Professional Documents
Culture Documents
BLOCKCHAIN
P R E PA R AT I O N
AUDIT PROGRAM
2 BLOCKCHAIN PREPARATION AUDIT PROGRAM
CONTENTS
4 Blockchain Preparation Audit Program
4 / Audit Subject
4 / Audit Objectives
4 / Audit Scope
4 / Business Impact and Risk
5 / Minimum Audit Skills
5 / Testing Steps
6 Acknowledgments
ABSTRACT
As an emerging technology, blockchain promises great benefit but also entails new risk.
Many enterprises lack personnel with the requisite skills to assess the risk and
recommend adequate safeguards to mitigate it. It is critical—especially during this early
phase of the technology—to understand the risk associated with blockchain and consider
the high-level controls that address it. The Blockchain Preparation Audit Program is
intended to meet these goals.
recognized auditing standard. Enterprises who adopt the technology control environment, indicating whether it is
technology should identify and develop key policies, adequately designed and operationally effective
procedures and controls to mitigate its risk and streamline • Identify blockchain risk, which could result in reputational
• Development
Blockchain eliminates dependency on a central, trusted
• Security
authority for approving transactions; it facilitates and
• Transactions
guarantees consensus among multiple, decentralized
• Consensus
participants in the market. Its benefits include:
The auditor performing the review should determine the
• Transparency
scope of organizational functions, systems and assets to
• Cost reduction
be tested.
• Enhanced speed
The Blockchain Preparation Audit Program will: endpoints and theft/loss of sensitive data
enterprise level
• Substantial impact to customers and regulatory consequences
Testing Steps
Audit steps have been developed for each category and
subprocess to evaluate the effectiveness of the
enterprise’s controls. Refer to the Blockchain Preparation
Audit Program Excel spreadsheet for full documentation.
selected?
expertise?
Acknowledgments
ISACA would like to recognize:
Ted Wolff
CISA
Vanguard, Inc., USA
Tichaona Zororo
CISA, CRISC, CISM, CGEIT, COBIT 5
Assessor, CIA, CRMA
EGIT | Enterprise Governance of IT (Pty)
Ltd, South Africa
Theresa Grafenstine
ISACA Board Chair, 2017-2018
CISA, CRISC, CGEIT, CGAP, CGMA, CIA,
CISSP, CPA
Deloitte & Touche LLP, USA
About ISACA
Now in its 50th-anniversary year, ISACA® (isaca.org) is a global association
1700 E. Golf Road, Suite 400
helping individuals and enterprises achieve the positive potential of
Schaumburg, IL 60173, USA
technology. Today’s world is powered by information and technology, and
ISACA equips professionals with the knowledge, credentials, education and
Phone: +1.847.660.5505
community to advance their careers and transform their organizations. ISACA
leverages the expertise of its 460,000 engaged professionals—including its Fax: +1.847.253.1755
140,000 members—in information and cybersecurity, governance, assurance,
Support: support.isaca.org
risk and innovation, as well as its enterprise performance subsidiary, CMMI®
Institute, to help advance innovation through technology. ISACA has a Website: www.isaca.org
presence in more than 188 countries, including more than 220 chapters
worldwide and offices in both the United States and China.
DISCLAIMER
Provide Feedback:
ISACA has designed and created Blockchain Preparation Audit Program (the
www.isaca.org/blockchain-preparation
“Work”) primarily as an educational resource for professionals. ISACA makes
no claim that use of any of the Work will assure a successful outcome. The Participate in the ISACA Online
Work should not be considered inclusive of all proper information, procedures Forums:
and tests or exclusive of other information, procedures and tests that are https://engage.isaca.org/onlineforums
reasonably directed to obtaining the same results. In determining the propriety
Twitter:
of any specific information, procedure or test, professionals should apply their www.twitter.com/ISACANews
own professional judgment to the specific circumstances presented by the
particular systems or information technology environment. LinkedIn:
www.linkedin.com/company/isaca