Provide feedback on this document
Visit the Audit community
As blockchain is still an emerging technology, there is not yet a published uniform auditing standard. However, this program is intended to help organizations identify and develop key policies, procedures and controls to mitigate risk and streamline processes.
Audit Subject: Blockchain Technology Audit Preparation Program
Blockchain is the underlying distributed network system that stemmed from the world’s first decentralized cryptocurrency, bitcoin. It has quickly become one of the most promising technological advancements in recent times. Blockchain has the potential to transform a variety of key industries that are ubiquitous to modern life: finance, healthcare, manufacturing, and real estate, to name a few.
Blockchain’s prominent feature is its ability to eliminate the need to trust a central authority for approval, as it instead relies upon decentralized participants to reach consensus. Its benefits include: transparency, cost reduction, enhanced speed, and embedded security. However, with any new technology, there are often drawbacks that can result in issues for organizations. Blockchain is still not a mature technology, and caution must be used when deploying it at an enterprise level. As the risks are often misunderstood and overlooked for this emerging technology, ISACA has developed an audit preparation program to provide organizations with a framework to manage blockchain.
The blockchain technology audit preparation program worksheet is provided as a separate file.
- Provide management with an assessment of whether their blockchain technology control environment is adequately designed and operationally effective.
- Identify blockchain risks which could result in reputational and/or material financial impact.
- Provide management with a holistic perspective on blockchain technology that considers both technical and non-technical factors.
The audit preparation program is built on the following six categories:
The auditor performing the review will be required to determine the scope of organizational functions, systems, and assets that will be tested.