to unalterable audit evidence, auditor could have real-time data access via read-only nodes on blockchains. Blockchain combined with artificial intelligence could transform the way in which fraud investigations and forensic accounting are undertaken.

The real-time systems would highlight and investigate anomalies and unusual transaction patterns as they emerge. It cannot eliminate fraud completely; however, it may help identify fraud in real time.

 

 

ย 

Blockchain based world would create new risks. While blockchain’s design brings transparency, immutability, and security in the transactions, but still the occurrence of frauds cannot be eradicated. The Block chain environment is still susceptible to various technology risks.

 

“The DAO โ€“HACK CASE”

Blockchain can also be vulnerable to programming mistakes, for instance in June 2016 , Swiss-based DAO โ€“ actually called “The DAO”ย lost virtual currency when a hacker found a loophole in the coding that allowed him to drain funds from The DAO. In the first few hours of the attack, 3.6 million ETH were stolen, the equivalent of $70 million at the time. Once the hacker had done the damage he intended, he withdrew the attack.

 

The DAO was a digital decentralized autonomous organization, and a form of investor-directed venture capital fund. It launched inย ย April 2016 after a crowdfunding campaign. The DAO had an objective to provide a new decentralized businessย model for organizing both commercial and non-profit enterprises.

There is currently no standard way to validate blockchain-based business processes and the related control environment.ย 

 

“The reality is that no system is flawless โ€“ not even block chain.ย 

 

 

BLOCKCHAIN BASED WORLD HAS CREATED NEW REQUIREMENTS FOR AUDIT WITH NEW RISKS

 

A๐–š๐–‰๐–Ž๐–™๐–”๐–—๐–˜ ๐–œ๐–Ž๐–‘๐–‘ ๐–“๐–Š๐–Š๐–‰ ๐–™๐–๐–Š ๐–˜๐•ถ๐–Ž๐–‘๐–‘๐–˜ ๐–†๐–“๐–‰ ๐–ˆ๐–†๐–•๐–†๐–‡๐–Ž๐–‘๐–Ž๐–™๐–Ž๐–Š๐–˜ ๐–™๐–” ๐–—๐–Š๐–›๐–Ž๐–Š๐–œ ๐–‡๐–‘๐–”๐–ˆ๐•ถ๐–ˆ๐–๐–†๐–Ž๐–“๐–˜ ๐–†๐–˜ ๐–™๐–๐–Š๐–ž ๐–†๐–—๐–Š ๐–ˆ๐–—๐–Š๐–†๐–™๐–Š๐–‰.
A ๐–‡๐–‘๐–”๐–ˆ๐–๐–ˆ๐–๐–†๐–Ž๐–“ ๐–‘๐–Š๐–‰๐–Œ๐–Š๐–— ๐–œ๐–”๐–š๐–‘๐–‰ ๐–•๐–—๐–”๐–›๐–Ž๐–‰๐–Š ๐–†๐–“ ๐–†๐–˜๐–˜๐–š๐–—๐–†๐–“๐–ˆ๐–Š ๐–‡๐–†๐–˜๐–Š๐–‘๐–Ž๐–“๐–Š ๐–™๐–๐–†๐–™ “๐•ฐ๐–‘๐–Ž๐–’๐–Ž๐–“๐–†๐–™๐–Š๐–˜ ๐–™๐–๐–Š ๐–“๐–Š๐–Š๐–‰ ๐–‹๐–”๐–— ๐•ฟ๐–—๐–†๐–‰๐–Ž๐–™๐–Ž๐–”๐–“๐–†๐–‘ A๐–š๐–‰๐–Ž๐–™๐–Ž๐–“๐–Œ” ๐–Š๐–“๐–™๐–Ž๐–—๐–Š๐–‘๐–ž ๐–†๐–˜ ๐–‡๐–‘๐–”๐–ˆ๐•ถ๐–ˆ๐–๐–†๐–Ž๐–“๐–˜, ๐–‡๐–ž ๐–‰๐–Š๐–‹๐–Ž๐–“๐–Ž๐–™๐–Ž๐–”๐–“, ๐–ˆ๐–—๐–Š๐–†๐–™๐–Š ๐–š๐–•-๐–™๐–”-๐–‰๐–†๐–™๐–Š ๐–Ž๐–’๐–’๐–š๐–™๐–†๐–‡๐–‘๐–Š, ๐–๐–Ž๐–˜๐–™๐–”๐–—๐–Ž๐–ˆ๐–†๐–‘ ๐–—๐–Š๐–ˆ๐–”๐–—๐–‰๐–˜.

Auditor will need to stay abreast of recent developments in this space to consider how to tailor audit procedures to take advantage of block chain benefits as well as address incremental risks.

A๐–˜๐–˜๐–Š๐–˜๐–˜ ๐–™๐–๐–Š ๐–—๐–Š๐–‘๐–Ž๐–†๐–‡๐–Ž๐–‘๐–Ž๐–™y ๐–”๐–‹ ๐–™๐–๐–Š ๐•ญ๐–‘๐–”๐–ˆ๐•ถ๐–ˆ๐–๐–†๐–Ž๐–“ c๐–”๐–“๐–˜๐–Š๐–“๐–˜๐–š๐–˜ P๐–—๐–”๐–™๐–”๐–ˆ๐–”๐–‘

Auditor needs to understand and assess the reliability of the consensus protocol for the specific blockchain taking into risk consideration of whether the protocol could be manipulated. In Blockchain the data is validated by many other users on the system. If majority of the users on the distributed ledger become corrupt, it is possible to break the chain.

 

๐•ฐ๐–›๐–†๐–‘๐–š๐–†๐–™๐–Š M๐–†๐–“๐–†๐–Œ๐–Š๐–’๐–Š๐–“๐–™โ€™๐–˜ A๐–ˆ๐–ˆ๐–”๐–š๐–“๐–™๐–Ž๐–“๐–Œ P๐–”๐–‘๐–Ž๐–ˆ๐–Ž๐–Š๐–˜ ๐–‹๐–”๐–— ๐•ฏ๐–Ž๐–Œ๐–Ž๐–™๐–†๐–‘ A๐–˜๐–˜๐–Š๐–™๐–˜

Auditor will also need to evaluate managementโ€™s accounting policies for digital assets and liabilities, which are currently not directly addressed in international financial reporting standards or in U.S. generally accepted accounting principles.

Auditors will always be needed to design the appropriate audit strategies in complex systems making decisions about what level of audit is required, how data should be captured, and the type of audit analytics that should be applied.ย 

N๐–” w๐–†y ๐–™๐–” ๐•ฝ๐–Š๐–›๐–Š๐–—๐–˜๐–Š ๐•ฟ๐–—๐–†๐–“๐–˜๐–†๐–ˆ๐–™๐–Ž๐–”๐–“๐–˜

In a case, if a user accidentally or deliberately transfers an amount (in the form ofย digital currency) to wrong or unauthorized address (recipient) account, then thereโ€™s currently no way to reverse the transaction.

To avoid such situations, Auditors are therefore required to assess whether effective automated controls General information technology controls (GITCs) related to the blockchain environmentย are in place to validate transactions before they are executed.


๐•ด๐–’๐–•๐–”๐–˜๐–˜๐–Ž๐–‡๐–‘๐–Š ๐–™๐–” R๐–Š๐–ˆ๐–”๐–›๐–Š๐–— ๐–™๐–๐–Š A๐–ˆ๐–ˆ๐–”๐–š๐–“๐–™ ๐–Ž๐–‹ P๐–—๐–Ž๐–›๐–†๐–™๐–Š k๐–Šy ๐–Ž๐–˜ ๐–‘๐–”๐–˜๐–™

Ifย in any case, a user loses his private key (e.g. through a software or hardware malfunction), then the user loses his access to his virtual currency account. All his amounts will remain inaccessible forever and cannot be recovered easily.

Auditors need to review effective disaster recovery procedures are in place and verify whether controls that address the risks associated with blockchain can be relied upon.

N๐–” ๐•ฝ๐–Š๐–•๐–”๐–—๐–™๐–Ž๐–“๐–Œ A๐–š๐–™๐–๐–”๐–—๐–Ž๐–™y

If an entity experiences a phishing attack, there is no central authority to report any incident since in blockchain there is no central administration. This situation can also translate into a risk of fraud.

When faced with such risk, Auditors will be expected toย determine whether internal controls to prevent and detect phishing attacks are indeed operating effectively.

 

“The auditors will need to audit whether the distributed ledger systems are working correctlyย “

โ€”Professor Nigel Smart, University of Bristol

The Big Fourโ€”PricewaterhouseCoopers (PwC), Ernst & Young (EY), KPMG and Deloitte all four companiesย  have pointied out the dangers of cryptocurrencies and blockchain, such as price volatility, poor code or hacks, and have build โ€œenterprise solutionsโ€ (software) for their clients.ย 

“๐•ฟ๐–๐–Š ๐•ญ๐–Ž๐–Œ ๐•ฑ๐–”๐–š๐–— A๐–—๐–Š ๐•ฒ๐–Š๐–†๐–—๐–Ž๐–“๐–Œ ๐–€๐–• ๐–™๐–” ๐•ญ๐–Š๐–ˆ๐–”๐–’๐–Š ๐•ฎ๐–—๐–ž๐–•๐–™๐–” ๐–†๐–“๐–‰ ๐•ญ๐–‘๐–”๐–ˆ๐–๐–ˆ๐–๐–†๐–Ž๐–“ A๐–š๐–‰๐–Ž๐–™๐–”๐–—๐–˜”

The Big Four firms and Fortune 500 companies are working with a number of blockchain and crypto companies on ways to combat regulatory uncertainty, interoperability challenges, consensus models and development of the technology.

Ernst & Young (EY)ย is usingย its “Blockchain Analyzer tool” to help audit teams assemble an organizationโ€™s entire transaction data from multiple blockchain ledgers. Inย  audit, tax, compliance and security platform it let auditors to look up transaction history and apply tax rules to blockchain business transactions.It also supports testing of multiple cryptocurrencies managed or traded by exchanges and asset managers.

PricewaterhouseCoopers (PwC)ย in 2019 had launched โ€œBlockchain Validation Software”, which combines risk & control framework with continuous auditing software. It will test for anomalies in real time.

Firm is also using “Halo auditing suite” to provide assurance services for entities engaging in cryptocurrency transactions. It provides independent evidence of private-public key pairing (to establish crypto asset ownership), and gather information about transactions and balances from blockchains.

To audit the smart contracts, PwC this year, 2020ย  partnered with Swiss firm ChainSecurity to focus on technical audits of smart contracts and blockchain platforms as well that risk hedging services for customers with crypto assets.

KPMG in June , 2020 Launchesd “KPMG Chain Fusion” to help manage Crypto and Traditional Assets over Public and Private Blockchain networks. New suite of capabilities helps clients address global regulatory considerations for strong system controls and processes for crypto and digital assets. The suite allows these customers to collect and organize data from both traditional systems as well as blockchain databases

Moreover, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), has issued voluntary guidance publishedย โ€œBlockchain and Internal Control: The COSO Perspectiveโ€ for companies to strengthen their oversight of blockchain-technology projects.ย 

 

Blockchain technology has the potential to upend Audit, Assurance and Control functions.
Auditors need to stay tuned to emerging use cases ,
As Role and skill sets of Auditors will change
As new Blockchain-based techniques and procedures emerges
They should Get ready for “๐•ฟ๐–๐–Š W๐–†๐–—๐–˜ ๐–™๐–” ๐•ฎ๐–”๐–’๐–Š”