An internal auditor’s guide to auditing blockchain

Blurring the line between physical and digital

Blockchain seems to be on every businessperson’s lips these days. But what is it, how will it reshape the way organizations operate, and how will it affect the roles and responsibilities of internal audit? In this three-part series, we address the fundamentals of blockchain, blockchain risks, and considerations for auditing blockchain environments.

What is blockchain?
It’s a protocol that allows entities to store and share transactional information in a controlled and systematic way.

Our auditing blockchain series

While blockchain may be the next step in the digital evolution, specific implementations of the technology are still susceptible to risk. This will call for internal audit to play a pivotal role, not only in providing traditional assurance but also acting as a trusted business advisor in anticipating and evaluating these new and emerging risks. Our three-part series is designed to help internal auditors fulfill this role.

hand tab

Part 1: An introduction to blockchain

To launch our three-part series, we introduce internal auditors to the fundamentals of distributed ledger technology, how blockchains work, key features, and types of blockchains. We also examine new concepts, such as smart contracts, tokens, initial coin offerings (ICOs), and cryptocurrencies.

Part 2: Risk considerations in blockchain technology

In our second installment, we apply an internal audit lens to risk considerations when implementing blockchain technology. As the third line of defense, an internal audit is entrusted with the responsibility of providing the board and its management with comprehensive assurance while maintaining its independence and objectivity within the organization. These considerations are brought to life through a fictitious example of a pre-implementation review of a blockchain-based solution.

Part 3: Auditing blockchain environments

With blockchain, the underlying foundations of auditing and internal control can be embedded into each transaction. This means that the internal audit design itself can be shifted from a retroactive, point-in-time examination to an ongoing, real-time monitoring process that is informed by previous transactions. In this third and final part of the series, we focus on drafting an internal audit program and the advantages of auditing a blockchain-based system.

Our blockchain services

Deloitte helps companies worldwide explore every aspect of blockchain and build tailored solutions designed to deliver value. Through our ecosystem for education, ideation, strategy, prototyping, and development, clients are able to harness the opportunities and capabilities that blockchain technology provides. Learn more about Deloitte’s insights on blockchain, as well as the services we offer.

Did you find this useful?