Blockchain risk advice offered by AICPA, CIMA & ISACA

T

he American Institute of CPAs (AICPA), The Chartered Institute of Management Accountants (CIMA) and ISACA, an international professional association focused on IT governance, have collaborated to produce a joint white paper, Blockchain Risk: Consideration for Professionals.

Blockchain Risk aims to emphasise that a broad array of practitioners—from CPAs and IT auditors to cybersecurity professionals and those in management roles—should gain an understanding of blockchain risks, including:

• Governance/design risk: Lack of protocols for unconfirmed transactions can allow processing of fraudulent transactions that were previously rejected, posing a threat to the network.
• Infrastructure/protocol management risk: Conditional instructions in protocol or smart contract code can allow infinite loops that put the ongoing operation and integrity of the network at risk.
• Key management: Creating a key/seed with insufficient breakup can place all future use of the keys for storing and transacting in crypto assets at risk. The keys can be brute forced or guessed, resulting in a loss of assets.

AICPA & CIMA lead manager of emerging assurance technologies and advisory innovation said: “It is important for any entity using blockchain technology to understand that there are unique risks in this space and it is imperative to identify those risks quickly. Using a resource such as this risk matrix means entities will be alerted to issues in order to design the necessary processes and controls to mitigate such risks and enable success.”