Free guide outlines five risk categories accounting, auditing, and IT professionals should understand
Schaumburg, IL (April 29, 2021) — Blockchain can deliver rich benefits to enterprises, from decentralization to immutability, but it is important to remember that the technology is not one size fits all and can come with its own risk that needs to be managed, according to a new joint white paper from ISACA and AICPA & CIMA, Blockchain Risk: Considerations for Professionals.
Developed by the ISACA-AICPA & CIMA Joint Blockchain Working Group, whose mission is to identify and document risk associated with private blockchains, Blockchain Risk documents describes and provides context around specific risk related to blockchain implementation and operation. It is organized by five key domains—governance, infrastructure, data, key management, and smart contracts.
“Many enterprises are eager to harness the power of blockchain to transform their businesses or operations,” said Dustin Brewer, ISACA senior director, emerging technology and innovation, and member of the ISACA-AICPA & CIMA Joint Blockchain Working Group. “While there are great benefits to using blockchain, practitioners should ensure they fully understand all types of risk to avoid potentially exposing their business to vulnerabilities, attack vectors or other issues before implementing—or even retroactively, if needed.”
Blockchain Risk emphasizes that a broad array of practitioners—from CPAs and IT auditors to cybersecurity professionals and those in management roles—should gain an understanding of blockchain risks, including:
- Governance/design risk: Lack of protocols for unconfirmed transactions can allow processing of fraudulent transactions that were previously rejected, posing a threat to the network.
- Infrastructure/protocol management risk: Conditional instructions in protocol or smart contract code can allow infinite loops that put the ongoing operation and integrity of the network at risk.
- Key management: Creating a key/seed with insufficient breakup can place all future use of the keys for storing and transacting in crypto assets at risk. The keys can be brute forced or guessed, resulting in a loss of assets.
“It is important for any entity using blockchain technology to understand that there are unique risks in this space and it is imperative to identify those risks quickly,” said Diana Krupica, CPA, AICPA & CIMA lead manager, emerging assurance technologies assurance and advisory innovation. “Using a resource such as this risk matrix means entities will be alerted to issues in order to design the necessary processes and controls to mitigate such risks and enable success.”
The white paper also includes an extensive list of additional blockchain resources from ISACA and AICPA & CIMA, including ISACA’s new Blockchain Framework and Guidance and Blockchain Preparation Audit Program, and AICPA& CIMA’s Blockchain and Beyond Learning Programs and Blockchain Universal Glossary.
To download a complimentary copy of Blockchain Risk, visit www.isaca.org/bookstore/bookstore-wht_papers-digital/whpbrc or https://future.aicpa.org/resources/download/blockchain-risk-considerations-for-professionals. Additionally, join online discussions around blockchain and other emerging technology topics within the ISACA Emerging Technologies Engage Community.
About AICPA & CIMA
The Association of International Certified Professional Accountants (the Association) (www.aicpa.org) is the most influential body of professional accountants, combining the strengths of the American Institute of CPAs (AICPA) and The Chartered Institute of Management Accountants (CIMA) to power trust, opportunity and prosperity for people, businesses and economies worldwide. It represents 650,000 members and students across 179 countries and territories in public and management accounting, and advocates for the public interest and business sustainability on current and emerging issues. With broad reach, rigor and resources, the Association advances the reputation, employability and quality of CPAs, CGMAs and accounting and finance professionals globally.
For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations, and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its more than 150,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide. In 2020, ISACA launched One In Tech, a philanthropic foundation that supports IT education and career pathways for under-resourced, under-represented populations.