Assurance in a blockchain world

How can you prepare to address the risks?

​As blockchain, distributed ledgers, and cryptocurrencies enter the mainstream, stakeholders should consider their ability to mitigate the new risks that can occur. Explore the unique risks associated with the technology and business models of these players—particularly, the financial, technology, operational, and regulatory risks. If not properly planned for, these risks can cause significant loss.

Prepare to address the distributed ledger risks

Blockchain technology is changing rapidly. In addition to standard financial, technology, operational, and regulatory risks, blockchain, distributed ledgers, and cryptocurrencies come with their unique set of risks and challenges. It's time for stakeholders to take note of the risks, look closer at the players, and determine how much risk-mitigation assurance they need. Let's start off by diving into the blockchain-based companies that are already well established within the industry.

The interactive table below is not an all-inclusive set of risks. It is an illustrative set of topics entities can use to generate a dialogue. The table includes where the risks reside and which risks apply to the service providers listed.

Evaluating risks and controls

Given the volatility of the markets and increasing use of digital assets, many customers are concerned about the availability of the services and access to their funds. Rightfully so. While a majority of these risks reside at service providers, customers need to be aware of the same and plan to address them by identifying ways of evaluating controls at the service providers.

There are a few different ways of evaluating risks and controls at the service provider level. One way is for service providers to get a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy (Trust Services Criteria), also commonly referred to as a service organization control 2 report. Combing the nature of the technology and the lack of publicly available mature frameworks, it is incumbent upon the service provider to select a qualified service auditor.

A control environment that effectively addresses the risks would consist of a combination of traditional controls and controls addressing blockchain-specific risks.

Rapidly changing technology will continue to introduce new and unique risks in the environment and, therefore, customers and service providers alike will need to adapt and continue addressing such risks.

To learn more, download Assurance in a blockchain world: How you can prepare to address the risks

Tablet in use

Get in touch to learn more

Tim Davis
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 206 716 7593 

Brandon Brown
Managing Director | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 801 366 2659
Seth Joseph Connors
Senior Manager | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 313 394 5139

Carey Carpenter
Managing Director | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP
+1 415 783 6730

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

Did you find this useful?