Illustrative Framework Provides Guide To Evaluating Digital Assets And Blockchain Technology; Suggests Actions to Mitigate Threats
The Accounting Blockchain Coalition’s (ABC) Internal Control (IC) Working Group released its first tool for ABC members recently. The new tool is in a document format and called Possible Threats and Vulnerabilities of Assets Related to Digital Assets and Blockchain Transactions and Recommended Internal Control Activities and Actions to Address Them.
IC Working Group Co-Chairman and RSM US’s Bennett Moore said that the purpose of this tool is to assist readers who are considering a risk assessment of certain common processes associated with the use of blockchain technology. It was developed and is presented as a possible risk assessment adapted from the established framework, concepts and principles of the National Institute of Science and Technology’s (NIST) Special Publication 800-30.
The tool can be used as a baseline for businesses using or considering using blockchain technology within their organization. It can help evaluate specific considerations for how their business is organized and how they’re actually using digital assets and blockchain technology. Other similar tools and documents from various accounting and consulting firms address risk-identification too, but none of them really try to provide guidelines on internal control activities or suggest actions to mitigate the threats and vulnerabities identified. This is where ABC’s tool is different and why it is the first of its kind.
First of Its Kind
It is the first tool that takes a high-level approach at identifying the recommended procedures — in terms of internal control activities — and addresses the identified threats and vulnerabilities in an illustrative framework. In other words, it doesn’t just point out possible threats and vulnerabities in the use of a digital asset or blockchain technology. It provides generalized guidelines to mitigate the vulnerabities. This risk-identification and mitigation tool can be downloaded here:
Although ABC’s tool is more comprehensive then what is commonly available in the market today, it is important to note that it is not an authoritative risk framework, but a high-level exploration of guidance that is based on existing frameworks in the context of their use with digital assets and blockchain technology.
The Illustrative Framework
Possible Threats and Vulnerabilities of Assets Related to Digital Assets and Blockchain Transactions and Recommended Internal Control Activities and Actions to Address Them is organized to initially addresses two key, common blockchain processes. The processes targeted are the Execution and Authorization of a Transaction and Digital Asset Due Diligence by various assets. The tool drills into these two processes and incorporates key elements and an analysis of those elements, along with example internal control activities and procedures for addressing their associated inherent risks. More processes are planned to be added at a later date. The tool’s illustrative framework includes:
Inherent Risks: This section is designed to identify specific risks that are inherent to the use of blockchain technology across all applications. These are risks that represent a specific scenario initiated by a threat or vulnerability that has not been addressed by any internal controls yet.
Threats and Vulnerabilities: This section is designed to identify the specific threats and vulnerabilities that are linked directly to the assets being evaluated within the process.
Likelihood & Impact: This section is designed to give a general estimate for the likelihood and impact of a specific threat or vulnerability occurring. It also is designed to provide the consideration for our generalized assessment of the likelihood of the related threat or vulnerability.
Internal Controls: This section is designed to identify specific activities, procedures, and protections associated with mitigating the outlined threats and vulnerabilities that are tied to the inherent risks.
How To Use The Tool To Mitigate The Threats And Vulnerabilities Of Assets Involved In Blockchain Transactions
The tool is effective when it is introduced at a general board meeting with management to frame a discussion around an organization’s consideration to use blockchain technology. It can be used to evaluate the common processes and identify the risks and the related threats that might be associated with interacting with a specific digital asset or blockchain platform. Next, a team is assigned to leverage the framework directly with their actual business structure. After evaluating the results of this exercise, management would give a presentation, using the illustrative framework, identifying the specific threats and vulnerabilities and proposing internal control procedures and activities that would mitigate the recognized risks, for discussion and decision-making. For more information on how to use this tool contact: [email protected].