29 April 2021, Schaumburg, IL, USA — Blockchain can deliver rich benefits to enterprises, from decentralisation to immutability, but it is important to remember that the technology is not one size fits all and can come with its own risk that needs to be managed, according to a new joint white paper from ISACA and AICPA & CIMA, Blockchain Risk: Considerations for Professionals. Developed by the ISACA-AICPA & CIMA Joint Blockchain Working Group, whose mission is to identify and document risk associated with private blockchains, Blockchain Risk documents, describes and provides context around specific risk related to blockchain implementation and operation. It is organised by five key domains—governance, infrastructure, data, key management, and smart contracts.
“Many enterprises are eager to harness the power of blockchain to transform their businesses or operations,” said Dustin Brewer, ISACA senior director, emerging technology and innovation, and member of the ISACA-AICPA & CIMA Joint Blockchain Working Group. “While there are great benefits to using blockchain, practitioners should ensure they fully understand all types of risk to avoid potentially exposing their business to vulnerabilities, attack vectors or other issues before implementing—or even retroactively, if needed.”
Blockchain Risk emphasises that a broad array of practitioners—from CPAs and IT auditors to cybersecurity professionals and those in management roles—should gain an understanding of blockchain risks, including:
- Governance/design risk: Lack of protocols for unconfirmed transactions can allow processing of fraudulent transactions that were previously rejected, posing a threat to the network.
- Infrastructure/protocol management risk: Conditional instructions in protocol or smart contract code can allow infinite loops that put the ongoing operation and integrity of the network at risk.
- Key management: Creating a key/seed with insufficient breakup can place all future use of the keys for storing and transacting in crypto assets at risk. The keys can be brute forced or guessed, resulting in a loss of assets.
“It is important for any entity using blockchain technology to understand that there are unique risks in this space and it is imperative to identify those risks quickly,” said Diana Krupica, CPA, AICPA & CIMA lead manager, emerging assurance technologies assurance and advisory innovation. “Using a resource such as this risk matrix means entities will be alerted to issues in order to design the necessary processes and controls to mitigate such risks and enable success.”
The white paper also includes an extensive list of additional blockchain resources from ISACA and AICPA & CIMA, including ISACA’s new Blockchain Framework and Guidance and Blockchain Preparation Audit Program, and AICPA & CIMA’s Blockchain and Beyond Learning Programs and Blockchain Universal Glossary.
To download a complimentary copy of Blockchain Risk, visit www.isaca.org/bookstore/bookstore-wht_papers-digital/whpbrc or https://future.aicpa.org/resources/download/blockchain-risk-considerations-for-professionals. Additionally, join online discussions around blockchain and other emerging technology topics within the ISACA Emerging Technologies Engage Community.