Impact of Blockchain on IT Audit

Amy Kemp, CISA, CRISC, CISSP

Senior
June 6, 2017
Amy.Kemp@elliottdavis.com
980.201.3174

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 This material was used by Elliott Davis Decosimo during an oral
presentation; it is not a complete record of the discussion. This
presentation is for informational purposes and does not contain or convey
specific advice. It should not be used or relied upon in regard to any
particular situation or circumstances without first consulting the
appropriate advisor. No part of the presentation may be circulated,
quoted, or reproduced for distribution without prior written approval
from Elliott Davis Decosimo.

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Agenda

 Blockchain Technology Overview

 Three Levels of Blockchain, Tokens
 Alliances and Industry Adoption
 Smart Contracts
 Identity Management
 Criticism and Challenges
 Impact on the IT Audit Function
 Learning and Engagement

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Blockchain Overview

Blockchain technology is a digital innovation

that is poised to significantly alter financial
markets within the next few years, within a
cryptographic ecosystem that has the
potential to also significantly impact trusted
computing activities and therefore
cybersecurity concerns as a whole.

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Participant Exposure

How many of you:

• Have heard of bitcoins?
• Own cryptocurrency?
• Feel you understand the underlying blockchain
technology?
• Feel you can summarize for us the benefits of the
“trust economy”?
• Are involved in projects that involve blockchain
technology implementation or related activities?

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Where It All Started
Blockchain technology was first introduced in a whitepaper
entitled: “Bitcoin: A Peer-to-Peer Electronic Cash System,” by
Satoshi Nakamoto in 2008.
• No reliance on trust
• Digital signatures
• Peer-to-peer network
• Proof-of-work
• Public history of transactions
• Honest, independent nodes control majority of CPU computing
power
• Nodes vote with CPU computing power
• Rules and incentives enforced through consensus mechanism
https://bitcoin.org/bitcoin.pdf
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Cryptocurrency Summarized

• Bitcoin was the first digital, i.e., cryptocurrency

• A maximum of 21 million Bitcoins can be generated

• Just as with real world mining, energy must be invested

to solve complex mathematical problems by which
systems earn Bitcoins

• https://www.cryptocoincharts.info/coins/info claims to
be indexing 4,220 cryptocurrencies

• Most circulated: Bitcoin, Ethereum, Litecoin

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 The Technology Behind Bitcoin

• Think of Bitcoin as an electronic asset (as well as a digital

currency)

• A network of computers keeps track of Bitcoin payments, and

adds them to an ever-growing list of all the Bitcoin payments
that have been made, called “The Bitcoin Blockchain”

• The file that contains data about all the Bitcoin transactions is
often called a “ledger”

• Bitcoin value is created through transaction processing,

referred to as “mining,” which is performed by distributed
processors called “nodes” of the peer-to-peer network
A Gentle Introduction to Bitcoin by Antony Lewis, https://bravenewcoin.com/assets/Reference-Papers/A-
Gentle-Introduction/A-Gentle-Introduction-To-Bitcoin-WEB.pdf
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Mining Evolution
• Mining is the process whereby value is created through
transaction processing that occurs on nodes of the network.
• In 2009, one could mine 200 Bitcoins with a personal, home
computer. In 2015, it would take about 98 years to mine just 1
Bitcoin.
• Today there is almost no money to be made through traditional
home mining.
• ASIC (Application Specific Integrated Circuit) has been designed
strictly for mining Bitcoins.
• Groups of miners have formed mining pools, with each being
paid their relative share for their contribution to the work
performed.
My Dirty Little Bitcoin Secrets by Ofir Beigel, www.99bitcoins.com

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Three “Levels” of Blockchain

1. Storage for digital records

2. Exchanging digital assets (called tokens)
3. Executing smart contracts
- Ground rules – Terms & conditions recorded in code
- Distributed network executes contract & monitors
compliance
- Outcomes are automatically validated without third party

Tech Trends 2017, The Kenetic Enterprise, “Blockchain: Trust economy”, Deloitte University Press, 2017

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 A General Discussion about Tokens
• A broader use is supported by the digital infrastructure
introduced through Bitcoin, as represented by “tokens”.
• A “token” can be defined as a “scarce digital asset based on
underlying technology inspired by Bitcoin.”
• Tokens may use similar codebases but different blockchain
databases.
• Ethereum was Bitcoin-inspired but has its own blockchain and is
engineered to be more programmable. Tokens can be issued on
top of the Ethereum blockchain.
• Token buyers are buying private keys, which are similar to API
keys, but can be transferred to other parties without consent.
“Thoughts on Tokens”, Balaji S. Srinivasan and Naval Ravikant
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Tokens, continued
• Tokens have a value and therefore a price.
• Tokens are a new model for technology and can be an
alternative to equity-based financing.
• Tokens do not dilute capital. They introduce a huge increase to
buyer base and time-to-liquidity.
• Token launches differ from equity sales; however, they can be
issued as a way to share profits.
• Tokens can be sold internationally over the internet and are
always open for business.
• Tokens decentralize the process of funding technology.
Thoughts on Tokens, Balaji S. Srinivasan and Naval Ravikant
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Tokens, continued
• Tokens enable a better-than-free new business model.
• Tokens will introduce the rise of the “tech savvy senior
executive.”
• Tokens accommodate immediate custody without an
intermediary.
• Tokens can be extended to hardware, as part of the internet of
things.

Thoughts on Tokens, Balaji S. Srinivasan and Naval Ravikant

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Smart Contracts

Current paper-based
systems drive $18
trillion in transactions
per year.

Consensus protocols are key to determining the sequence of

actions resulting from the contract’s code. This enables
peer-to-peer trading of everything from renewable energy to
automated hotel room bookings.

“Contracts Get Smarter with Blockchain”, CIO Journal, The Wall Street Journal, World Trade Organization,
International Trade Statistics 2015, 2015, p. 41.

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Hyperledger

• Hyperledger is an open source collaborative effort created to

advance cross-industry blockchain technologies. It is a global
collaboration, hosted by The Linux Foundation, including leaders in
finance, banking, IoT, supply chain, manufacturing, and technology.
• Business Blockchain Frameworks are hosted with Hyperledger.

• Hyperledger addresses important features for a cross-industry open

standard for distributed ledgers. The Linux Foundation hosts
Hyperledger as a Collaborative Project under the foundation.

• To learn more, visit: https://www.hyperledger.org/.

www.hyperledger.org

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Hyperledger Projects
A few of the Hyperledger Projects include:

• Hyperledger Burrow – Permissible smart contract machine

with a modular blockchain client, built in part to the
specification of the Ethereum Virtual Machine (EVM)
• Hyperledger Fabric – Foundation for developing plug-n-play
solutions within a modular architecture
• Hyperledger Iroha – Simple and easy blockchain framework
designed to be incorporated into infrastructure projects
requiring distributed ledger technology
• Hyperledger Sawtooth – A modular platform for building,
deploying, and running distributed ledgers
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Ethereum Alliance

Ethereum is a decentralized platform that runs smart

contracts: applications that run exactly as
programmed without any possibility of downtime,
censorship, fraud, or third party interference.

The Ethereum project was bootstrapped via an ether

pre-sale during August 2014 by fans all around the
world. It is developed by the Ethereum Foundation, a
Swiss nonprofit, with contributions from individuals
and organizations across the globe.
www.ethereum.org
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Ethereum Tools

Several Ethereum offerings include:

• The Ethereum Wallet, which is a gateway to
decentralized applications on the Ethereum blockchain,
allowing users to hold and secure ether and other
crypto-assets built on Ethereum, as well as write,
deploy and use smart contracts
• Design and issue your own cryptocurrency/traceable
token
• Kickstart a project with Crowdsale
www.ethereum.org
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 What is Ether?
• Ether is the crypto-fuel for the Ethereum network.
• Ether is a necessary element – a fuel – for operating the distributed
application platform Ethereum. It is a form of payment made by the
clients of the platform to the machines executing the requested
operations, functioning as the incentive that ensures that developers
will write quality applications, and that the network remains healthy.
• The total supply of ether and its rate of issuance was decided by the
donations gathered on the 2014 presale.
• Developers who intend to build apps that will use the Ethereum
blockchain need ether.
• Users who want to access and interact with smart contracts on the
Ethereum blockchain also need ether.
www.ethereum.org
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Cross-Industry Adoption

Sectors leading the way in blockchain implementation:

• Consumer products
• Manufacturing
• Technology
• Media
• Telecommunications
• Health care
• Life sciences
Thirty-nine percent of the senior executives at large U.S.
companies initially surveyed indicate they have little or no
knowledge about blockchain technology. Many deemed it to be
crucial for their companies and industries. Forty-two percent
believe it will disrupt their industries.
“Blockchain Adoption Varies by Industry”, CIO Journal, The Wall Street Journal
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Financial Services Industry

• As noted by A. Michael Smith in “Creating Assurance in

Blockchain,” trust and efficiency are the main value drivers for
any use case. The finance world is driven by technology.

• Tracking risk and monitoring compliance with laws and

regulations within an increasingly complex cybersecurity
environment requires considerable time and resources.

• The financial services industry immediately saw opportunities

in blockchain and has been investing heavily in its usage,
primarily as a part of private implementations.

Creating Assurance in Blockchain, Volume 2, 2017, by A. Michael Smith

Banking on change: How to respond to new expectations for audit committees by PWC Internal Audit
Foundation, Douglas Anderson, CIA, CRMA, Cassian Joe, and Klaas J. Westerling
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Identity Management
The IT audit is broadly concerned with
identity management concerns.
Protecting access to data, and the
systems that are in place to process,
store, and report on that data,
requires ongoing resource dedication.
Multiple solutions are available, all of
which require configuring and
managing multiple identifiers for an
individual’s various identities.
Identity management is an area that
will certainly be impacted by
widespread use of private keys to
secure transactions.

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Distributed Access Management

• Creating an identity on blockchain can give individuals

greater control over who has their personal information
and how they access it

• Areas impacted include passports, e-residency, birth

certificates, wedding certificates, IDs, online account
logins, etc

• Digital ID’s can provide digital watermarks that can be

assigned to every online transaction of any asset

“21 Companies Leveraging Blockchain for Identity Management and Authentication” by Elena
Mesropyan, https://letstalkpayments.com/22-companies-leveraging-blockchain-for-identity-
management-and-authentication/

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Protecting Private Keys

• Within the blockchain, trust relies on the safekeeping of

private keys, in support of a truly distributed identity
management

• Ultimately, that safekeeping resides with the actions

taken by individuals to secure their private key

• For cryptocurrency traders, one frequently sees the

recommendation to write one’s private key down on a
piece of paper and put it up for safekeeping in, for
example, a safe deposit box

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Digital ID Solutions

• May 24, 2017, saw the release of a Digitial ID solution by

Netki, a California blockchain startup
• Released at Consensus 2017, this is a highly-anticipated
Digital ID smartphone app that uses Hyperledger
blockchain to provide decentralized, open-source identity
management
• Approved by governments, fully Anti-Money Laundering
(AML) and Know Your Customer (KYC) inclusive

https://bravenewcoin.com/news/netki-launches-digital-id-solution-which-bitt-is-using-with-central-banks-in-
the-caribbean/

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC

 Criticism and Challenges
Critics have cited the following blockchain challenges:
• Nascent technology
• Uncertain regulatory status
• Large energy consumption
• Control, security and privacy
• Integration concerns
• Cultural adoption
• Cost
• Challenges associated with audit, taxes, and compliance
Creating Assurance in Blockchain, Volume 2, 2017, by A. Michael Smith
Deloitte’s Blockchain technology: 9 benefits & 7 challenges,
https://www2.deloitte.com/nl/nl/pages/innovatie/artikelen/blockchain-technology-9-benefits-and-7-
challenges.html
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Energy Consumption
• An area of heavy criticism has to do with the vast amounts of
energy necessary to process and store transactions, especially as
the use of blockchain technology increases
• The Bitcoin blockchain network’s miners are attempting 450
thousand trillion solutions per second in efforts to validate
transactions, using substantial amounts of computer power
• Note that there are also opportunities to decentralize the energy
grid
• Wasted resources: Mining Bitcoin wastes huge amounts of energy
($15million/day)
Deloitte’s Blockchain technology: 9 benefits & 7 challenges,
https://www2.deloitte.com/nl/nl/pages/innovatie/artikelen/blockchain-technology-9-benefits-and-7-
challenges.html
Blockchain in the Energy Sector: Institutional Disruption? By Marius Buchmann
http://www.theenergycollective.com/enerquire/2402120/blockchain-energy-sector-institutional-disruption
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Impact on the IT Audit Function
• Although the technology is still in its infancy, boundless usage
opportunities exist

• The identity management landscape is likely to shift

dramatically

• There is sure to be evolution within IT audit as various use

cases unfold

• Features that create trust could drive unachievable overhead

costs

• Compliance burden should eventually be eased as the

technology is adopted, but this requires regulatory updates,
which could take a while
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Learning and Engagement

Additional opportunities:

• Organizations/alliances that offer the ability to connect with a

spectrum of opinions and perspectives:
- Ethereum Alliance – www.ethereum.org
- Hyperledger Community – www.hyperledger.org
• Offers Working Group Meetings

• Join or participate in the cryptocurrency exchange

marketplace.
- https://coinsbank.com/
- https://www.ethereum.org/ether
© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC
 Amy Kemp, CISA, CRISC, CISSP
Email: Amy.Kemp@elliottdavis.com
Phone: 980.201.3174
Website: www.elliottdavis.com

Elliott Davis Decosimo provides comprehensive assurance, tax and consulting solutions to diverse
businesses, organizations and individuals. With a network of forward-thinking professionals in
major U.S. markets and alliance resources across the globe, the firm ranks among the top 30 and
fastest-growing accounting firms in the U.S. Visit elliottdavis.com for more information.

© Elliott Davis Decosimo, LLC © Elliott Davis Decosimo, PLLC