Impact of Blockchain on IT Audit - Amy Kemp, CISA, CRISC, CISSP

 Blockchain Technology Overview Three Levels of Blockchain, Tokens  Alliances and Industry Adoption  Smart Contracts  Identity Management  Criticism and Challenges  Impact on the

Impact of Blockchain on IT Audit

Amy Kemp, CISA, CRISC, CISSP

Senior

June 6, 2017

Amy.Kemp@elliottdavis.com

980.201.3174

This material was used by Elliott Davis Decosimo during an oral

presentation; it is not a complete record of the discussion This

presentation is for informational purposes and does not contain or convey specific advice It should not be used or relied upon in regard to any

particular situation or circumstances without first consulting the

appropriate advisor No part of the presentation may be circulated,

quoted, or reproduced for distribution without prior written approval from Elliott Davis Decosimo.

 Blockchain Technology Overview

 Three Levels of Blockchain, Tokens

 Alliances and Industry Adoption

 Smart Contracts

 Identity Management

 Criticism and Challenges

 Impact on the IT Audit Function

 Learning and Engagement

Agenda

Blockchain technology is a digital innovation that is poised to significantly alter financial markets within the next few years, within a cryptographic ecosystem that has the potential to also significantly impact trusted computing activities and

therefore cybersecurity concerns as a whole.

Blockchain Overview

How many of you:

• Have heard of bitcoins?

Where It All Started

Blockchain technology was first introduced in a whitepaper entitled: “Bitcoin: A Peer-to-Peer Electronic Cash System,” by Satoshi Nakamoto in 2008.

• No reliance on trust

• Digital signatures

• Peer-to-peer network

• Proof-of-work

• Public history of transactions

• Honest, independent nodes control majority of CPU computing power

• Nodes vote with CPU computing power

• Rules and incentives enforced through consensus mechanism

https://bitcoin.org/bitcoin.pdf

Cryptocurrency Summarized

• Bitcoin was the first digital, i.e., cryptocurrency

• A maximum of 21 million Bitcoins can be generated

• Just as with real world mining, energy must be invested

to solve complex mathematical problems by which

systems earn Bitcoins

be indexing 4,220 cryptocurrencies

• Most circulated: Bitcoin, Ethereum, Litecoin

The Technology Behind Bitcoin

• Think of Bitcoin as an electronic asset (as well as a digital

currency)

• A network of computers keeps track of Bitcoin payments, and adds them to an ever-growing list of all the Bitcoin payments that have been made, called “The Bitcoin Blockchain”

• The file that contains data about all the Bitcoin transactions is often called a “ledger”

• Bitcoin value is created through transaction processing,

referred to as “mining,” which is performed by distributed

processors called “nodes” of the peer-to-peer network

A Gentle Introduction to Bitcoin by Antony Lewis, Gentle-Introduction/A-Gentle-Introduction-To-Bitcoin-WEB.pdf

https://bravenewcoin.com/assets/Reference-Papers/A-Mining Evolution

• Mining is the process whereby value is created through

transaction processing that occurs on nodes of the network.

computer In 2015, it would take about 98 years to mine just 1 Bitcoin.

home mining.

• ASIC (Application Specific Integrated Circuit) has been designed strictly for mining Bitcoins.

paid their relative share for their contribution to the work performed.

My Dirty Little Bitcoin Secrets by Ofir Beigel, www.99bitcoins.com

1 Storage for digital records

2 Exchanging digital assets (called tokens)

3 Executing smart contracts

- Ground rules – Terms & conditions recorded in code

- Distributed network executes contract & monitors

compliance

- Outcomes are automatically validated without third party

Tech Trends 2017, The Kenetic Enterprise, “Blockchain: Trust economy”, Deloitte University Press, 2017

Three “Levels” of Blockchain

• A broader use is supported by the digital infrastructure

introduced through Bitcoin, as represented by “tokens”.

• A “token” can be defined as a “scarce digital asset based on

underlying technology inspired by Bitcoin.”

• Tokens may use similar codebases but different blockchain

databases.

• Ethereum was Bitcoin-inspired but has its own blockchain and is engineered to be more programmable Tokens can be issued on top of the Ethereum blockchain.

• Token buyers are buying private keys, which are similar to API keys, but can be transferred to other parties without consent.

“Thoughts on Tokens”, Balaji S Srinivasan and Naval Ravikant

A General Discussion about Tokens

• Tokens have a value and therefore a price.

to equity-based financing

• Tokens do not dilute capital They introduce a huge increase to buyer base and time-to-liquidity.

• Token launches differ from equity sales; however, they can be

issued as a way to share profits.

• Tokens can be sold internationally over the internet and are

always open for business.

• Tokens decentralize the process of funding technology.

Thoughts on Tokens, Balaji S Srinivasan and Naval Ravikant

Tokens, continued

• Tokens enable a better-than-free new business model.

• Tokens will introduce the rise of the “tech savvy senior

“Contracts Get Smarter with Blockchain”, CIO Journal, The Wall Street Journal,

World Trade Organization, International Trade Statistics 2015 , 2015, p 41.

Current paper-based

systems drive $18

trillion in transactions

per year.

• Hyperledger is an open source collaborative effort created to

advance cross-industry blockchain technologies It is a global

collaboration, hosted by The Linux Foundation, including leaders in finance, banking, IoT, supply chain, manufacturing, and technology.

• Business Blockchain Frameworks are hosted with Hyperledger.

• Hyperledger addresses important features for a cross-industry open standard for distributed ledgers The Linux Foundation hosts

Hyperledger as a Collaborative Project under the foundation. 

• To learn more, visit:   https://www.hyperledger.org /.

www.hyperledger.org

Hyperledger

Hyperledger Projects

A few of the Hyperledger Projects include:

with a modular blockchain client, built in part to the

specification of the Ethereum Virtual Machine (EVM)

• Hyperledger Fabric – Foundation for developing plug-n-play solutions within a modular architecture

designed to be incorporated into infrastructure projects

requiring distributed ledger technology

• Hyperledger Sawtooth – A modular platform for building, deploying, and running distributed ledgers

Ethereum is a decentralized platform that runs smart contracts: applications that run exactly as

programmed without any possibility of downtime, censorship, fraud, or third party interference.

The Ethereum project was bootstrapped via an ether pre-sale during August 2014 by fans all around the world It is developed by the Ethereum Foundation, a Swiss nonprofit, with contributions from individuals and organizations across the globe.

www.ethereum.org

Ethereum Alliance

Several Ethereum offerings include:

• The Ethereum Wallet, which is a gateway to    

decentralized applications on the Ethereum blockchain, allowing users to hold and secure ether and other crypto- assets built on Ethereum, as well as write, deploy and use smart contracts

• Design and issue your own cryptocurrency/traceable

token

• Kickstart a project with Crowdsale

www.ethereum.org

Ethereum Tools

• Ether is the crypto-fuel for the Ethereum network.

• Ether is a necessary element – a fuel – for operating the distributed application platform Ethereum It is a form of payment made by the clients of the platform to the machines executing the requested

operations, functioning as the incentive that ensures that developers will write quality applications, and that the network remains healthy.

• The total supply of ether and its rate of issuance was decided by the donations gathered on the 2014 presale.

• Developers who intend to build apps that will use the Ethereum

blockchain need ether

• Users who want to access and interact with smart contracts on the Ethereum blockchain also need ether.

www.ethereum.org

What is Ether?

companies and industries Forty-two percent believe it will disrupt their industries.

“Blockchain Adoption Varies by Industry”, CIO Journal, The Wall Street Journal

Financial Services Industry

• As noted by A Michael Smith in “Creating Assurance in

Blockchain,” trust and efficiency are the main value drivers for any use case The finance world is driven by technology.

regulations within an increasingly complex cybersecurity

environment requires considerable time and resources.

• The financial services industry immediately saw opportunities in blockchain and has been investing heavily in its usage, primarily

as a part of private implementations

Creating Assurance in Blockchain, Volume 2, 2017, by A Michael Smith

Banking on change: How to respond to new expectations for audit committees by PWC Internal Audit

Foundation, Douglas Anderson, CIA, CRMA, Cassian Joe, and Klaas J Westerling

requires ongoing resource dedication Multiple solutions are available, all of which require configuring and

managing multiple identifiers for an individual’s various identities.

Identity management is an area that will certainly be impacted by

widespread use of private keys to secure transactions.

Distributed Access Management

• Creating an identity on blockchain can give individuals

greater control over who has their personal information

and how they access it

• Areas impacted include passports, e-residency, birth

certificates, wedding certificates, IDs, online account logins, etc

• Digital ID’s can provide digital watermarks that can be

assigned to every online transaction of any asset

“21 Companies Leveraging Blockchain for Identity Management and Authentication” by Elena

Mesropyan,

https://letstalkpayments.com/22-companies-leveraging-blockchain-for-identity-management-and-authentication/

Protecting Private Keys

• Within the blockchain, trust relies on the safekeeping of private keys, in support of a truly distributed identity management

• Ultimately, that safekeeping resides with the actions taken by individuals to secure their private key

• For cryptocurrency traders, one frequently sees the

recommendation to write one’s private key down on a piece of paper and put it up for safekeeping in, for

example, a safe deposit box

://bravenewcoin.com/news/netki-launches-digital-id-solution-which-bitt-is-using-with-central-banks-in-Criticism and Challenges

Critics have cited the following blockchain challenges:

•Uncertain regulatory status

•Control, security and privacy

•Integration concerns

•Cultural adoption

•Cost

•Challenges associated with audit, taxes, and compliance

Creating Assurance in Blockchain, Volume 2, 2017, by A Michael Smith

Deloitte’s Blockchain technology: 9 benefits & 7 challenges,

challenges.html

https://www2.deloitte.com/nl/nl/pages/innovatie/artikelen/blockchain-technology-9-benefits-and-7-• An area of heavy criticism has to do with the vast amounts of energy necessary to process and store transactions, especially as the use of blockchain technology increases

• The Bitcoin blockchain network’s miners are attempting 450

thousand trillion solutions per second in efforts to validate

transactions, using substantial amounts of computer power

• Note that there are also opportunities to decentralize the energy grid

• Wasted resources: Mining Bitcoin wastes huge amounts of energy ($15million/day)

Deloitte’s Blockchain technology: 9 benefits & 7 challenges,

Impact on the IT Audit Function

• Although the technology is still in its infancy, boundless usage

opportunities exist

• The identity management landscape is likely to shift dramatically

• There is sure to be evolution within IT audit as various use cases unfold

• Features that create trust could drive unachievable overhead costs

• Compliance burden should eventually be eased as the technology is adopted, but this requires regulatory updates, which could take a while

Tech Trends 2017, The Kenetic Enterprise, “Blockchain: Trust economy”, Deloitte University Press, 2017

Additional opportunities:

• Organizations/alliances that offer the ability to connect with a spectrum of opinions and perspectives:

- Ethereum Alliance – www.ethereum.org

- Hyperledger Community – www.hyperledger.org

• Offers Working Group Meetings

• Join or participate in the cryptocurrency exchange

Amy Kemp, CISA, CRISC, CISSP