A primer for information technology general control considerations on a private and permissioned blockchain audit

Abstract

Blockchain is a disruptive technology that offers advantages to the audit profession such as transparency into all transactions, an immutable ledger, and the potential for real-time auditing. However, to realize these benefits, the profession must be prepared to gain comfort over blockchains as a component of organizations’ information technology infrastructure. This paper considers risks to private and permissioned blockchains through the lens of information technology general controls (ITGCs) as part of an audit of internal control over financial reporting. I discuss new ITGC areas of focus for auditors to consider, along with areas of risk that blockchain could eliminate. To help readers better understand this emerging topic, I provide illustrations, a summary table of key points, and a glossary of blockchain-related terms used throughout the paper. This paper should be viewed as a primer of ITGC considerations on blockchain audits, as more nuanced concerns will emerge as the technology evolves.