Blockchain technology is still in its nascent stages but it holds tremendous opportunities. The technology platform has the potential to have a significant impact on the way companies build their processes and, in turn, on how they are audited, offering the audit process greater accuracy, transparency and ease. One day, the use of blockchain may reduce the need for confirmations and reconciliations and allow for real-time transparency to external parties.
The impact of blockchain
A blockchain is a ledger where transactions and data are pseudo-anonymously recorded and confirmed. It’s a record of events shared between multiple parties. More importantly—particularly regarding an audit—once information is entered, it is extremely cost prohibitive to alter. Everything is written to a blockchain only once. There is no such thing as reversing a transaction; an entity can only append more data. Think how often the auditor spends time verifying whether stored data has been edited through fraud or error.
Though the two concepts are sometimes confused and used interchangeably, blockchain and cryptocurrency are not synonymous. Blockchain technology enables cryptocurrency’s function, but its uses extend far beyond and varies by industry.
In aviation, for example, manufacturers can track a part through the entire supply chain, from creation to implementation, ensuring the part meets Federal Aviation Administration standards. This can prevent counterfeit parts from entering the system, thereby increasing safety and reliability.
In retail, Walmart and a group of food giants are teaming up with IBM and exploring how to apply blockchain technology to their food supply chains. The coalition—which includes retailers and food companies such as Unilever, Nestlé and Dole—aims to use a blockchain to maintain secure digital records and improve the traceability of food products at any point along the supply chain.
Audit methodology with blockchain
One of the most important considerations of audit methodology is the premise of data reliability. Since blockchain technology represents a new medium by which the auditor could rely not only on information, but also on the exchange of value, the reliability of data obtained from a blockchain will be paramount. Therefore, before an auditor is able to assess traditional financial statement risks and assertions, the auditor should first gain comfort over the security of the underlying blockchain a client is using.
When evaluating a blockchain for its data reliability, the focus is on the potential ability for the blockchain to be manipulated or altered. Blockchain technology utilizes a concept called a consensus mechanism that dictates how parties reach agreement on the transactions to be added to a blockchain. As an auditor is evaluating a blockchain’s data reliability, the auditor should evaluate the susceptibility of a blockchain’s consensus algorithm to attacks. Can someone create an unauthorized transaction that gets appended to the blockchain? Could someone perform a double spend? In cryptocurrency, an example of double-spending would be sending someone one unit of cryptocurrency and then, after it arrives at the recipient’s wallet address, reverse the transaction in the sender’s own record of the blockchain, but not the recipient’s.
An additional consideration to the reliability of data on a blockchain is the accuracy of that data. A board member of the Public Company Accounting Oversight Board (the PCAOB) stated the following in a speech that addresses this consideration: “Blockchain does not magically make information contained within it inherently trustworthy. Events recorded in the chain are not necessarily accurate and complete. Recording a transaction on a blockchain does not alleviate the risk that the transaction is unauthorized, fraudulent or illegal. Blockchain also does not address threats that parties to a transaction are related, or that side agreements exist that are not reflected in the chain.” As such, it is important that the auditor also understands the process by which data is submitted to a blockchain and the related control processes associated with accurate entry.
After an auditor has gained comfort over the data reliability of a blockchain, the focus can shift to the assertions over digital asset transactions and balances, which have their own set of challenges and benefits:
- Existence/rights and obligations: In the digital asset environment, the only identifier of an account (known as a wallet) is a random number and letter sequence. Blockchain technology allows for individuals and entities to “be their own bank” and maintain full control over their funds. Consequently, there are additional considerations for testing the existence of digital assets that would involve proving a client has control of an identified wallet.
- Completeness: Since all digital assets in existence can be viewed on a blockchain at any point in time, the considerations around completeness focus not on whether there are “hidden” digital assets on a blockchain, but more on whether there are controlled wallets being intentionally and incorrectly excluded from the books and records. The balance presented on the financial statements should generally match the wallet listing provided by the client. From a completeness perspective, any differentiation between these amounts likely means that clients are either not listing all the wallets they control or not recording all wallets they control in their books and records.
- Accuracy: Since a blockchain is immutable—it cannot be edited—the processing of data is significantly more accurate than a typical database. Provided that comfort over data reliability is obtained, the auditor could be in a position where there is reduced risk over the accuracy of information related to digital assets. Conversely, information that is not related to digital assets and is sourced externally or inputted from an external source to a blockchain does not make the information inherently trustworthy. Recorded transactions or events can still be inaccurate due to human input error.
- Cutoff: One of the key features of blockchain is the time stamping of every transaction and data input. For transactions that are effective in real time, the blockchain could provide evidence of proper cutoff. The use of a blockchain would, however, not eliminate the auditor’s responsibility to test proper cutoff, because the recording of a transaction or event at a specific point in time does not necessarily mirror the appropriate treatment in accordance with the relevant accounting standards. Examples of this would include the prepayment of a service provider invoice that should be expensed over time or the transfer of rights and obligations in a sale of inventory that is in transit at the financial reporting date.
- Presentation and disclosure: Transactions entered on the blockchain may not always include all the data necessary to evaluate the transaction. Therefore, the considerations around presentation and disclosure exist almost entirely outside of the blockchain. A document written to a blockchain does not contact the document itself, but rather the metadata of that document in order to authenticate its use in the transaction. Likewise, if a digital asset represents an ownership stake in a building or other physical asset, the auditor would need to perform additional procedures to verify the physical component of the transaction. There are important disclosure considerations associated with how the holding is classified, such as whether it is based on the characteristics of the token or the asset underlying the token. There are also additional challenges to consider when identifying the completeness of related party disclosures.
- Valuation: Since transactions on a blockchain are denoted only in the underlying digital asset(s), said digital asset(s) must be translated to the entity’s reporting currency for purposes of financial statement presentation. Due to the significant volatility in the exchange value of digital assets to fiat currencies, a detailed valuation policy is paramount to an auditor gaining an understanding over the valuation of digital assets reported in the financial statements.
Fundamental shift in audit design
Blockchain technology at its core is a new, encrypted digital accounting system. The transparency that blockchain provides requires a fundamental shift in how we think about auditing. A blockchain has the ability to record the supporting documentation, the authorizations, the journal entries, and execute the value transfer for both sides of a transaction all on the same platform. Therefore, this could minimize the need for confirmations or reconciliations, as this can be done in real time on a blockchain if all parties are utilizing the same blockchain. The audit design then shifts from a retrospective or forensic, point-in-time effort to an ongoing real-time monitoring effort. The underlying foundations of audit and internal control become part of the nature of each transaction.
The changing role of the CPA
The benefits of blockchain technology have already begun to excite large enterprises and middle market companies. Due to blockchain’s potential to dramatically shift audit design, an evolving role for the certified public accountant is almost certain. Future roles of the CPA may include the oversight, design and tuning of the automation of accounting, audit and tax. CPAs may become service auditors to enterprise blockchain platforms or auditors of smart contracts and data input accuracy. They may become credentials administrators and financial arbitrators of smart contracts acting as escrow agents. As blockchain proliferates through verticals, the use of software layers on top of blockchains may become another important tool for external auditors.
Using blockchain technology to improve a process, change the dynamics of a supply chain or reduce the friction of a financial transaction has long-term benefits for businesses. As processes move to blockchain technology, both internal and external auditors need to think about how this technology would change the audit process, and businesses need to think about how to implement this technology in a manner that will continue to provide a proper audit trail.