About Wolters Kluwer
Wolters Kluwer is a global provider of professional information, software solutions, and services for clinicians, nurses, accountants, lawyers, and tax, finance, audit, risk, compliance, and regulatory sectors.
Select Language
Visit our global site, or select a location
Health
Trusted clinical technology and evidence-based solutions that drive effective decision-making and outcomes across healthcare. Specialized in clinical effectiveness, learning, research and safety.
Tax & Accounting
Enabling tax and accounting professionals and businesses of all sizes drive productivity, navigate change, and deliver better outcomes. With workflows optimized by technology and guided by deep domain expertise, we help organizations grow, manage, and protect their businesses and their client’s businesses.
Finance
Our solutions for regulated financial departments and institutions help customers meet their obligations to external regulators. We specialize in unifying and optimizing processes to deliver a real-time and accurate view of your financial position.
Compliance
Enabling organizations to ensure adherence with ever-changing regulatory obligations, manage risk, increase efficiency, and produce better business outcomes.
Legal
Serving legal professionals in law firms, General Counsel offices and corporate legal departments with data-driven decision-making tools. We streamline legal and regulatory research, analysis, and workflows to drive value to organizations, ensuring more transparent, just and safe societies.
While it’s unclear exactly what role cryptocurrency and blockchain will play in the future of business, digital assets and associated technologies have had staying power. Internal auditors need to take note now and prepare for crypto and blockchain audits, rather than getting caught off guard and introducing new risks.
Even if your organization isn’t familiar with cryptocurrency and blockchain — only three percent of attendees at a Wolters Kluwer emerging technology webinar said they were using blockchain technology — don’t assume that will always be the case.
Manufacturing businesses, for example, might need to get involved with blockchain to be part of their customers’ traceable supply chains. Banks might need to store digital assets for customers. E-commerce stores might accept certain types of crypto if enough customers want to pay that way.
So, internal auditors should be proactive and work crypto, and blockchain controls into their overall auditing responsibilities. That can include auditing existing usage, as well as examining future usage.
From an internal auditor’s perspective, a crypto audit is a review of an organization’s use of cryptocurrencies, such as Bitcoin and Ethereum, to ensure that proper controls are in place. While crypto assets have their own intricacies, in many respects, a crypto audit resembles a cash or foreign exchange audit.
The National Credit Union Administration Examiner’s Guide views cash-like instruments (e.g., gift cards and money orders) by determining “which types of cash-like instruments the credit union offers,” and by verifying “that management monitors and restricts access to cash-like instruments and maintains a precise record of issued and unissued items.”
While this does not specifically refer to crypto, similar logic applies to a crypto audit. If you accept crypto as a form of payment from customers, for example, then a crypto audit would likely include areas that verify transactions that align with crypto holdings.
A crypto audit might also assess if proper risks are being considered if your organization is using crypto, such as being able to handle the potential tax consequences of trading digital assets.
Related to a crypto audit, a blockchain audit involves reviewing the controls of your organization’s use or consideration of blockchain technologies.
The good news is that a blockchain is theoretically easy to audit in the sense that accurate information on blockchain transactions should be readily available to all participants.
“The ledger is distributed across many participants in the network — it doesn’t exist in one place. Instead, copies exist and are simultaneously updated with every fully participating node in the ecosystem,” explains the MIT Sloan School of Management.
But it’s not just about reviewing transactions. A blockchain audit also involves making sure the proper protocols are in place for blockchain usage, for example proper security and compliance controls.
“Fortunately, looking at blockchain from the perspective of IT general controls (ITGCs) makes auditing blockchain more manageable and simpler… the IT auditor can look to ITGCs (specifically, access management, change management and data management/backup and restoration) as the foundation of a blockchain audit,” notes an ISACA article.
Auditing cryptocurrency and blockchains doesn’t have to be much different than auditing other areas of a business. You may need to bring on additional staff that has experience with digital assets, as well as take a more proactive approach. In general, the process is similar to auditing other emerging areas like the cloud or even existing financial practices, like cash management.
Consider the following to audit crypto and blockchain effectively:
The first step to crypto and blockchain auditing is to find out what your organization’s current and planned usage looks like. If you don’t know if your finance department manages any cryptocurrencies, for example, then it’s hard to put proper controls in place. You can also consider future usage to get a sense of whether you have the right staffing in place to manage risks.
Once you have a good handle on your organization’s usage of crypto and blockchain, you can begin identifying the potential top risks involved.
For example, you might assess whether your finance team has the right tools needed to track crypto transactions as easily as any other asset.
“Because crypto investors often use multiple exchanges and wallets, it can be difficult to find data on every buying and selling event,” notes CoinLedger, a tax platform for crypto investors.
While crypto usage for your organization likely differs from that of an individual investor, you still want to make sure that information on your crypto transactions isn’t trapped in disparate systems.
Review the risks related to security and understand that not all blockchains are the same. Take action and collaborate with IT leaders to assess if the blockchains you’re using and the associated cyber protocols are keeping the data secure.
These are just a few of the many risks that can come about with crypto and blockchain usage. Internal auditors should work with other departments to assess what those top risks look like within your organization and how they can be effectively managed.
After you identify the top risks, establish better controls for crypto and blockchain usage. For example, you might want to work with your legal department to establish liability controls for blockchain networks.
As the World Economic Forum notes, one “consideration for participants at the outset is who holds legal/regulatory liability in a permissioned network for cases such as data breach or smart contracts errors?”
If you don’t have sufficient legal controls in place to handle issues like these, then you could end up amplifying existing risks.
Focusing on these areas can help your organization get the most out of these new tools while limiting potential downsides. However, internal audit teams shouldn’t be required to tackle these issues alone.
Leaders, such as other department managers, the C-Suite, and board directors, should always be informed and kept in the loop. Doing so can help internal auditors better understand crypto and blockchain risks and help other leaders assess how to use these tools going forward.
To see the form, you will need to change your cookie settings. Click the button below to update your preferences to accept all cookies. For more information, please review our Privacy & Cookie Notice.
TeamMate+ Audit
Audit management
The world’s leading audit management software – empowering audit departments of all sizes.
When you have to be right
© 2022 Wolters Kluwer N.V. and/or its subsidiaries. All rights reserved.