Why Blockchain is Becoming Crucial For Internal Auditors

By Mike Martin


Blockchain is about to transform the way organizations, governments and individuals handle transactions, and internal auditors need to educate themselves on the technology.


That was the key message internal audit consultant and industry veteran Ian Kirton delivered in a January 20 Caseware webinar called, “The Impact of Blockchain on Internal Audit.”


Blockchain will disrupt traditional industries, Kirton noted, because it enables the direct transfer of assets or information between individuals and organizations without an intermediary. 


For example, Kirton explained, if you walk into a local store today to make a purchase, the retailer will take your debit card, put it into a terminal, and the terminal will contact your bank. The bank will check that you have enough money to make the purchase. If you do, the bank will authorize the purchase for a fee, deduct the purchase amount from your account, and keep a record of the transaction.


Blockchain changes that relationship by allowing transactions to happen anywhere digitally, directly between individuals. So in the example above, the bank would be removed from the transaction and the retailer and purchaser would each have their own digital copy of the amount available to make the transaction, as well as a record of the transaction.


“As an auditor, you have to start thinking about how it might impact your organization and what you are doing in the blockchain space,” he said. Even if your business isn’t yet using blockchain, he added, your suppliers, customers or partners might be. 


Time-stamped, Real-time Transactions


Blockchain — the technology best known for powering cryptocurrencies — is a distributed, network-based database that exists on every computer within a defined network, Kirton explained. Transaction records are logged as blocks of data, and each block is encrypted, making it incorruptible and permanent. 


“As an auditor, you have to start thinking about how blockchain might impact your organization.”


Every computer in the network needs to confirm every transaction, and each transaction is time-stamped and linked to previous ones in real time. This is what allows blockchain participants to establish trust with one another and avoid using intermediaries, such as banks. 


“That’s a great concept for auditors,” Kirton said. “If you start to think about what auditors do, we really look at records, we look at transactions, and we look at the history.”


Auditors dealing with blockchain need to pay close attention to where data is stored and how it is being shared. This is particularly true when it comes to assessing compliance with regulations such as the General Data Protection Regulation (GDPR), the European Union’s data protection and privacy regulation. 


“New technology always gets ahead of rules, regulations and protocols,” Kirton said. “And that’s certainly true for blockchain.” 


How Auditors Can Leverage Blockchain


There is no industry standard for blockchain, so when companies implement the technology, deciding which platforms to purchase can be difficult. The platforms should work with your existing systems, Kirton said, and it’s important to understand the nature of the technology as well as its potential risks and controls. Auditors also need to consider how they would audit blockchain transactions.


“‘Why not get a connection to that data to allow you to extract those records and use them for your audit work?” Kirton asked. “These are the kinds of things audit firms need to be thinking about now to make sure that, as these systems are introduced, they can continue the audit work they already do and, therefore, still apply good audit thinking.” 


Kirton said some of the questions auditors should ask are:


  • What are the risks?
  • How does this change my audit universe?
  • How does this impact my suppliers?


Ultimately, he noted, auditors need to make sure they have the right risk assessment methods, testing strategies and tools to deal with blockchain. 


Auditors and Blockchain — Real-world Examples


Kirton illustrated how several industries are already using blockchain to make processes more efficient and reduce costs. One example is TradeLens, an open and neutral blockchain-based supply chain ecosystem that includes cargo owners, shipping companies, logistics providers, ports and customs officials. 


A typical shipping transaction can involve more than 20 parties with many manual workflows, siloed data in different formats and data being replicated multiple times by the various parties.


Using blockchain, TradeLens is able to track more than 120 shipping events on each shipment, digitize more than 20 common document types, deliver a secure workflow and drive standardization and automation to reduce costs and shipping times. 


“If you increase the efficiency even just a little bit, you will really increase the tradeflow,” Kirton noted.


Another example Kirton cited was PharmaLedger, a European consortium of 29 partners encompassing pharmaceutical firms, hospitals, universities, patient organizations and technology companies communicating with one another over blockchain. The initiative’s goal is to accelerate the delivery of innovations that benefit everyone in the ecosystem. 


One PharmaLedger initiative is designed to boost consumer trust in medicines. A person could scan a QR code on a medicine package and receive a blockchain-based eLeaflet about the medicine, including the latest updates, any recall information or advice on safe disposal.


Another PharmaLedger program aims to make clinical trials more efficient. It does so by supporting secure remote data capture from internet-connected medical devices and integrating that data with advanced analytics. This will reduce the number of visits trial patients need to make to clinics.


A New Audit Technology


Blockchain is going to transform how companies and consumers perform transactions, Kirton said, but it won’t replace the need for good auditors who can think about the technology and its implications.


“The fact we have complete records date-stamped in real time is music to an auditor’s ear,” he explained. “Really, what you need to do is get behind that technology and understand it’s really just business transactions that are digitized. It’s really just data. And you need to think about where that data is held and where in your companies you’re using this solution, or where your suppliers, customers or people your business transacts with are using it.”

Watch an on-demand version of the webinar here