In the past two decades, accounting scandals have cost billions of dollars to companies and investors. The Enron scandal (2001), Lehman Brothers (2008), Satyam Scandal and many others have caused huge losses to companies and people alike.
According to PWC’s Global Economic Crime and Fraud Surveys 2022, asset misappropriation—or, insider fraud—was one of the top three financial frauds after cyber crime and customer fraud in a company. The bigger the organisation, the higher the chances of asset misappropriation.
The survey further showed that asset misappropriation made up about 24% of all the three types of frauds in a company-size with a revenue between $1–$10 billion. This type of fraud rises to 31% in companies with revenues more than $10 billion. In terms of sectors, government and public sector account for about 33% cases of asset misappropriation, followed by retail and consumer (31%) and industrial manufacturing (28%).
Companies spend millions on securing the system against outside cyber attacks (32%), which is only 1% higher than the insider fraud (31%), but have done relatively little to check frauds committed by insiders.
There is a huge challenge to ensure that data has not been changed, replaced, or manipulated by a company or its employees. We often assume that the data is accurate thanks to techniques like private keys and user permissions. However, we are unable to formally or mathematically demonstrate that data included in a typical application database is absolutely tamper-free. Our next, and perhaps most expensive, line of defence is auditing.
How can we really secure a company from an inside attack?
Immutability: If you can’t change it, you can’t fudge it
Blockchains are made to be resistant to data modification by design. A blockchain can effectively function as an open, distributed ledger that can efficiently and permanently record transactions between two parties. Blockchain can also be used to verify transactions that have been reported. Using the technology, auditors could simply confirm the transactions on readily accessible blockchain ledgers rather than requesting bank statements from clients or contacting third parties for confirmation.
The blockchain technology achieves this immutability by matching cryptography with blockchain.
Each transaction that the blockchain network deems valid is time-stamped, embedded into a ‘block’ of data, and cryptographically secured by a hashing operation that links to and integrates the hash of the previous block. This new transaction then joins the chain as the following chronological update.
Meta-data from the hash output of the previous block is always incorporated into the hashing process of a new block. Since the succeeding blocks in the chain would reject any attempts to modify the data after it has been authenticated and added to the blockchain—since their hashes wouldn’t be valid—this crucial step in the hashing process renders the chain ‘unbreakable’. In other words, the blockchain will crash if the data is altered, and the cause will be obvious. Traditional databases don’t have this feature; there, the data can be easily added, changed, or removed.
The blockchain essentially serves as a time-stamped ledger of facts. These Bitcoin statistics include details regarding transfers between addresses.
Blockchain-based ledgers can ensure that an application has a complete history and data trail because, once a transaction is added to the blockchain, it remains there as a representation of the ledger up to that point in time. By simply recalculating the block hashes, the chain’s integrity can be verified at any moment; if there is a disagreement between a block’s data and its matching hash, the transactions are invalid. This makes it possible for businesses and industry authorities to swiftly identify data manipulation.
Boon for auditing companies
Currently, a low-value transaction on the blockchain takes about 10 minutes to be verified because only one block verification is deemed necessary. The associated transactions are more immutable further along the chain, or how many blocks must pass before a transaction is regarded as validated. Typically, verifying a high-value transaction takes about an hour (6 blocks).
Compare this to conventional financial transactions, where the clearing of information may take a month or longer. The audit process might be impacted by this blockchain feature for pseudo-real-time verification. Audit companies will be able to conduct continuous online assessments during the period under audit rather than assessments at year end, or interim.
This technology seems to be a fool-proof system which is likely to change the financial system for good and check for both internal and external frauds.