The AICPA has launched a white paper that gives practitioners (referred to as service auditors) with recommendation about performing SOC for Service Group studies on corporations which have included blockchain into their service-delivery techniques.
The usage of blockchain might permit service organizations to offer new companies (e.g., creating new techniques to help provide chain effectivity) and to scale back the prices of offering present companies (e.g., lowering the chance of unauthorized modifications to enterprise data). However blockchain use additionally brings elevated dangers for service organizations and person entities.
As famous within the white paper, administration is answerable for figuring out, assessing, documenting, and responding to blockchain-related dangers by means of the design and implementation of controls that mitigate these dangers.
The white paper, Implications of the Use of Blockchain in SOC for Service Group Examinations, is geared towards service auditors who carry out SOC for Service Organizations: Inside Management Over Monetary Reporting (SOC 1) examination or SOC for Service Organizations: Belief Providers Standards (SOC 2) examinations. Practitioners conducting SOC for Provide Chain examinations might also discover the white paper useful.
Particularly, the white paper goals to teach service auditors concerning the distinctive options of blockchain and the dangers related to utilizing the know-how as a part of a system that delivers companies to person entities. Understanding these dangers and the controls carried out by the group to mitigate these dangers is crucial for the service auditor who performs a SOC 1— SOC for Service Organizations: (ICFR) examination or a SOC 2 — SOC for Service Organizations: Belief Providers Standards examination. The white paper additionally discusses a number of the methods these examinations could also be affected by means of blockchain.
The paper is organized into two components. Half 1:
- Presents an outline of blockchain, together with a dialogue of the several types of blockchain networks and a number of the distinctive options that make blockchain completely different from different applied sciences a service group might use in its system; and
- Identifies particular dangers of utilizing blockchain.
Half 2 of the paper:
- Presents an outline of related skilled requirements and standards governing SOC for Service Group examinations;
- Discusses the necessity for the service auditor’s group to own data about blockchain and the specialised abilities and competencies to carry out the engagement, together with using specialists when acceptable;
- Describes the distinctive parts of the service auditor’s understanding of a service group’s system when blockchain is integral to and interfaces with that system; and
- Discusses distinctive concerns when forming an opinion on the outline of a service group’s system that features blockchain, the suitability of the design of the controls, and in a sort 2 examination, the working effectiveness of controls.
— Jeff Drew (Jeff.Drew@aicpa-cima.com) is a JofA senior editor.