Skip to main content

An internal auditor’s guide to auditing blockchain

Blurring the line between physical and digital

Blockchain seems to be on every businessperson’s lips these days. But what is it, how will it reshape the way organizations operate, and how will it affect the roles and responsibilities of internal audit?

Risk considerations in blockchain technology

Technology-based solutions work best when they are designed to solve real-world problems. In a world where swipe left or right and one-click dominate the market, there is a genuine desire to streamline complex business problems. The complexity of business transactions and a potential lack of trust between parties create opportunities for innovative solutions. One such innovation, blockchain technology, also called distributed ledger technology, has experienced explosive growth.

Blockchain technology-based new proofs of concept (PoC) continue to develop in many industries, and a certain number of them are close to advancing from the pilot phase to implementation. As blockchain technology continues to evolve and expand on its promise to simplify transactional complexities, it also gives rise to previously unforeseen risks for businesses. As organizations consider implementing blockchain-based solutions, internal auditors need to assess these emerging risks and retroactively advise management on ways to implement appropriate safeguards.

For an introduction to blockchain for internal auditors, read part one of this series1. We introduced the concept of blockchain, peer-to-peer networks, and asymmetric key cryptography consensus mechanism. In addition, we provided an overview of cryptocurrencies, smart contracts, tokens, and initial coin offerings. We also discussed key features of different types of blockchains and how blockchain technology works.

In part 2, we will discuss risk considerations related to implementing blockchain technology through an internal audit lens. As a third line of defense, an internal audit is entrusted with the responsibility of providing the board and its management with comprehensive assurance while maintaining its independence and objectivity within the organization.


1 An internal auditor’s guide to auditing blockchain: Blurring the line between physical and digital,” Deloitte Perspectives, accessed May 2019.

Did you find this useful?

Thanks for your feedback

If you would like to help improve further, please complete a 3-minute survey