(c) South Africa Institute of Chartered Accountants. Contact SAICA for permission to reproduce this article., Audit and Assurance, Uncategorized

Blockchain: what does it mean for audit?

Nowadays, everyone is talking about blockchain. But what could it mean for auditors? Does the availability of unchangeable, verified information reduce the need for auditing – or just shift the focus of the auditor’s responsibilities? This article focuses on the analysis of blockchain, its use for financial and operational information and the potential impact that it may have on an audit.

What is blockchain?

Blockchain is a technology that can provide real-time, permanent and unchangeable verification for financial and operational transactions. The blockchain is a shared, digital record of transactions or information of any value between two or more parties. It is a decentralised, distributed ledger, meaning transactions are shared and replicated in real time on computers located at every node, providing a verifiable independent single source of truth. Transactions are stored inside ‘blocks’ that become part of a contiguous ‘chain’, with each block ‘time-stamped’ and continuously verified by the blocks that precede and follow it. This makes the ledger permanent and virtually tamper-proof − a shared source of truth that uses public and private cryptography to sign transactions digitally.

If an organisation runs its own blockchain to record financial or operational transactions, it is ‘private’ − meaning that the organisation can write its own code for the blockchain and control who has access to it.

What are the implications of blockchain for an audit?

On the face of it, blockchain could have major implications for an audit. Blockchain and other decentralised ledger technologies, if designed appropriately, could provide a permanent and immutable record of transactions. It has significant potential to boost the confidence and trust that a user has in the data.

Management would be responsible for developing the smart contract as part of the implementation of a blockchain-distributed ledger system and be able to demonstrate the controls around their use including any changes and updates.

In terms of ISA 315 (Revised)[1] the auditor is required to obtain an understanding of the entity and its environment, including the entity’s internal controls. In terms of obtaining an understanding of a distributed ledger system such as blockchain, areas where the auditor may focus his attention include:  

  • Identification of all relevant blockchains
  • Establishing the reliability of any blockchain used. This will be influenced by a number of factors such as:
    • The complexity of transactions and the accuracy of the blocks used to record them
    • The methods of consensus validation used
    • The controls over change management and access to the blockchain to prevent unauthorised or inappropriate transactions, and
    • The design of interfaces between the blockchain and other systems used for financial reporting

Verifying the application of blockchain consensus mechanisms or protocols may be accomplished through ‘triple-entry accounting’ where existing double-entry accounting systems are retained while blockchain ledger entries would be a ‘third’ entry − the result being a mutual confirmation of transaction integrity. Blockchain’s ability to bring additional reliability and scalability will help to produce trust in large scale financial accounting and reporting systems.

What impact could blockchain have on audit quality?

If auditors have access to the blockchain and its reliability of the blockchain itself has been established, audit quality could be enhanced through the use of blockchain technology.

Having continual access to the chain could also move us closer to real-time auditing and continuous assurance. For example, companies will maintain a controlled environment around their financial systems by continuously monitoring the blockchain and identifying when a control is circumvented.

Where do we go from here?

For blockchain to proliferate, the technology will need to be taken up widely by businesses – together with a willingness to potentially share a higher level of information than is common today. However, it remains to be seen how organisations will view this required level of transparency.

Frequent and regular discussion among standard setters, practitioners, regulators and other interested parties, both globally and nationally, would be well suited to monitor and develop a consensus on realising the benefits of using more advanced technologies such as blockchain in the audit.

In summary – blockchain holds exciting potential for auditors. Audit firms should actively be participating in discussions with clients, regulators and other stakeholders as the technology develops.

NOTE

[1] ISA 315 (Revised), Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment.

Shaaheen Tar-Mahomed is a Partner at KPMG.

This article was originally published in ASA.