Internal auditors are no strangers to change, and change continues to transform even the most traditional of processes. The latest revolutionary innovation is blockchain. Initially the technology underlying digital currencies such as Bitcoin, blockchain is beginning to change processes across many industries.
Like all new technologies, blockchain may produce innumerable new risks. Yet ultimately, it has the potential to help manage and mitigate many traditional audit risks. Internal auditors need to understand how blockchain may change business processes, determine the risks to the organization, and revisit audit processes and procedures to leverage the technology in their work.
How It Works
A blockchain is effectively a type of decentralized database known as a distributed ledger. Unlike traditional databases, blockchains have no sole administrator. As each transaction is recorded, it is time-stamped in real time onto the "block." Each block is linked to the previous block, and each user has a copy of that block on his or her own device. That process effectively creates an audit trail.
Blockchain is most notably used for transactions involving the buying or selling of digital currencies. Although the electronic encrypted audit trail is one by-product of the underlying technology of interest to interna] auditors, another interesting side effect of the process is an accounting methodology called triple-entry accounting. Modern financial accounting is based on double-entry bookkeeping dating back to the 1400s. With triple-entry accounting, all entries for a given transaction are made to the block-chain to verify and document receipt of the transaction. Thus, triple-entry accounting blends traditional double-entry accounting with third-party validation. As such, this methodology potentially could vastly alter traditional accounting processes and the subsequent control activities, risk assessment, and monitoring activities.
Impact on Audit Process
Often, internal auditors must catch up with technologies that are already in place, making modifications to the existing audit plan arduous and further emphasizing the need for a dynamic and adaptable audit plan. The complexity and incremental cost associated with blockchain implementation creates additional risk to the organization, making it vital that auditors are involved from inception and not just after implementation when a final process must be audited. Other risks associated with blockchain...