The American Institute of CPAs (AICPA) has issued a white paper to help auditors providing SOC for Service Organisation (SOC) reports on organisations that have incorporated blockchain into their service delivery systems.
The white paper, Implications of the Use of Blockchain in SOC for Service Organisation Examinations, was developed by a working group of the AICPA Assurance Service Executive Committee (ASEC). The paper explores the skills auditors need to perform such engagements, unique features of blockchain, risks associated with using blockchain, and how the use of blockchain by service organisation may affect SOC examinations.
AICPA vice president – assurance and advisory innovation – Amy Pawlicki said: “As the use of blockchain increases, it’s likely that more service organisations will decide to use blockchain. Auditors hired to perform their SOC engagements need a deeper understanding of the technology and the risks it presents to the service organisation and those who use their services.”
Highlights of the white paper include:
- An overview of blockchain, including a discussion of the different types of blockchain networks and some of its unique features.
- Specific risks of using blockchain.
- An overview of relevant professional standards and criteria governing SOC for service organization examinations.
- A discussion of the need for the engagement team to possess knowledge about blockchain and the specialized skills and competencies to perform the engagement, including the use of specialists when appropriate.
- A description of the unique elements of the auditor’s understanding of a service organization’s system when blockchain is integral to and interfaces with that system.
- A discussion of unique considerations when forming an opinion on the description of a service organization’s system that includes blockchain, the suitability of the design of the controls, and in a type 2 examination, the operating effectiveness of controls.