Blockchain has emerged as one of the most promising and talked about technological developments in many years. This advancement has the potential to transform several key industries, much like the rise of the internet in the 1990s.
Originating from the digital currency Bitcoin, blockchain technology employs the use of a distributed ledger to provide consensus through its decentralized participants, eliminating the need for a central authority as the keeper of the official record. With this unique functionality, blockchain offers a multitude of important benefits, such as enabling peer-to-peer transactions, transparency, cost reduction, speed, fraud mitigation and security by design.
However, as is the case with any emerging technology, there are several risks with blockchain that should be considered before an organization decides to move forward with plans to implement it. There are currently no universally accepted standards in place for blockchain, nor is there clear guidance available from a regulatory perspective. As a result, caution must be used by any enterprise when deploying blockchain technology.
The good news is, when properly deployed, blockchain can provide substantial benefits. Still, blockchain is not practical for every organization, and management must ensure that its use actually supports business objectives. When a blockchain solution does not align with business objectives, the following examples of negative impacts can occur:
- Impractical use cases not in alignment with organizational strategy
- Inadequate deployment wasting time and resources
- A blockchain solution functioning improperly
- Potential for noncompliance with industry regulators
- Vulnerabilities possibly impacting source code, endpoints, and sensitive data
New Tool Helps Mitigate Blockchain Risks
To provide organizations with a framework to help manage blockchain, ISACA has created the Blockchain Preparation Audit Program. (Note: The Blockchain Preparation Audit Program is complimentary for ISACA members.) The program covers six key areas relating to the blockchain lifecycle: pre-implementation, governance, development, security, transactions and consensus.
These areas touch upon the primary risks associated with use of blockchain. Proper use of the audit program will help achieve the following objectives:
- Assessing an organization’s blockchain solution to determine whether it is adequately designed and operationally effective
- Identifying blockchain risks which could result in reputational and/or material impact
- Providing organizations with a holistic perspective on blockchain technology, with consideration for both technical and non-technical factors
In addition to the risks discussed above, the blockchain audit/assurance preparation program also will allow organizations to consider other relevant questions, such as:
- Was there a business case assessment created for the use of blockchain? Was it approved by key stakeholders?
- What were some practical use cases that the organization was looking to use blockchain for?
- What type of blockchain (permissioned versus permission-less) is the organization using?
- Are blockchain wallet private keys being managed by a clearly identified custody approach?
- How is the organization acquiring the required development expertise to support the blockchain solution?
- How were vendors selected to support the organization’s blockchain solution? What due diligence processes were followed?
- Does management adequately understand blockchain technology, and are they providing effective oversight?
- What is the approach being used to manage applicable regulatory risks?
There is a lot of hype right now regarding the use of blockchain, make sure your enterprise considers the risks and makes the right preparations to make blockchain deployment successful.
(This article was excerpted from an ISACA Now blog post)
