blockchain audit, risk & governance and audit.pdf · problems and is single source of truth....

Blockchain – Audit, Risk & GovernanceShailesh Kumar Churiwala9999294554

Open Discussion

Blockchain seems to solve many problems and is single source of truth.

Does it mean that it can be blindly relied upon?

Does it still require auditing?

Open Discussion

Why Blockchain needs auditing?:

For transition from traditional system to Blockchain, the historical data needs to be audited.

The source codes need to be verified for smart contracts / auto executing contracts.

Controls over granting access controls to network (permissioned)

Leakage of confidential information

Ensure correctness of data

Open Discussion

Why Blockchain needs no auditing?

Data is visible at real time

Data is not editable once recorded

Transactions can be auto executed with predefined logics

Transactions are irreversible

Open Discussion

Blockchain is another type of database technology.

It is like many companies share a common database.

Traditional database needs to be audited and so is the Blockchain !!

Open Discussion

The use of blockchain platforms will not remove audits nor the need for

an independent auditor.

It will TRANSFORM the way in which auditors extract, test and analyse

data.

Layering blockchain technology with audit analytics could yield

standardised, sophisticated audit routines and analysis that enable near

real-time evaluation of transactions across the blockchain.

Real Time Audit

• The science of continuous audit has been limited to enterprise internal audit and reporting up until now

• Auditchain enables enterprises to provide stakeholders and regulators with the highest levels of audit assurance through decentralized consensus

• Auditchain proposes to embody an ecosystem that includes a blockchain protocol and an open source library of accounting smart contracts sufficient to capture, process, audit and report enterprise data and performance data on a real time continuous basis under a continuous independent audit exceeding current accounting, audit and control standards.

• A public facing and/or permission based presentation layer proposes to render in real time, at the close of every block; balance sheet, income statement, cash flow and statement of changes in stockholders’ equity reports that has the capacity to far exceed the reliability of existing reporting standards.

Auditchain

• Decentralized Continuous Audit and Reporting Protocol Ecosystem “DCARPE™”

• Continuous audit is evolving in theory and practice. Its practice is limited mainly to internal reporting controls. The application of jurisdictionally compliant accounting treatment to transactions and reporting system risk controls occurring in most business processes is now theoretically possible concurrently within and subject to a decentralized continuous audit environment pursuant to SSAE 18(12) and IASE 3402 standards through the use of configurable “Ricardian” type smart contracts(6)(7). Such contracts, as proposed in this paper, do not hold custody of value but instead execute commands for how legal conditions and value are treated based on a fixed or evolving arrangement.

• DCARPE™ implementation leverages the self-auditing state of a blockchain with these additional layers of high extensibility specifically for the development and deployment of decentralized enterprise applications designed to offer stakeholders with real time presentation of financial, operational, development and network statistics reporting every block.

Auditchain

New Risks To Consider

New Risks to Consider

Strategic Risks

Early adoption vs adopt until the technology matures.

Right network to participate in

Choice of the underlying platform

Integration with legacy infrastructure.

Reputation risk

Reputational risk: Blockchain technology is part of core infrastructure and will have to work seamlessly with legacy infrastructure. Failure to do so could result in poor client experience and regulatory issues.


Regulatory risk:

Uncertainty around the regulatory requirements related to blockchain applications.

The type of participants in the network

Whether the framework allows domestic or cross-border transactions

This could also include cross-border regulations related to privacy and data protection.

Risk - 1

• The board does not have the requisite experience or subject matter knowledge to exercise oversight related to internal control.

Control Activity

• Board members retain industry experts in order to advise on risks present within the industry for which the entity operates with respect to Blockchain technology.

Audit / Implementation Consideration

• Review the value analysis performed by BOD before implementation of Blockchain.

• Technical expertise to be a criteria for evaluation of independent directors.



Risk - 2

• Management adopts valuation methodology that is not in compliance with accounting guidance.

Control Activity

• Management has adopted a valuation methodology using reliable pricing data that is in compliance with accounting standards.


• Review the accounting polices adopted by the management

• Review the control over reconciliation and adjustment entry passed by management to convert Blockchain financials to regulatory financials.


Risk - 3

• Fraud Risk (Financial Statement)

Control Activity

• Management fails to report digital assets in their custody or reports digital assets that they do not have rights & obligations to.


• Re-compute the balance of assets on the basis of data available on Blockchain.

• Ensure the completeness of data on Blockchain basis the subsequent blocks added to the network.


Risk - 4

• Fraud Risk (Misappropriation of assets)

Control Activity

• Segregation of custody of private key shards such that no one person is able to recreate and/or gain sole custody of private key's.


• Controls over granting private key is to be monitored by BOD.

• Private key should be given in encrypted form.


Risk – 5

• Unauthorized changes are made to the core Blockchain technology / protocol

Control Activity

• Public Blockchains (e.g. Bitcoin / Ethereum) - Control is not relevant, as the nature of the protocol does not allow a single entity to modify the established rules in consensus without gaining sufficient support by the miners.

• Permissioned Blockchains - Members of the consortium have adopted a governance structure to ensure that changes to the network are authorized.


• Change management procedures have been adequately followed.

Governance for blockchain

Governance for Blockchain

The following five factors will guide the definition and stand-up of an Governance for Blockchain

• Strategy

• People

• Governance

• Process Data

• Technology

Governance for Blockchain

You talking to CFO on Blockchain

“This is ridiculously ambiguous,” he complained.

Do I really need to be thinking about this now?

24 | Copyright © 2018 Deloitte Development LLC. All rights reserved.

Financein a

DigitalWorld

TM

Multiple Writers

If you’re trailing competitors in terms of cost, or want to leapfrog to new performance levels, blockchain could be an effective strategy

Whether “sooner” makes sense for your business depends on how efficiently you’re managing finance processes today.

Sooner or later, you should come to grips with that

What finance processes can blockchainsimprove?


Financein a

DigitalWorld

TM

Multiple WritersProcure-to-pay, accounts receivable, accounts payable, general ledger, reconciliation, and even payroll.

Blockchains can be used to improve almost any finance process

Why are we talking only about business blockchains?


Financein a

DigitalWorld

TM

Multiple Writers

Public blockchains that support cryptocurrencies like Bitcoin are an entirely different thing

They’re designed to improve transaction processing.

Business blockchains are set up by a single company or a group of companies where participants are specified and known

Finance can generate significant value from business blockchains without having anything to do with digital currencies

Some people say blockchains are largely free of risk. Is that true?


Financein a

DigitalWorld

TM

Multiple Writers

A shared ledger is visible only to participating organizations and access to data on the blockchain is restricted by users

Blockchains enable trust through transparency..

Yes.

How does blockchain fit with ERP?


Financein a

DigitalWorld

TM

Multiple WritersMajor ERP vendors are making significant investments to integrate blockchain technology into their platforms.

The relationship between ERP and blockchain is evolving

Why is this more secure than the tools I already have?


Financein a

DigitalWorld

TM

Multiple WritersThe permanent and irreversible nature of blockchains greatly reduces the possibility of fraud and errors.

Blockchain is not a magic bullet in terms of risk reduction, but it does have significant benefits in how the technology operates.

What Next?

What next? – New Opportunities !

• CA’s in practice and industry should embrace blockchain.

• CA’s should learn how it will impact the business/firm/profession.

• CA’s with technology based audit expertise would be preferred.

• Blockchain offers a huge opportunity to CA’s to position themselves as forward thinking and cutting edge.

• New opportunities shall emerge.

What next? – New Opportunities !

• Smart contracts

• Parties to smart contracts may engage

• CA’s to verify the business logic of the smart contract.

• Access granting administrator

• For a permissioned blockchain, CA’s may be perfect candidate to serve

• As a central access granting administrator

• Service auditors of consortium blockchain

• CA’s may act as trusted and independent 3rd

party to provide assurance

• Primarily effectiveness and robustness of the architecture


Financein a

DigitalWorld

TM

Team

Assign a team to stay on top of blockchain developments in Finance. Include both technical and business people.

Read

Develop a reading list that includes both skeptics and evangelists. Blockchain is moving fast. Keep up.

Trading Partners

Meet with a few of your major trading partners to find out how they’re thinking about blockchain opportunities.

Monitor

Monitor what leaders are doing in your industry.

Smart Small

If you’re going to start, start small.

THINK BIG ….VERY BIG…..START SMALL!!

What Next? – To Do List !

blockchain audit, risk & governance and audit.pdf · problems and is single source of truth....

Documents