Blockchain Due Diligence Audits

The blockchain is a distributed database that maintains a continuously growing list of records called blocks that are secured from any kind of tampering and revision efforts. Each block contains a time stamp and a link to the previous block. A blockchain consists of blocks that hold batches of valid and approved transactions. Each block includes the hash of the prior block in the blockchain linking the two. The linked blocks form a chain, which is called a blockchain.

The blockchain is the foundational technology on which the popular bitcoin and other cryptocurrency platforms are built and is a technology that efficiently organizes and secures data so that it can reduce the cost and complexity of transactions to a great extent.

Factors leading to Blockchain Audits Demand

Increasing Attacks against Blockchain

As blockchain technology continues to both positively and negatively disrupt global industries, we must be diligent about the security implications. Although the blockchain has been well researched and answers many questions regarding decentralized trust, it does not address the security of users or the applications that connect to its network. Insecure wallets lead to theft of cryptocurrencies. Attackers have used old techniques in new ways with success, such as the dictionary attacks against Bitcoin private keys. To provide assurance for Blockchain implementations Valsen Fiduciaries provides Cyber Security Audits.

Due Diligence

Government regulators are struggling to keep up with and understand the legal implications of losses due to cyber attacks. Businesses must also be diligent. Blockchain technology is attracting a lot of interest in solving various business needs beyond decentralized payments. Entire automated businesses are being built using smart contracts. Retailers and others are looking into blockchain to manage their inventories. The medical industry is examining ways to manage medical documents. The number of successful and impactful attacks against exchanges extends well beyond the confines of this report and should serve as a warning. It is not enough to implement and use new technologies without performing a tailored risk assessment.

Governance

As industries research and implement their own blockchains, we can expect cybercriminals to deploy a combination of known and yet unknown techniques to compromise them. Without a clear understanding of where the risks are you may place undue trust in your blockchain implementations. As we’ve seen, mistakes are easy to make. Users are even harder to control and can negatively contribute to the risk. We need to learn from recent events to make better decisions for securing our technologies for tomorrow. It is therefore important for us to have an appropriate Governance model for implementing and monitoring the blockchain deployment.

Block Chain Audit Engagements:

Some of the use cases for Blockchain Audits could be:

  1. Smart Contract Code Reviews
  2. Crypto Currency Exchange Audits
  • Evaluate Controls implemented as intended using the blockchain
  1. Operating effectiveness of the blockchain implemented controls
  2. Vendor organizations may require a Third-Party Audit for Vendor Due Diligence
  3. Provide an Auditors independent opinion about controls at the organization to Management, Stakeholders and other concerned parties

Valsen Fiduciaries’ Scope of Work

As Valsen Fiduciaries, we will conduct our assurance engagement against established standards used by our auditors to assess the internal controls of a blockchain deployment. The control objectives and criteria vary based on the scope of the engagement and client operations.

The relationship between the organization deploying the blockchain and the purpose it serves must be viewed to help determine the controls that should be included in the engagement. Hence our engagements are usually risk-based.

In addition, the impact of the blockchain technology adapted in financial areas for the organization’s financial statements will also be the determining factor as to whether required controls whether covered in the scope of the engagement.

The following are some areas of control activities that within our scope:

  1. Security of the Keys
  2. Vulnerability Assessments/ Penetration Testing
  • Physical and environmental security
  1. Network security (firewalls, intrusion prevention)
  2. Change management
  3. Data retention and storage
  • Disaster recovery/business continuity
  • System documentation