Evaluating Blockchain and Internal Control Through a COSO Lens
While blockchain is still a mystery to many people, Big 4 surveys indicate that blockchain is critical and amongst the top-five strategic priorities for the majority of larger businesses surveyed, and that more than three-quarters of those responding to such executive surveys are actively involved in blockchain themselves. Individually, professional bodies associated with the business reporting supply chain are delivering their own guidance and thought-leadership materials (1).
At such a crucial time, the pandemic has led to limited opportunities to meet together within and across these organizations to discuss the relevant issues – not within the islands of individual professional organizations, let alone in collaborative forums that can bring together the needs, motivations and potential contributions of financial executives, internal auditors, external auditors, management accountants and academics.
On what has evolved as a timely basis, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) released on Tuesday (August 4, 2020) a new thought leadership paper, Blockchain and Internal Control: The COSO Perspective (2020) (2). The paper sought to provide insight on how to leverage the COSO Internal Control – Integrated Framework (2013) when considering implementing blockchain within an organization.
Like blockchain, COSO is a mystery to some people. We all know about the topic of internal controls; many of us are familiar with the so-called “COSO Cube”; most larger companies’ annual filings with the US SEC have an auditor’s report on internal controls that refers specifically to how the audited company “maintained, in all material respects, effective internal control over financial reporting as of ##/##/####, based on the criteria established in Internal Control – Integrated Framework (2013) issued by COSO.
COSO brings together representatives to the focus groups mentioned above:
- Financial executives (FEI)
- Internal auditors (IIA)
- External auditors (AICPA)
- Management accountants (IMA), and
- Academics (AAA)
As noted in the COSO press release, I am one of the co-authors. My goals included helping counter the fallacies, providing an objective view to both potential benefits and risks, and bringing together stakeholder communities to come together for the greatest possible WIN-WIN-WIN situation.
It was a terrific exercise. The Cube was a great place to start in thinking through the potential impacts of blockchain. One side of the cube speaks to the subdivision of the Entity itself; blockchain has the potential to transform the nature of what we consider an entity, blurring the lines of where internal controls must operate (see discussions within on consortium blockchains, for example). Another side speaks to “Operations, Reporting and Compliance” – all of these areas may be impacted by blockchain, in conjunction with other emerging technologies. Finally, there are the five components and seventeen principles; I’ll probably write more about them soon, but you can read up in the meanwhile.
Footnotes:
(1) For example, CPA Canada’s resources can be found at https://www.cpacanada.ca/en/business-and-accounting-resources/other-general-business-topics/information-management-and-technology/publications/cpa-perspectives-on-blockchain
(2) https://www.coso.org/Documents/Blockchain-and-Internal-Control-The-COSO-Perspective-Guidance.pdf
Comments
- No comments found
Leave a comment