Companies Should Build Up Blockchain Controls, Advisory Group Says In New Report
Companies should begin designing internal controls and structures to manage blockchain systems, a new report argues.
The Committee of Sponsoring Organizations of the Treadway Commission — a body dedicated to commercial risk management and fraud prevention — published the report on Tuesday, August 5 making blockchain policy recommendations for companies. The report highlights that blockchain could help companies to streamline financial reporting and improve compliance with laws and regulations, but that use of the technology also poses new risks which need to be managed.
The report frequently referenced COSO’s “Internal Control — Regulatory Framework” guidelines, a document used by publicly traded companies to comply with laws requiring them to prove that their controls over financial reporting are effective. If companies were to integrate blockchain into their systems it would require new procedures for many of the processes they need to report on.
While blockchain is best known as the technology underlying cryptocurrencies like Bitcoin or Ethereum, its use cases are much broader. In the case of businesses, blockchain could lead to entirely automated financial reporting systems and changes when dealing with confirmations, audits, vendor and supplier relations and management of third-party service providers. Oversight and cross-organization of internal controls could also be reimagined through smart contracts. Addressing company executives, auditors and governing boards, the report stated that adopting blockchain may not be an option and that in preparation companies should begin exploring internal regulatory frameworks for blockchain projects.
“The potential benefits of blockchain to financial reporting will be maximized only if those who understand and are responsible for financial reporting, internal controls, and auditing are actively involved in the discourse about blockchain and collaborate to advance the collective agenda,” the report reads.
Authors covered potential risks a company may take on when utilizing the technology, starting by explaining that the decentralized nature of blockchain means that if something goes wrong in the system, there is no recourse. If an organization’s private keys are lost, then all value stored on its wallets are gone, similar to how if an individual falls victim to a cryptocurrency scam there is no way for them to recover their funds.
Authors went on to state that there are heightened cybersecurity risks when adopting blockchain. If the underlying technology is tampered with there could be rippling consequences. The quasi-anonymity blockchain also poses the risk of collusion or transaction hiding, according to the report.
To mitigate these risks, authors advised companies to develop a blockchain code of conduct, help employees build blockchain knowledge, assemble cross-disciplinary teams and work with auditors and software developers to explore blockchain adoption.
There are also more superficial challenges to blockchain adoption, including that a company’s reputation may be harmed by fully embracing and advocating for the use of the technology. The authors may have been alluding to stigma surrounding cryptocurrencies which are invariably linked to blockchain technology.
“Although generally, the use of blockchain is considered forward-thinking and positive, the act of advocating, adopting, and embracing blockchain or associating with certain groups may be seen negatively by an organization’s employees, clients, advisors, and overseers,” the report reads.
Ultimately when considering blockchain technology, companies must weigh the benefits of a verifiable, immutable transaction record which could increase transparency and accountability against a learning curve and potential cybersecurity risks.
Accounting firm Deloitte participated in the creation of the report. The other three “big four” accounting firms — PricewaterhouseCoopers (PwC), Ernst & Young (EY) and KPMG — have also taken steps towards understanding and working in both blockchain and crypto spaces. Having strong regulatory and auditing structures in place is crucial to moving towards mainstream adoption of blockchain technology as it provides stakeholders with confidence that companies are operating transparently and in compliance with the law.
“SEC issuers will want to design blockchain technologies to support the entity’s internal control over financial reporting,” KPMG United States blockchain audit leader, Erich Braun, told Cointelegraph in an interview. “Being able to demonstrate how these technologies achieve their objectives in a well-controlled environment is critical to a successful blockchain strategy. If the technology is not auditable, the immense benefits it brings, such as increasing efficiencies and cutting costs, may not be realized.”
By Emily Mason