Still waiting for the blockchain fad to fade? You may want to take a seat. Digital ledgers and peer-to-peer networks are fast becoming the "new normal" among future-facing companies and reshaping how the world transacts.
It's a technological rush that's catching everyone in its wake. That includes audit committee members who share a responsibility for learning the latest in blockchain technologies and ensuring their organizations are thinking about which processes may be ripe for blockchain transformation (e.g., know your customer (KYC), derivatives or securities trading, supply chain management, customer experience, etc.). Audit committees need to understand the risks that come with blockchain and determine what internal controls management has in place to ensure that every link along the chain is performing as expected. Following the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework can help in these critical stages, as can working with blockchain consultants who have travelled the implementation path and know what to expect.
And implementation is only the beginning. The next – and arguably most critical step – is governance over the blockchain. Does management have clear guidelines on who can be added to the chain? What protocols will the organization employ? How will activity be monitored and who will ultimately take responsibility for the chain at the end of the day? Given the nature of blockchain, the information (with the value associated) recorded is practically immutable, it must be made clear how information (and value embedded within) is added, who has control and access, and when (or even if) compliance checks are occurring.
It's paramount that the audit committee gets the governance aspect of blockchain right – especially from an internal controls perspective. As organizations adopt blockchain, the costly compliance, reporting, and internal control requirements that are typically associated with SOX will likely decrease. This is especially true if the intent is to integrate blockchain into an existing financial or risk system or another legacy process. Here again, knowing and understanding the technology, understanding the risks, and establishing organization-wide controls is essential.
Ready or not, blockchain technologies are here to stay. As organizations look to digital ledgers and decentralized networks to optimize an increasing number of tasks, the onus is on audit committees to ensure the risks that go along with the emerging technology are adequately managed.