The American Institute of CPAs (AICPA) today issued a new whitepaper to help auditors providing SOC for Service Organization (SOC) reports on organizations that have incorporated blockchain into their service delivery systems. The paper examines the skills and competencies auditors need to perform such engagements, the unique features of blockchain, the risks associated with using blockchain, and how the use of blockchain by service organizations may affect their SOC examinations.
- An overview of blockchain, including a discussion of the different types of blockchain networks and some of its unique features.
- Specific risks of using blockchain.
- An overview of relevant professional standards and criteria governing SOC for service organization examinations.
- A discussion of the need for the engagement team to possess knowledge about blockchain and the specialized skills and competencies to perform the engagement, including the use of specialists when appropriate.
- A description of the unique elements of the auditor’s understanding of a service organization’s system when blockchain is integral to and interfaces with that system.
- A discussion of unique considerations when forming an opinion on the description of a service organization’s system that includes blockchain, the suitability of the design of the controls, and in a type 2 examination, the operating effectiveness of controls.