Blockchain for audit

Auditing in the digital world

Blockchain, cryptocurrencies and other digital assets are transforming businesses like banking. Blockchain’s data integrity protection, instant information sharing, and programmable and automatic process controls via smart contracts could enable new accounting methods and allow new levels of automatic assurance. Gisela Medeiros Coimbra, Partner Director of Audit and Consulting, Russell Bedford, Brazil writes

I

n this article we will look at what this means for auditing and how auditors will need to adapt to the changes that will necessarily occur.

Gisela Medeiros Coimbra
Partner Director of Audit and Consulting
Russell Bedford, Brazil

The developing picture

Digitalisation has already reduced the reliance on physical documents by enabling greater automation. FinTechs, with innovation at their heart, have driven this transformation, disrupting financial services with application-based products offering a gateway to a suite of features. This has enabled greater decentralisation of financial services, which came into its own during the pandemic when social distancing made hitherto conventional face-to-face banking transactions difficult.

The war in Ukraine has highlighted the inevitable future dominance of digital assets. Wartime economies suffer as banks and stock markets close, and local currencies devalue. As people rush to flee Ukraine, they can do so without losing their assets and without depending on a local currency.

Protecting against cyber threats

The switch to digital has led to a growth in cyber-attacks. This heightens the importance of relying on companies that are fully versed in the language of digital and know how to protect against attacks.

Currently, the three main trends in the financial services market are blockchain, ML/DL (Machine Learning/Deep Learning) and OCR (Optical Character Recognition).

Blockchain can prevent fraud and data tampering by eliminating the duplication of information, while ML and DL enables the use of artificial intelligence (AI) to imitate the human brain. Lastly, OCR can recognise characters in digital image files to create editable text files, making it possible, among other things, to automate registration and other processes by extracting information from personal documents and contracts.

Regulating cryptocurrency

Open finance describes the data-sharing principles that enable third-party providers to access data across financial sectors and products such as savings and investments. Sharing data aids industry-wide innovation and enhances the agility of businesses to respond to changing customer needs. However, increased data sharing, combined with AI and ML tools, elevates the risks to data security and broader customer protection.

In 2021 China became the first major economy to issue its currency on the blockchain. Issuing a digital yuan enabled China to take an extreme approach to regulating cryptocurrency by banning it completely.

Ukraine introduced a legal and regulatory cryptocurrency framework after it began to receive digital currency donations following the Russian invasion. Rules governing cryptocurrency registrations and licensing also exist in other financial markets including the EU, UK, US, Canada, and Japan. The UK and US have both tabled plans to strengthen regulation further, while Brazil has begun the process of regulating cryptocurrency markets by drafting legislation.

The role of auditors

Auditors have a key role to play in mitigating unintended risks that arise from using cryptocurrency tools by focusing on risk management of the electronic data cycle and its culture, accountability, knowledge and expertise, and operational resilience.

When registering digital assets in financial statements, in the absence of specific accounting rules auditors must use professional judgement to decide which accounting standards and measurements to apply to digital assets.

Where the digital asset originated in an unregulated market, the enforceable rights may not be explained clearly in the initial coin offering (ICO) documentation. Auditors may need to seek legal advice to establish the holder’s enforceable rights.

Evolving skills requirements

New technologies bring new risks and auditors will need to think innovatively about how to identify, measure and manage these risks. The burgeoning dependence on data, and new techniques and tools, heightens risks around quality, privacy, security, retention, ethics, and sovereignty.

Given the changing nature of products and services, product delivery, and customer communications, auditors need to consider the end-customer at all stages of a product lifecycle. This means reviewing their overall risk management framework and attracting staff with new skill sets in a highly competitive market.

While auditors still need to gather the evidence to address risks, the types of evidence in the digital environment are different and present new challenges. What doesn’t change is that the more risk that exists, the more evidence that is necessary. Auditors may now encounter more often situations where a combined test of controls and substantive procedures becomes necessary to respond to specific risks of material misstatement. This is likely because of complex blockchain technology, the unique risks it presents, and the difficulties in gathering strong and sufficient evidence.

Where a client uses a third-party custodian, audit procedures may require an auditor to inspect custodial agreements and statements, and to confirm with the third party. An auditor must carefully evaluate the reliability of the confirmation response and assess whether it constitutes sufficiently appropriate audit evidence.

Audit firms working in this market will need to focus on new skill sets because auditing in a digital environment is not the same. It presents unique challenges that include different audit tools and methods of analysis. This needs a new type of talent. To meet client needs audit firms now need specialists in cryptography, blockchain technology, data analytics, and valuation.