Auditing Distributed Ledgers and Blockchains

by Mark Eckerle, CPA, WithumSmith+Brown, PC – April 1, 2019
Auditing Distributed Ledgers and Blockchains

The auditing landscape has remained relatively unchanged over the past few decades with similar procedures being used to gain assurance that the financial statements are free of material misstatement. But distributed ledger technology offers a significant opportunity to increase efficiency in the auditing process.

A distributed ledger, or distributed ledger technology, is often referred to as blockchain technology. It is a consensus of replicated, shared and synchronized digital data, which is geographically spread across multiple sites, countries or institutions with no administrator or centralized data storage. A distributed ledger is essentially an immutable database maintained among a set of nodes or computing devices.

Blockchains are one form of distributed ledger technology and are distributed across and managed by peer-to-peer net­works. The major difference between most other distributed ledgers and a blockchain is that other distributed ledgers do not usually employ a chain of blocks to provide a securely distributed consensus.

Distributed ledgers have taken central stage in technology innovation in the business world as this technology can disrupt current best practices. Utilizing distributed ledgers and blockchains within accounting, specifically auditing, can improve audit efficiency and audit quality.

Major accounting firms are devoting significant resources to blockchain development by establishing research labs; however, the full extent to which blockchain and distributed ledger technology will impact the auditing industry remains uncertain.

Public v. Private Blockchains

There are two types of blockchain technology: public blockchains and private, or permissioned, blockchains. The main distinction between the two is related to who is allowed to participate within the network and maintain the shared ledger.

A public blockchain network is an open-source software program where anyone can join and participate. This type of network, or protocol, typically has a built-in incentive mechanism to encourage network participants to join and use the network. An example of a current public blockchain is the Bitcoin blockchain, which is publicly accessible and can be used by any participant to transact with Bitcoin.

A private blockchain network requires an invitation and must be validated by either the creator of the network or by a programmed set of rules that are built into the network by its creator. A private blockchain typically will have a permissioned network which places restrictions on its participants and the types of transactions. Records on a private blockchain are synchronized on all of the nodes to ensure immutability. Privately distributed ledgers offer more privacy, energy-efficiency and scalability as the network sizes are generally smaller than publicly distributed ledgers. An example of a private blockchain in production today is J.P. Morgan’s quorum.

In order for distributed ledger technology to provide audit efficiency and audit quality, accountants must understand how to use and audit the technology. Auditing distributed ledger technology will vary depending on whether it is a public or private network.

Auditing a Public Blockchain

Auditing a public blockchain focuses not so much on the process of auditing the blockchain itself, but rather obtaining assurance that the blockchain is working effectively and a third party can independently verify a transaction. The Bitcoin blockchain, for example, offers three key technological characteristics to assist in the auditability of the public blockchain: a fault-tolerant system, digital timestamping and a currency ledger using cryptographic primitives.

A fault-tolerant system, when applied to the Bitcoin blockchain, is the process of building blocks by independent miners. If there are any attempts at malicious behav­ior or attacks on the system, a miner can identify and halt the process. Miners verify transactions on the Bitcoin blockchain and are chosen at random. Currently, the exact number of miners on the network is unknown, but estimates have reached as high as 100,000 miners, according to the news source Brave New Coin. These miners can halt and report a transaction in order to prevent it from being completed. The process of building blocks on the Bitcoin blockchain is that once a group of transactions has been mined, they are grouped together into a single block and presented to the blockchain for authentication to be added to the chain of blocks, hence the name blockchain.

Digital timestamping is a core feature to external users and provides critical accountability through reliably verifying that the service operates in the intended way. This feature is a technique which leaves a digital fingerprint of the original data in the correct order within the blocks when added to the blockchain.

A currency ledger using cryptography is the most notable feature of the Bitcoin blockchain. When a transfer of Bitcoin occurs, it is publicly posted onto the block­chain for full transparency. This feature offers a use case for the blockchain for its users to transact upon it. Utilizing the first two features in conjunction with the third provides the key characteristics and functionality of the Bitcoin blockchain. These three features offer accountability and third-party verification from an independent source.

Auditing a Private Blockchain

Auditing a private blockchain involves creating an audit plan similar to that of an information technology audit, or information systems audit, where the infrastructure of the technology system is evaluated to accurately reflect the blockchain’s internal controls and effectiveness. Installing and maintaining effective controls is critical for an information technology.

An audit of an internal database or blockchain ensures that the appropriate controls are in place as well as tests the system’s functionality, specifically end-to-end. This involves performance testing on both the system’s inputs and outputs. Generally, an auditor would create a sample transaction to test the entire process. Auditors may also create “test” transactions, or fake transactions, in order to review and verify the controls in real-time.

Benefits for Auditors

The technological benefits of utilizing a distributed ledger, whether public or pri­vate, in the auditing process include:

  • Decentralization — the peer-to-peer design of blockchain eliminates the use of a trusted central third party
  • Encryption — preservation of client privacy through encrypted communication
  • Immutability — virtually fraud-proof database of information

Auditing has a unique need for distributed ledgers and blockchain technology distinct from other industries since this new technology can greatly increase audit efficiency. Is it important for accounting firms that efficiency is managed to help with audit pricing, the number of clients managed and overall customer satisfaction. An audit can be extremely meticulous, with auditors obtaining supporting documentation to verify transactions. Audit teams will need to adapt to utilize this new technology in an effective manner. With the current technological disruption that distributed ledgers and blockchain have to offer, this could drastically change the future auditing landscape. 

Mark W. Eckerle

Mark W. Eckerle

Mark Eckerle, CPA, is an audit manager at Withum. He is the vice leader of the NJCPA Emerging Technololgies Interest Group (#NJCPATech) and a member of the Emerging Leaders, Cannabis and Accounting & Auditing Standards interest groups.

More content by Mark W. Eckerle:

This article appeared in the March/April 2019 issue of New Jersey CPA magazine. Read the full issue.