Blockchain technology can be used to improve risk management and create better controls for organizations, according to a new paper released Tuesday by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
COSO is a voluntary private-sector organization that seeks to improve organizational performance and governance through effective internal control, enterprise risk management, and fraud deterrence. The AICPA is a sponsor of COSO.
Blockchain and Internal Control: The COSO Perspective describes uses for the COSO Internal Control — Integrated Framework (2013) for evaluating risks related to the use of blockchain in the context of financial reporting and to design and implement controls to address such risks. The paper is designed to help inform decisions on oversight, risks, and internal control over financial reporting (ICFR) in a blockchain environment.
The paper discusses the implications for the five components of the 2013 framework when blockchain is introduced into the business environment:
- Control environment: Blockchain can help facilitate an effective control environment with features such as the ability to record transactions with minimal human intervention. But blockchain does not address many of the principles of the control environment because they deal primarily with human behavior, which blockchain is unable to assess.
- Risk assessment: Blockchain creates new risks but also helps mitigate existing risks by promoting accountability, maintaining record integrity, and providing an irrefutable record.
- Control activities: Blockchain and smart contracts can minimize human error and opportunities for fraud. But the collaborative aspects of blockchain can introduce additional complexity, especially when the technology is decentralized and no single party is accountable for the systems that fall under ICFR.
- Information and communication: The enhanced visibility associated with blockchain can provide a faster, more effective way for management to communicate financial information.
- Monitoring activities: Blockchain enables the potential for facilitating monitoring more often, on more topics, and in more detail.
“Blockchain-enhanced tools have the potential to promote operational efficiency and effectiveness, improve reliability and responsiveness of financial and other reporting, and improve compliance with laws and regulations. At the same time, blockchain creates new risks and the need for new controls,” COSO Chairman Paul Sobel said in a news release. “When an organization evaluates the use of blockchain through a COSO lens, it enables the board of directors and senior executives to better understand the context and make more informed assessments of the technology’s potential and applicability with respect to internal control.”
— Ken Tysiac (Kenneth.Tysiac@aicpa-cima.com) is the JofA’s editorial director.