In collaboration with AICPA & CIMA, ISACA published a joint white paper in April entitled “Blockchain Risk: Considerations for Professionals,” an important work that describes and provides background about specific risks related to blockchain implementation and operation. This paper was developed over several months in collaboration with colleagues across multiple industries and professions, and I had the privilege of being a member of the working group responsible for its creation.
In retrospect, the development of this white paper, in my mind, is reflective of the progression of blockchain technology throughout multiple global markets and industry functions. The launch of the bitcoin blockchain in 2009, and the rapid (as well as volatile) growth of cryptoassets over the ensuing decade-plus, has often obscured the deep research and work that was and is occurring across the world to better understand the benefits of blockchain technology. To put this into context, blockchain prototyping started as early as 2014 across several financial functions, including payments, clearing and settlement, and trade finance. Since that time, however, the number of industries in proof of concept or active development of blockchain technology solutions has grown manifold and range from banking and financial services to automotive manufacture, healthcare, telecommunications, transportation, life sciences, and much more.
In light of these rapid developments, there are several critical reasons that this blockchain risks white paper takes on even greater importance. First, it is important to realize that blockchain development and implementation will take several years across different industries, given the level of knowledge and understanding that exists about blockchain. Thus education, including education about the types of potential risks of blockchain usage, will be key over time as it expands across industries and enterprises. Many of us remember a time when only a small number of businesses were utilizing the internet; today you would be hard-pressed to find a business of any size worldwide that does not use it regularly. Blockchain usage will most likewise develop similarly.
In addition, the publication brings to light the challenges of blockchain utilization within the context of the enterprise itself. In other words, blockchain technology cannot be implemented in a vacuum. A critically important aspect of blockchain implementation in the enterprise is the need to be aware of which existing systems may be impacted by the use of blockchain technology. From payments to logistics, supply chain, personnel management, data privacy, and more, the publication is meant to be that continual reference guide by which firms can track their progress and risk exposure in an increasingly blockchain world.
Finally, the publication, which assigns blockchain risks to five primary domains (governance, infrastructure, data, key management, and smart contracts), reflects those aspects of blockchain technology that, while unique to blockchain, are still reflective of many existing enterprise functions. Thus, when we consider the challenges of privacy, cybersecurity, and compliance, for example, the need to understand the differences and similarities of these risks becomes clearer.
Blockchain technology has and will continue to offer a wide variety of benefits, including transparency, traceability, reduced costs, and more. That said, the impact of blockchain implementation around the world cannot happen without a clear-eyed perspective on both these benefits and risks, and I encourage colleagues in multiple professions and job functions to read this white paper and keep it as the reference they will need in a blockchain future.
Editor’s note: For additional blockchain resources, download ISACA’s Blockchain Framework and Guidance and find out about ISACA’s Certified in Emerging Technology (CET) credential.