The potential impact of blockchain on the audit and assurance profession
Some publications have hinted that blockchain technology might eliminate the need for a financial statement audit by a CPA auditor altogether. If all transactions are captured in an immutable blockchain, then what is left for a CPA auditor to audit?
While verifying the occurrence of a transaction is a building block in a financial statement audit, it is just one of the important aspects. An audit involves an assessment that recorded transactions are supported by evidence that is relevant, reliable, objective, accurate, and verifiable. The acceptance of a transaction into a reliable blockchain may constitute sufficient appropriate audit evidence for certain financial statement assertions such as the occurrence of the transaction (e.g., that an asset recorded on the blockchain has transferred from a seller to a buyer). For example, in a bitcoin transaction for a product, the transfer of bitcoin is recorded on the blockchain. However, the auditor may or may not be able to determine the product that was delivered by solely evaluating information on the Bitcoin blockchain. Therefore, recording a transaction in a blockchain may or may not provide sufficient appropriate audit evidence related to the nature of the transaction. In other words, a transaction recorded in a blockchain may still be:
- Unauthorized, fraudulent, or illegal
- Executed between related parties
- Linked to a side agreement that is “off-chain”
- Incorrectly classified in the financial statements
Furthermore, many transactions recorded in the financial statements reflect estimated values that differ from historical cost. Auditors will still need to consider and perform audit procedures on management’s estimates, even if the underlying transactions are recorded in a blockchain.
Widespread blockchain adoption may enable central locations to obtain audit data, and CPA auditors may develop procedures to obtain audit evidence directly from blockchains. However, even for such transactions, the CPA auditor needs to consider the risk that the information is inaccurate due to error or fraud. This will present new challenges because a blockchain likely would not be controlled by the entity being audited. The CPA auditor will need to extract the data from the blockchain and also consider whether it is reliable. This process may include considering general information technology controls (GITCs) related to the blockchain environment. It also may require the CPA auditor to understand and assess the reliability of the consensus protocol for the specific blockchain. This assessment may need to include consideration of whether the protocol could be manipulated.
As more and more organizations explore the use of private or public blockchains, CPA auditors need to be aware of the potential impact this may have on their audits as a new source of information for the financial statements. They will also need to evaluate management’s accounting policies for digital assets and liabilities, which are currently not directly addressed in international financial reporting standards or in US generally accepted accounting principles. They will need to consider how to tailor audit procedures to take advantage of blockchain benefits as well as address incremental risks.
Is the blockchain audit trail in our near future?
There are still many unknowns with respect to how blockchain will impact the audit and assurance profession, including the speed with which it will do so. Blockchain is already impacting CPA auditors of those organizations using blockchain to record transactions and the rate of adoption is expected to continue to increase. However, in the immediate future, blockchain technology will not replace financial reporting and financial statement auditing. Financial statements reflect management assertions, including estimates, many of which cannot be easily summarized or calculated in a blockchain.
Furthermore, the process of an independent audit of financial statements enhances the trust that is crucial for the effective functioning of the capital markets system. Any erosion of this trust may damage an entity’s reputation, stock price and shareholder value, and can result in fines, penalties, or loss of assets. Users of financial statements expect CPA auditors to perform an independent audit of the financial statements using their professional skepticism. CPA auditors conclude whether they have obtained reasonable assurance that the financial statements of an entity, taken as a whole, are free from material misstatement, whether due to fraud or error. A blockchain is unlikely to replace these judgments by a financial statement auditor.
That said, CPA auditors need to monitor developments in blockchain technology—it will impact clients’ information technology systems. CPA auditors will need to be conversant with the basics of blockchain technology and work with experts to audit the complex technical risks associated with blockchain.
In addition, CPA auditors should be aware of opportunities to leverage their clients’ adoption of blockchain technology to improve data gathering during the audit. They should also consider whether blockchain technology will allow them to create automated audit routines. The auditing profession must embrace and “lean in” to the opportunities and challenges from widespread blockchain adoption. CPA auditors and assurance providers are encouraged to monitor developments in blockchain technology because they have an opportunity to evolve, learn, and capitalize on their already proven ability to adapt to the needs of a rapidly changing business world.