Impact of Blockchain on IT Audit

Agenda

 Blockchain Technology Overview

 Three Levels of Blockchain, Tokens
 Alliances and Industry Adoption
 Smart Contracts
 Identity Management
 Criticism and Challenges
 Impact on the IT Audit Function
 Learning and Engagement
Blockchain Overview

Blockchain technology is a digital innovation

that is poised to significantly alter financial
markets within the next few years, within a
cryptographic ecosystem that has the
potential to also significantly impact trusted
computing activities and therefore
cybersecurity concerns as a whole.
Student Exposure

How many of you:

•Have heard of bitcoins?
•Own cryptocurrency?
•Feel you understand the underlying blockchain
technology?
•Feel you can summarize for us the benefits of the
“trust economy”?
•Are involved in projects that involve blockchain
technology implementation or related activities?
Where It All Started
Blockchain technology was first introduced in a whitepaper
entitled: “Bitcoin: A Peer-to-Peer Electronic Cash System,” by
Satoshi Nakamoto in 2008.
• No reliance on trust
• Digital signatures
• Peer-to-peer network
• Proof-of-work
• Public history of transactions
• Honest, independent nodes control majority of CPU computing
power
• Nodes vote with CPU computing power
• Rules and incentives enforced through consensus mechanism
https://bitcoin.org/bitcoin.pdf
Cryptocurrency Summarized

• Bitcoin was the first digital, i.e., cryptocurrency

• A maximum of 21 million Bitcoins can be generated

• Just as with real world mining, energy must be invested

to solve complex mathematical problems by which
systems earn Bitcoins

• https://www.cryptocoincharts.info/coins/info claims to
be indexing 4,220 cryptocurrencies

• Most circulated: Bitcoin, Ethereum, Litecoin

The Technology Behind Bitcoin
• Think of Bitcoin as an electronic asset (as well as a digital
currency)
• A network of computers keeps track of Bitcoin payments, and
adds them to an ever-growing list of all the Bitcoin payments
that have been made, called “The Bitcoin Blockchain”
• The file that contains data about all the Bitcoin transactions is
often called a “ledger”
• Bitcoin value is created through transaction processing,
referred to as “mining,” which is performed by distributed
processors called “nodes” of the peer-to-peer network
A Gentle Introduction to Bitcoin by Antony Lewis, https://bravenewcoin.com/assets/Reference-Papers/A-
Gentle-Introduction/A-Gentle-Introduction-To-Bitcoin-WEB.pdf
Mining Evolution
• Mining is the process whereby value is created through
transaction processing that occurs on nodes of the network.
• In 2009, one could mine 200 Bitcoins with a personal, home
computer. In 2015, it would take about 98 years to mine just 1
Bitcoin.
• Today there is almost no money to be made through traditional
home mining.
• ASIC (Application Specific Integrated Circuit) has been designed
strictly for mining Bitcoins.
• Groups of miners have formed mining pools, with each being
paid their relative share for their contribution to the work
performed.
My Dirty Little Bitcoin Secrets by Ofir Beigel, www.99bitcoins.com
Three “Levels” of Blockchain

1. Storage for digital records

2. Exchanging digital assets (called tokens)
3. Executing smart contracts
- Ground rules – Terms & conditions recorded in code
- Distributed network executes contract & monitors
compliance
- Outcomes are automatically validated without third party

Tech Trends 2017, The Kenetic Enterprise, “Blockchain: Trust economy”, Deloitte University Press, 2017
A General Discussion about Tokens
• A broader use is supported by the digital infrastructure
introduced through Bitcoin, as represented by “tokens”.
• A “token” can be defined as a “scarce digital asset based on
underlying technology inspired by Bitcoin.”
• Tokens may use similar codebases but different blockchain
databases.
• Ethereum was Bitcoin-inspired but has its own blockchain and is
engineered to be more programmable. Tokens can be issued on
top of the Ethereum blockchain.
• Token buyers are buying private keys, which are similar to API
keys, but can be transferred to other parties without consent.
“Thoughts on Tokens”, Balaji S. Srinivasan and Naval Ravikant
Tokens, continued
• Tokens have a value and therefore a price.
• Tokens are a new model for technology and can be an
alternative to equity-based financing.
• Tokens do not dilute capital. They introduce a huge increase to
buyer base and time-to-liquidity.
• Token launches differ from equity sales; however, they can be
issued as a way to share profits.
• Tokens can be sold internationally over the internet and are
always open for business.
• Tokens decentralize the process of funding technology.
Thoughts on Tokens, Balaji S. Srinivasan and Naval Ravikant
Tokens, continued
• Tokens enable a better-than-free new business model.
• Tokens will introduce the rise of the “tech savvy senior
executive.”
• Tokens accommodate immediate custody without an
intermediary.
• Tokens can be extended to hardware, as part of the internet of
things.

Thoughts on Tokens, Balaji S. Srinivasan and Naval Ravikant

Smart Contracts

Current paper-based
systems drive $18
trillion in transactions
per year.

Consensus protocols are key to determining the sequence of

actions resulting from the contract’s code. This enables
peer-to-peer trading of everything from renewable energy to
automated hotel room bookings.

“Contracts Get Smarter with Blockchain”, CIO Journal, The Wall Street Journal,
World Trade Organization, International Trade Statistics 2015, 2015, p. 41.
Hyperledger

• Hyperledger is an open source collaborative effort created to

advance cross-industry blockchain technologies. It is a global
collaboration, hosted by The Linux Foundation, including leaders in
finance, banking, IoT, supply chain, manufacturing, and technology.
• Business Blockchain Frameworks are hosted with Hyperledger.

• Hyperledger addresses important features for a cross-industry open

standard for distributed ledgers. The Linux Foundation hosts
Hyperledger as a Collaborative Project under the foundation. 

• To learn more, visit: https://www.hyperledger.org/.

www.hyperledger.org
Hyperledger Projects
A few of the Hyperledger Projects include:

•Hyperledger Burrow – Permissible smart contract machine

with a modular blockchain client, built in part to the
specification of the Ethereum Virtual Machine (EVM)
•Hyperledger Fabric – Foundation for developing plug-n-play
solutions within a modular architecture
•Hyperledger Iroha – Simple and easy blockchain framework
designed to be incorporated into infrastructure projects
requiring distributed ledger technology
•Hyperledger Sawtooth – A modular platform for building,
deploying, and running distributed ledgers
Ethereum Alliance

Ethereum is a decentralized platform that runs smart

contracts: applications that run exactly as
programmed without any possibility of downtime,
censorship, fraud, or third party interference.

The Ethereum project was bootstrapped via an ether

pre-sale during August 2014 by fans all around the
world. It is developed by the Ethereum Foundation, a
Swiss nonprofit, with contributions from individuals
and organizations across the globe.
www.ethereum.org
Ethereum Tools

Several Ethereum offerings include:

•The  Ethereum Wallet, which is a gateway to
decentralized applications on the Ethereum blockchain,
allowing users to hold and secure ether and other crypto-
assets built on Ethereum, as well as write, deploy and use
smart contracts
•Design and issue your own cryptocurrency/traceable
token
•Kickstart a project with Crowdsale
www.ethereum.org
What is Ether?
• Ether is the crypto-fuel for the Ethereum network.
• Ether is a necessary element – a fuel – for operating the distributed
application platform Ethereum. It is a form of payment made by the
clients of the platform to the machines executing the requested
operations, functioning as the incentive that ensures that developers
will write quality applications, and that the network remains healthy.
• The total supply of ether and its rate of issuance was decided by the
donations gathered on the 2014 presale.
• Developers who intend to build apps that will use the Ethereum
blockchain need ether.
• Users who want to access and interact with smart contracts on the
Ethereum blockchain also need ether.
www.ethereum.org
Cross-Industry Adoption
Sectors leading the way in blockchain implementation:
•Consumer products
•Manufacturing
•Technology
• Media
•Telecommunications
•Health care
•Life sciences

Thirty-nine percent of the senior executives at large U.S. companies

initially surveyed indicate they have little or no knowledge about
blockchain technology. Many deemed it to be crucial for their
companies and industries. Forty-two percent believe it will disrupt
their industries.
“Blockchain Adoption Varies by Industry”, CIO Journal, The Wall Street Journal
Financial Services Industry

• As noted by A. Michael Smith in “Creating Assurance in

Blockchain,” trust and efficiency are the main value drivers for
any use case. The finance world is driven by technology.

• Tracking risk and monitoring compliance with laws and

regulations within an increasingly complex cybersecurity
environment requires considerable time and resources.

• The financial services industry immediately saw opportunities in

blockchain and has been investing heavily in its usage, primarily
as a part of private implementations.

Creating Assurance in Blockchain, Volume 2, 2017, by A. Michael Smith

Banking on change: How to respond to new expectations for audit committees by PWC Internal Audit
Foundation, Douglas Anderson, CIA, CRMA, Cassian Joe, and Klaas J. Westerling
Identity Management
The IT audit is broadly concerned with
identity management concerns.
Protecting access to data, and the
systems that are in place to process,
store, and report on that data,
requires ongoing resource dedication.
Multiple solutions are available, all of
which require configuring and
managing multiple identifiers for an
individual’s various identities.
Identity management is an area that
will certainly be impacted by
widespread use of private keys to
secure transactions.
Distributed Access Management

• Creating an identity on blockchain can give individuals

greater control over who has their personal information
and how they access it
• Areas impacted include passports, e-residency, birth
certificates, wedding certificates, IDs, online account
logins, etc
• Digital ID’s can provide digital watermarks that can be
assigned to every online transaction of any asset

“21 Companies Leveraging Blockchain for Identity Management and Authentication” by Elena
Mesropyan, https://letstalkpayments.com/22-companies-leveraging-blockchain-for-identity-
management-and-authentication/
Protecting Private Keys

• Within the blockchain, trust relies on the safekeeping of

private keys, in support of a truly distributed identity
management
• Ultimately, that safekeeping resides with the actions
taken by individuals to secure their private key
• For cryptocurrency traders, one frequently sees the
recommendation to write one’s private key down on a
piece of paper and put it up for safekeeping in, for
example, a safe deposit box
Digital ID Solutions

• May 24, 2017, saw the release of a Digitial ID solution by

Netki, a California blockchain startup
• Released at Consensus 2017, this is a highly-anticipated
Digital ID smartphone app that uses Hyperledger
blockchain to provide decentralized, open-source identity
management
• Approved by governments, fully Anti-Money Laundering
(AML) and Know Your Customer (KYC) inclusive

https://bravenewcoin.com/news/netki-launches-digital-id-solution-which-bitt-is-using-with-central-banks-in-
the-caribbean/
Criticism and Challenges
Critics have cited the following blockchain challenges:
•Nascent technology
•Uncertain regulatory status
•Large energy consumption
•Control, security and privacy
•Integration concerns
•Cultural adoption
•Cost
•Challenges associated with audit, taxes, and compliance
Creating Assurance in Blockchain, Volume 2, 2017, by A. Michael Smith
Deloitte’s Blockchain technology: 9 benefits & 7 challenges,
https://www2.deloitte.com/nl/nl/pages/innovatie/artikelen/blockchain-technology-9-benefits-and-7-
challenges.html
Energy Consumption
• An area of heavy criticism has to do with the vast amounts of energy
necessary to process and store transactions, especially as the use of
blockchain technology increases
• The Bitcoin blockchain network’s miners are attempting 450
thousand trillion solutions per second in efforts to validate
transactions, using substantial amounts of computer power
• Note that there are also opportunities to decentralize the energy
grid
• Wasted resources: Mining Bitcoin wastes huge amounts of energy
($15million/day)
Deloitte’s Blockchain technology: 9 benefits & 7 challenges,
https://www2.deloitte.com/nl/nl/pages/innovatie/artikelen/blockchain-technology-9-benefits-and-7-
challenges.html
Blockchain in the Energy Sector: Institutional Disruption? By Marius Buchmann
http://www.theenergycollective.com/enerquire/2402120/blockchain-energy-sector-institutional-disruption
Summary
• Although the technology is still in its infancy, boundless usage
opportunities exist
• The identity management landscape is likely to shift dramatically

• There is sure to be evolution within IT audit as various use cases unfold

• Features that create trust could drive unachievable overhead costs

• Compliance burden should eventually be eased as the technology is

adopted, but this requires regulatory updates, which could take a while

Tech Trends 2017, The Kenetic Enterprise, “Blockchain: Trust economy”, Deloitte University Press, 2017