GET STARTEDAn internal auditor’s guide to blockchainRisk considerations in blockchain technology

2019 essential tax and wealth planning guide 2 An internal auditor’s guide to blockchain2

Contents

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Predictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

Case in point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Risk considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

Dataconfidentialityrisks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

Privatekeymanagementrisks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Consensusandgovernancerisks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

Integrationrisks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Scalabilityrisks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

IT operations risk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Businessandregulatoryrisks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

Codedevelopmentrisks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

Businesscontinuityanddisasterrecoveryrisks . . . . . . . . . . . . . . . . . . .17

Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Contact us . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2019 essential tax and wealth planning guide 3 An internal auditor’s guide to blockchain3

Overview

Technology-basedsolutionsworkbestwhentheyaredesignedtosolvereal-worldproblems.Inaworldwhereswipeleftorrightandone-clickdominatethemarket,thereisagenuinedesiretostreamlinecomplexbusinessproblems.Thecomplexityofbusinesstransactionsandapotentiallackoftrustbetweenpartiescreateopportunitiesforinnovativesolutions.Onesuchinnovation,blockchain technology,alsocalleddistributedledgertechnology,hasexperiencedexplosivegrowth.

Blockchaintechnology-basednewproofsofconcept(PoC)continuetodevelopinmanyindustries,andacertainnumberofthemareclosetoadvancingfromthepilotphasetoimplementation.Asblockchaintechnologycontinuestoevolveandexpandonitspromisetosimplifytransactionalcomplexities,italsogivesrisetopreviouslyunforeseenrisksforbusinesses.Asorganizationsconsiderimplementingblockchain-basedsolutions,internalauditorsneedtoassesstheseemergingrisksandretroactivelyadvisemanagementon waystoimplementappropriatesafeguards.

Foranintroductiontoblockchainforinternalauditors,readpartoneofthisseries .1 Weintroducedtheconceptofblockchain,peer-to-peernetworks,andasymmetrickeycryptographyconsensusmechanism.Inaddition,weprovidedanoverviewofcryptocurrencies,smartcontracts,tokens,andinitialcoinofferings.Wealsodiscussedkeyfeaturesofdifferenttypesofblockchainsandhowblockchaintechnologyworks.

Overview

Case in point

Risk considerations

Conclusion

Contact us

1 “Aninternalauditor’sguidetoauditingblockchain:Blurringthelinebetweenphysicalanddigital,”DeloittePerspectives,accessedMay2019.

2019 essential tax and wealth planning guide 4 An internal auditor’s guide to blockchain4

Overview (cont.)

PredictionsArecentarticlepublishedbyGartnermadethefollowingblockchainpredictions:2

Overview

Case in point

Risk considerations

Conclusion

Contact us

By2023,mostofthetechnicalchallengeswithblockchainwillhavebeenresolved.

Enterprisesthatfailtoconductsufficientscenarioplanninganddelayconsiderationofblockchain’sdecentralizationandtokenizationriskbeingdisintermediatedorfailingtoseizethegreatestbusinessvaluefromblockchain.

Leaderswhowanttomakegoodinvestmentsinblockchainneedaclearmodeloftheblockchainuniverse,itsevolution,andthevariousaspectsofassociatedtechnologiesandtheirimportance.Theywillalsoneedtounderstandtheimpactofthesecapabilitiesontheenterprise’soperatingmodelinitiallyanditsbusinessmodelsovertime.

Inpart2,wewilldiscussriskconsiderationsrelatedtoimplementingblockchaintechnologythroughaninternalauditlens.Asathirdlineofdefense,aninternalauditisentrustedwiththeresponsibilityofprovidingtheboardanditsmanagementwithcomprehensiveassurancewhilemaintainingitsindependenceandobjectivitywithintheorganization.

2DavidFurlongerandRajeshKandaswamy,“Blockchaintechnologyspectrum:AGartnerthemeinsightreport,”Gartner,October8,2018.

2019 essential tax and wealth planning guide 5 An internal auditor’s guide to blockchain5

Overview

Case in point

Risk considerations

Conclusion

Contact us

Case in point

Whiletrustisakeyprincipleofblockchain, thetechnologyisnotfreefromotherrisks. Asalways,internalauditorsmustthinkthroughthelensof“whatcouldgowrong”whenperforminganassessmentofablockchain-basedsolutionbeingconsidered bythebusinessforimplementation.

Wewillillustratespecificriskconsiderationstobringblockchainconceptstolifebyusingafictitiousexampleofaninternalauditdepartmentperformingapreimplementationreviewofablockchain-basedsolutionbeingconsideredbyabankforimplementationin itsinternationaltradefinance(ITF)department(seefigure1onpage6).

Distributed Bank, LLC (DBL) is a retail bank with global operations. During the annual planning meeting, the chief audit executive (CAE) “notified” internal audit leadership that the bank’s ITF department was currently building a PoC using a blockchain technology-based solution. The proposed solution would create a consortium of participants in a blockchain that would include corporate clients (buyers and suppliers), correspondent banks, trade-facilitation service providers, and, potentially, regulators. The preimplementation review of the proposed solution was scoped in as part of the internal audit plan. The CAE assigned the preimplementation review to John Block. Before kicking off his review, John decided to enhance his understanding of blockchain application for ITF by watching a short video.3 John learned that as goods move from the seller to the buyer, ITF operations enable the transfer of monetary payments. They also enable companies to be paid faster using “factoring,” which involves the bank paying the seller of goods before the buyer of the goods makes the payment. Factoring involves multiple risk factors for all parties, including nonpayment, duplicate payment misrepresentation, and even fraud. The proposed solution should lead to more efficiency in the process.

3 “DeloitteMercuryTradeFinanceOverview,”DeloitteBlockchainvideo,postedOctober14,2016.

2019 essential tax and wealth planning guide 6 An internal auditor’s guide to blockchain6

Overview

Case in point

Risk considerations

Conclusion

Contact us

Case in point (cont.)

Figure 1. Use of blockchain technology in ITF

DLT network

Regulator

Corporate client

Freight forwarder

Correspondent bank

Trade faciliation service provider

Bank

SMEs

Commercial clients

SMEs

SMEs

Other participants

2019 essential tax and wealth planning guide 7 An internal auditor’s guide to blockchain7

Overview

Case in point

Risk considerations

Conclusion

Contact us

Case in point (cont.)

How blockchain technology can benefit ITF participants:

FREIGHT FORWARDERS

•Digitalhandlingoftradedocuments

• Instantcommunicationbetweenparties

•Fasterpaymentduetoreducedprocessingtime

REGULATORS

•Real-timeoversightofprocesses

• Immutableledgeroftransactionsrelatingtotransfer ofassets

•Real-timeinformationfeed

• Improvedcreditratinginformation

BANKS

• Increasedoperationalefficiencies

•Dataprivacyprotectionthroughpermissionedaccess

•Abilitytoprovidenewvalue-addedservices

•Sharedplatformwithotherstakeholders,ensuring greatertransparencyandreducedmanualreconciliation

•Preventionofdoublefinancingorabuseoftransactions,resultinginmoreefficientcapitalallocation

SME (BUYERS/SELLERS)/SME/CORPORATE CLIENTS/COMMERCIAL CLIENTS/OTHER PARTICIPANTS

•Mitigationofpaymentrisk

•Clearoversightofdeliveryprocesses

•Reducedcostsbydigitizingpaper-baseddocuments

•Smartcontract-triggeredfinancing

•Potentialtodisintermediate“trustedthirdparties,” asstakeholderscanconnectdirectlyontheplatform andaccessdatarelatingtotransactions

2019 essential tax and wealth planning guide 8 An internal auditor’s guide to blockchain8

Risk considerations Overview

Case in point

Risk considerations

Conclusion

Contact us

SPECIFIC RISKSDataconfidentiality

Businesscontinuityanddisasterrecoveryrisks

Privatekeymanagementrisk

Consensus and governancerisks

Systemintegrationrisks

Scalabilityrisk

IT operations risk

Codedevelopmentrisks

Business and regulatoryrisks

4 “Blockchainriskmanagement—Riskfunctionsneedtoplayanactiveroleinshapingblockchainstrategy,”DeloittePerspectives,accessedMay2019.

Forthepurposeofhisreview,Johnconductedaseriesofwalk-throughswithkeystakeholdersatthebank.Hehelddiscussionswiththebank’sITFoperations,informationsecurity(IS),informationtechnology(IT)services,treasury,legal,andcompliancedepartments.Hisprimaryfocuswastoassessoperational,reputational,legal,contractual,andregulatoryrisksassociatedwiththeproposedblockchainsolution.Uponcompletionofhisreview,JohnsubmittedthereporttoDBL’sCAE.Inhisreport,hehighlightedboththepotentialbenefitsaswellastherisksassociatedwiththeblockchain-basedsolutions.

Johnacknowledgedthatblockchaintechnologyhasanadvantageovertraditionalsystemsasitcanoperateintheabsenceoftrustamongtheparticipants.Also,theblockchaindatastructureenablesthecreationofanencrypteddigitalledgeroftransactionsthatcanbedistributedsecurelyamongadigitalnetworkofparties.Thebuyers,sellers,shippers,correspondentbanks,andotherstakeholderssuchasregulators,canaccessandupdatethecommoninformationonasharedplatform.Dependingonthedegreeofintegrationandtherequirementsofprivacy,theblockchaintechnologymayeliminatetheneedforstakeholderstomaintaintheirowndatabasesfordocumentsrelatedtoatransaction(forexample,lettersofcredit,billsoflading,andinvoices).

WhiletherearenumerousadvantagestoblockchaintechnologyforITF,itsimplementationintroducesnewandspecificrisks4thatmaynotexistinmoretraditionalcentralizedsystems.

John’sreportidentifiedthefollowingspecificriskconsiderationsintheimplementationofblockchaintechnology.WhileJohn’sreportwasbasedonanassessmentofblockchaintechnologyforITF(asillustratedthroughthisexample),therisksidentifiedarecommontopermissionedblockchainsingeneral.

2019 essential tax and wealth planning guide 9 An internal auditor’s guide to blockchain9

Overview

Case in point

Risk considerations

Conclusion

Contact us

Risk considerations (cont.)

Basedonthewalk-throughJohnperformedwiththedepartmentalheadsoftheISandITgroups,henotedthattheconsensusmechanismofpermissionedblockchainenablesallparticipantswithinthenetworktohaveaccesstocertaininformation.Whiletheinformationcanberestrictedandencrypted,itcanstillbevulnerabletoinadvertentexposure.Therefore,participatingorganizationsneedtoaddresstherisksrelatedtodataprivacyandconfidentialitytoensurethatanypersonallyidentifiableinformation(PII)isnotcompromisedorstolen.IntheITFexample,diverseparticipantssuchasthebuyers,sellers,banks,freightforwarders,andregulatorswillrequireaccesstosensitivecustomerinformationandtransactionrecords,whichwillhavetobeprotectedbyappropriately definedrules,regulations,andprotocolstoensureprivacy andcompliancewithapplicablejurisdictions.

Whileblockchainencryptskeyinformation,suchasbuyerandsellernames,andaddressestopreventunintentionalinformationleakage,thisdoesnotmeanthatthedataandassociatedmetadataareinherentlysecure.Forexample,“SellerA”transacts

Data confidentiality riskswiththebanktoarrangeforpreshipmentfinancing.Aspartofthetransaction,“SellerA”alsoengageswith“FreightentityX.” Thedetailsofthistransactionmaybeencryptedsothat“BuyerB”couldnotviewtheconfidentialtransactiondetails,butwouldstillbeabletoseethataspecificnetworkparticipantengagedinatransactionwiththebankandfreightcompany.

Onitsown,thisinformationisnotmeaningful.However,ifaggregatedwiththousandsofothertransactions,thedatamightprovidepertinentinformationto“BuyerB”thatwasnotintendedinthedesignoftheapplication.

Whilenetworkparticipantswillhavemultiplemodestointeractwithadistributedledger,companiesneedtothinkofrisksassociatedwithdatasharingamongparticipantsofthevaluechain.Assuch,thebuyers,sellers,regulators,freightforwarders,andcorrespondentbankshavedifferentinformation-sharingrequirementsthatwillneedtobeconsideredinthedesignoftheblockchainconsortium.

2019 essential tax and wealth planning guide 10 An internal auditor’s guide to blockchain10

Risk considerations (cont.) Overview

Case in point

Risk considerations

Conclusion

Contact us

AftermeetingwiththeISandITgroups,Johnlearnedthatforapermissionedblockchain(suchasthetechnologyusedinITF),eachparticipantonthenetworkisgivenatleastoneprivatekeythatisusedtoauthorizeandsigntransactions.Forexample,iftheblockchainconsortiumadmitsanewcorrespondentbank(forexample,“BankY”),partoftheonboardingofthatentitywouldbetograntaprivatekey.Thisprivatekeyisthenusedby“BankY”tosignfuturetransactions.Thisprovidesassurancetotheothernetworkparticipantsthatthiscorrespondentbankhasdulyauthorizedthetransaction.Ifthisbanklosesitsprivatekeymaterial,abadactormaybeabletosigntransactionsonbehalfof“BankY.”Asaresult,the badactorcouldagreetounauthorizedtransactionsonbehalfof“BankY”and/orforgedocumentsthatappeartobelegitimatetoothermembersintheblockchainconsortium.

Lossofprivatekeymaterialcouldcausesignificantharmtoothernetworkparticipants.Therefore,thesafetyandsecurityoftheprivatekeyofeachparticipantiscriticalforthesuccessofblockchain.

Private key management risk

2019 essential tax and wealth planning guide 11 An internal auditor’s guide to blockchain11

Overview

Case in point

Risk considerations

Conclusion

Contact us

Risk considerations (cont.)

Johnalsoidentifiedconsensusandgovernanceasoneofthekeyrisksinpermissionblockchain.Johndefinedconsensusasaprocessofagreeingononecontinuousversionofablockchainledger.Further,hedefinedgovernanceastheprocessofongoingmaintenanceandenhancementofprotocolsandcodechanges.Inhisreport,Johnstatedthat“Consensusandgovernancegotogetherthroughacombinationofpeopleandcodeexecution.Theprimaryriskregardingconsensusandgovernanceisrelatedtomembersnotagreeingtoachangeofaprotocolleadingtoadisputeandresolutionprocess,whichcanbelengthy.Further,disputeresolutionrequiresacomprehensiveframeworktoensureorderlyoperationoftheconsortium,especiallygiventheglobalnatureofthetechnology.Italsoencompassesariskthatsettlementcan’tberelieduponasalegallydefinedmomentbecauseofthepossibilitythatatransaction,blockoftransactions,ortheblockchainledgercouldeventuallyberewritten.”

Johnbelievedthatasblockchaininvolvesanarrangementofsharinginformationwithmultiplestakeholders,companiesneedtoevaluatethefollowing:

•Thetypeofgovernancestructurethatbestservestheparticipantsintheconsortium

•Supportforsounddecision-making,riskmanagement,change,incident,andemergency-responsemanagementshouldanyalterationsneedtobemadeintheconsensusmechanismorgovernancedecisions

Consensus and governance risks

2019 essential tax and wealth planning guide 12 An internal auditor’s guide to blockchain12

Overview

Case in point

Risk considerations

Conclusion

Contact us

Risk considerations (cont.)

Johnnotedinhisreportthat,“Entitiesseekingtointegrateblockchainneedtodecideifintegrationofthetechnologywillbeperformedtoprocesstransactionswiththeirbusinesspartnersorbecomeasubledgerthatreplacesacurrentsystemsupportingabusinessprocess.Dependingonthepathchosen,differentrisksbecomerelevant.Inthecaseof tradefinance,thebusinessmaychoosetointegrateexistingsystemswiththedistributedledgerratherthanusethesystemasasubledgertoprocesstransactions.Thisgivesthebusinessmorevisibilityintoatransactionlifecyclebutdoesnotwarrantreplacementofthecoresystemsresponsibleforthetradefinancebusinessprocess.”

Integration risks

2019 essential tax and wealth planning guide 13 An internal auditor’s guide to blockchain13

Overview

Case in point

Risk considerations

Conclusion

Contact us

Risk considerations (cont.)

Inhisreport,Johnalsoindicatedthatwiththeexpansionofbusiness,thetechnologysupportingthebusinessshouldhavethecapacitytomanageagrowingvolumeofdataovertime.Hestated,“Whileblockchainhasaninherentcharacteristicofdecentralization,thisfeatureresultsintheincreasingparticipationofeverysinglenode,whichstoresfullyimmutablecopiesoftheledger.Expandingledgerseventuallyleadstoaneedforcontinuousenhancementofstoragecapacity.Additionally,theneedarisesforcomputingpowerwithouttheusageofblockchainplatformstoenablecullingofagedtransactiondetailstopreservestorage.Inatraditionaldatabasesystem,withexpandingbusinessdatavolume,onecansimplyaddserverstotheexistinghardwaretoaccommodateandstoreadditionaldata. Adecentralizedblockchainenvironment,whereeverynodemustvalidateeverytransaction,wouldrequireadditionalcomputationalpowerandenergyconsumption.Thismightaffecttransactionprocessingspeedalongwithanincreasedcostandlatencyassociatedwithprocessingatransaction.

Inablockchainenvironment,everyrecordabletransactionrequirespeer-to-peerverification,whichcanbecometimeconsumingdependingonthenumberofblocksinvolvedandtheirgeographicdistribution.ForITF,giventhevolumeoftradefinancetransactionsglobally,itiseasytopredictthatscalability,geographicdistribution,andprocessingpowercouldbecomerelevantrisksinashortperiodoftime.”

Scalability risk

2019 essential tax and wealth planning guide 14 An internal auditor’s guide to blockchain14

Overview

Case in point

Risk considerations

Conclusion

Contact us

Risk considerations (cont.)

Johnnotedthatwhileintegratingblockchainintoanexistinginfrastructurewillresultincompaniesdealingwithissuesrelatedtospeed,scalability,andinterfacewithlegacysystems,itwillfurtherrequirerevisionstoexistingpoliciesandprocedurestoreflectthemodifiedprocessingenvironment.Johnstatesinhisreport,“ForITF,operationalconcernsmayalsoincludehandlingfluctuationsinpayment,clearing,andsettlementtransactionvolumes.Becauseblockchainisanascenttechnology,companieswillneedtoretraintheirstafftostayabreastofoperationalriskresultingfromfailuresassociatedwithinternalprocedures,people,andsystemsaswellasbeagileinadaptingtorapidtechnologicalchanges.”

IT operations risk

2019 essential tax and wealth planning guide 15 An internal auditor’s guide to blockchain15

Overview

Case in point

Risk considerations

Conclusion

Contact us

Risk considerations (cont.)

Johnperformedadetailedwalk-throughwiththelegalandcomplianceteamtounderstandtheimpactofsmartcontracts.Johnnotedthatsinceblockchainandsmartcontractsarenascenttechnologiesandstillintheprocessofmaturing,thereisnotyetagenerallyacceptedglobalregulatoryframeworkinplace.Thismakesitobligatorythatpartiesagreeonmutuallyacceptedtermsandcomplywithcurrentlawsandregulations.

InthecaseofITF,ifabuyerinDenmarkisplanningtobuy5,000tiresfromasellerinHongKong,itmustbeensuredthatthenetwork’ssmartcontractsareabletohandleexceptionsandthatthetermsofthecontractsarenotexplicitlyvoidintherespectivecountries.Smartcontractsshouldbeabletohandleexceptionalsituationssuchaslossordamageofgoodsduringtransit.Further,theparticipatingpartiesneedtoagreeonthearbitrationclauseandhowdisputescanberesolved.

Johnfurtherstated,“Smartcontractsmustbecodifiedandtestedforcompliancewiththetrade,economic,legal,andregulatoryenvironmentateverystageofthejourneybetweensellerandbuyer.Intermsofregulatoryissues,contractsneedtobedesignedwithadequatechangemanagementpoliciesthatallowforanagileyetsecureresponsetochangesintheregulatoryframework.Itisimperativetomentionthatmaturesmartcontractsmayallowforstraight-throughprocessingthatdoesrelyonexternalsystemsandthereforemaysignificantlyenhanceexistingbusinessprocesses.”

Business and regulatory risks

2019 essential tax and wealth planning guide 16 An internal auditor’s guide to blockchain16

Overview

Case in point

Risk considerations

Conclusion

Contact us

Risk considerations (cont.)

Inhisreport,Johnnotedthat“Everynewtechnologyhasteethingissues.Therefore,solutionsneedtobetestedtogainassurancethatthesystemsareworkingasintended.Theproperlevelofassurancerequirescompaniestochecktheirowncodeforbugsbefore,during,andafterimplementation.Theriskofaweakmethodofencryptionwithouttheexpectedlevelofsecuritycanresultininadvertentexposureofdatastoredonthenetwork.Companiesneedtoensurethattheblockchainnetwork,includingsmartcontracts,iskeptcurrenttomitigatecodeandcryptographyrisks.”

Code development risks

2019 essential tax and wealth planning guide 17 An internal auditor’s guide to blockchain17

Overview

Case in point

Risk considerations

Conclusion

Contact us

Risk considerations (cont.)

Johnnotedthat“Blockchaintechnologiesaregenerallyresilientduetotheredundancyresultingfromthedistributednatureofthetechnology.However,thebusinessprocessesbuiltonblockchainsmaybevulnerabletotechnologyandoperationalfailuresaswellascyberattacks.Companiesimplementingblockchaintechnologyneedtohaveanenterprise-widebusinesscontinuityplanandgovernanceframeworkinstalledtohelpmitigatesuchrisks.Sinceblockchainsolutionshaveapotentialtoshortenthedurationofmanybusinessprocesses,businesscontinuityplansshouldaccountforashorterincidentresponseandrecoverytime.Companiesneedtoconsiderhowparticipationinablockchainnetworkmayaffecttheirbusinesscontinuityplansandwhetherthenetworkhasappropriatemeasuresinplacetoeffectivelyrecoverfromasignificantdisruption.”

Business continuity and disaster recovery risks

2019 essential tax and wealth planning guide 18 An internal auditor’s guide to blockchain18

Overview

Case in point

Risk considerations

Conclusion

Contact us

Conclusion

Distributedledgertechnologycomeswiththepotentialtotransformcurrentbusinessprocessesbyimprovingtransparencyacrosstheentirechain,removingduplicationofefforts,offeringtransactionalimmutability,providingresiliencetocensorship,andcreatinganenvironmentinwhichtrustisremovedasariskfactorinvaluetransfer.Whilethebenefitsaredistinctforthistechnology,theycomewithspecificbusiness,technological,andoperationalrisks.Beforeanorganizationadoptsthisnewtechnology,itshouldensurethattheassociatedrisksaredulyassessedandaddressed.

Oneofthespecificstrategicadvantagesthatinternalauditorshaveistheirknowledgeoftheorganizationanditsvariousbusinessfunctions.Thisbroadviewplacesinternalauditorsinafavorablepositiontoeffectivelyassessorganizationalgovernance,risk,andcontrolenvironments.TheInstituteofInternalAuditor’sprofessionalpracticeframeworkspecifiesthatinternalauditorsmustpossesstheknowledgeandskillsandothercompetenceintheperformanceofinternalauditservices.5Whileinternalauditorsarecompetentwithtraditionalrisksandcontrols,theyshouldcontinuouslyenhancetheirskillsinemergingtechnologiessuchasblockchaintoremaineffectiveatnotonlydeliveringassurancebutadvisingoncriticalbusinessissuesandanticipatingrisk.

5 1210—Proficiency—Internationalstandardsfortheprofessionalpracticeforinternalauditing(Standards—effective2017),TheInstituteofInternalAuditors,accessedMay2019.

2019 essential tax and wealth planning guide 19 An internal auditor’s guide to blockchain19

Sandy Pundmann USManagingPartner,InternalAudit Deloitte&ToucheLLP spundmann@deloitte.com

Adam Regelbrugge Partner,InternalAudit Deloitte&ToucheLLP aregelbrugge@deloitte.com

Manu Mankad ManagingDirector,InternalAudit Deloitte&ToucheLLP mmankad@deloitte.com

Overview

Case in point

Risk considerations

Conclusion

Contact us

Contact us

Seth Connors SeniorManagerand DeloitteBlockchainFellow Deloitte&ToucheLLP sconnors@deloitte.com

Amitesh Joshi SpecialistLeader,InternalAudit Deloitte&ToucheLLP amjoshi@deloitte.com

Yogeeta Raisinghani Manager,InternalAudit Deloitte&ToucheLLP yoraisinghani@deloitte.com

ThispublicationcontainsgeneralinformationonlyandDeloitteisnot,bymeansofthispublication,renderingaccounting,business,financial,investment,legal,tax,orotherprofessionaladviceorservices.Thispublicationisnotasubstituteforsuchprofessionaladviceorservices,norshoulditbeusedasabasisforanydecisionoractionthatmayaffectyourbusiness.Beforemakinganydecisionortakinganyactionthatmayaffectyourbusiness,youshouldconsultaqualifiedprofessionaladvisor.

Deloitteshallnotberesponsibleforanylosssustainedbyanypersonwhoreliesonthispublication.

About DeloitteDeloittereferstooneormoreofDeloitteToucheTohmatsuLimited,aUKprivatecompanylimitedbyguarantee(“DTTL”),itsnetworkofmemberfirms,andtheirrelatedentities.DTTLandeachofitsmemberfirmsarelegallyseparateandindependententities.DTTL(alsoreferredtoas“DeloitteGlobal”)doesnotprovideservicestoclients.IntheUnitedStates,DeloittereferstooneormoreoftheUSmemberfirmsofDTTL,theirrelatedentitiesthatoperateusingthe“Deloitte”nameintheUnitedStatesandtheirrespectiveaffiliates.Certainservicesmaynotbeavailabletoattestclientsundertherulesandregulationsofpublicaccounting.Pleaseseewww.deloitte.com/abouttolearnmoreaboutourglobalnetworkofmemberfirms.

Copyright©2019DeloitteDevelopmentLLC.Allrightsreserved.