Updated: Apr 27
ISACA released its long awaited guidance on Blockchain Technology Audit Preparation. As blockchain is still an emerging technology, there is not yet a published uniform auditing standard. However, this program is intended to help organizations identify and develop key policies, procedures and controls to mitigate risk and streamline processes.
Blockchain is the underlying distributed network system that stemmed from the world’s first decentralized cryptocurrency, bitcoin. It has quickly become one of the most promising technological advancements in recent times. Blockchain has the potential to transform a variety of key industries that are ubiquitous to modern life: finance, healthcare, manufacturing, and real estate, to name a few.Blockchain’s prominent feature is its ability to eliminate the need to trust a central authority for approval, as it instead relies upon decentralized participants to reach consensus. Its benefits include: transparency, cost reduction, enhanced speed, and embedded security. However, with any new technology, there are often drawbacks that can result in issues for organizations. Blockchain is still not a mature technology, and caution must be used when deploying it at an enterprise level. As the risks are often misunderstood and overlooked for this emerging technology,
ISACA has developed an audit preparation program to provide organizations with a framework to manage blockchain.The blockchain technology audit preparation program worksheet is provided as a separate file. ISACA's Blockchain Technology Audit Preparation Program addresses the following objectives:
Provide management with an assessment of whether their blockchain technology control environment is adequately designed and operationally effective.
Identify blockchain risks which could result in reputational and/or material financial impact.
Provide management with a holistic perspective on blockchain technology that considers both technical and non-technical factors.
Caplock Security's Tuan Phan is one of the expert reviewers participated in the development of this audit program. The program can be obtained from ISACA by following this link.