Wait, blockchains need audited?!?
Published on December 21, 2016
Chief Commercial Officer at Libra
We’d like to get out in front of a topic that’s coming into focus for many in the DLT industry: auditing blockchains. In doing so, we hope to add a bit of our thinking on the future of audit, as there appears to be a question if audit, as we know it today, has a future. After all, chains of data, with all the beauty of mathematical provability and provenance, should make auditing obsolete, right?
Touching on Lexicon
First, it’s important to note the words used to describe this domain. For many, this is new stuff so please note the semantics. At Libra, we use “assurance” as an umbrella term with “audit” being one type of “assurance service.” Other types of assurance services press into the domains of risk, compliance, and governance. To further complicate, one soon realizes that there are a myriad of different types of “audit services and activities” … process and transactional audits, technology audits, financial statement audits, and many flavors of internal audits. It’s quite a rabbit hole with varied segmentation approaches and naming conventions across audit firms and functions.
Regardless, when you read an article that discusses blockchain tech and “audit disruption,” the very first thing you should figure out is, “what type of audit services and/or activities are we really talking about here?” Different buyers buy different types of audits for different reasons. Why? Because client needs and the related value propositions are different! Which, by logical extension, means that the impact of blockchain tech on a particular audit service or activity will be different too. If the article you’re reading doesn’t distinguish and offer some level of specificity on these types of points, stop reading … you’re probably going to have to unlearn something later.
Big Picture Questions
Blockchains are, generally speaking, to borrow a phrase from a friend, transparency machines. Which is to say, they offer the ability to see transactions as they move from state-to-state and view the complete provenance of transactions in real time, up-to and including the present state. The $64,000 question, as it relates to auditing and blockchain is, “because blockchain tech ‘creates’ an audit trail of data as a characteristic of each transaction, why will we need to buy incremental audit services that go back and re-audit the same set of transactional data? Isn’t that one of the core benefits of using this tech in the first place?”
And you’re right for thinking about it that way. Kinda.
Recall from above, there are various types of audit services and activities. As you parse through them, what you’ll figure out is that many audits are focused on reviewing transactional output. For this type of activity, audit firms have armies of college grads whose core job is to sample and reconcile. Suffice to say, we would expect this type of manual work and the associated costs to get squeezed, and for the audit firms to feel pain, if enterprise stakeholders begin to trust only the blockchain and then in turn come to rely and use the blockchain’s transactional output.
However, based on our work, what we have found is … that just because a blockchain is executing transactions, and participants can see the transactional history, that will not be enough trust a blockchain’s transactional output because there is still a possibility that the system is not functioning properly.
Rather, what we believe will emerge are a library of pre-configured, highly-automated assurance platforms that will continuously audit the operational aspects of private/permissoned-type blockchain systems (not the transactional output … the systems themselves) in order to offer assurance that everything is operating appropriately. And, it is only after businesses have utilized the services of these platforms and gained operational assurance of their blockchain systems that the business users will be able to trust, rely, and use its data.
In fact, we believe, due to the architecture of blockchains (i.e. sovereignty of various node participants), automated operational audits of blockchain systems will be required by most enterprise users of blockchains and those services will become highly valued in the marketplace.
As we have considered how audit will be impacted, and the role that Libra can play, what’s clear to us is that core aspects of auditing are being automated and audit firms are working hard to change and transform.
We see strong recognition that when an assurance service is performed, is perhaps, from a strategic perceptive, most important. The insight here being, the closer the audit firm is to offering assurance services ‘at point of transaction’ the less likely they are to being disrupted as up-and-downstream processes are re-engineered and automated.
As a consequence, we see our goal to help auditors expand their ability to offer assurance services to any blockchain/smart contract platform and change the timing of their service from post-transaction to real-time. To create software that, extracts, normalizes, monitors, notifies, analyzes, and reports on data against preset rules, notifications, and control frameworks that are specific to specific auditors’ approaches and methodologies.
In summary, we’ll be blunt. We believe there is a significant lack of understanding and respect around how important auditing is, and will continue to be, in blockchain land.
Certainly, over time, some traditional audit services and activities will be impacted by blockchain. However, that’s nothing new. Audit firms are always spending significant sums to automate lower value work so auditors can spend more time adding value by focusing on more challenging issues.
However, what we think is important…is for the DLT industry to consider the possibility that unless the blockchain system itself is audited for operational integrity, many business users, will not be able to use the blockchain’s transactional output – regardless of the cryptographic magic used. Which means, if that’s correct, all private/permissioned-type enterprise chains will need some type of operational auditing. Which then means, interestingly, the audit business will not only survive in blockchain land, but some auditors will significantly grow their businesses!
Jeremy Drane is the Chief Commercial Officer for Libra, a NY-based software company that automates and optimizes financial business processes for professionals who interact with distributed and decentralized ecosystems. Prior to joining Libra in July of 2017, Jeremy worked, for 13 years, supporting PwC’s Assurance, Tax, and Advisory practices in various sales, marketing, and leadership roles. He then moved into a consulting role where he was PwC’s first employee in the Blockchain & Smart Contract space and founded and led their US practice.
Jeremy attended the University of Pittsburgh where he received an MBA with a focus on finance and graduated with honors. Jeremy also attended Penn State where he received a BA in English. Finally, Jeremy is a Certified Bitcoin Professional, a Blockchain University graduate, and is completing work to become a Certified Ethereum Developer. Jeremy lives in Minneapolis, MN but spends most of his time in New York, NY.