2020-2021 has seen a tremendous increase in blockchain use cases as developers found new technology applications. While 2020 saw the rise of decentralized finance, 2021 has focused more on creativity and the transition from physical to digital application through non-fungible tokens (NFTs), which have played a role in the emergence of metaverse.
While blockchain came into prominence with the advent of the first cryptocurrency, Bitcoin, the technology has expanded to much more over the years. Since its inception back in 2008, the technology has profoundly changed all the major industries cutting across the supply chain and logistics monitoring, banking, digital identity, voting, healthcare, music, smart energy and many others.
That said, the increasing use of blockchain could affect the nature and extent of information available to auditors and how audits are performed.
Given blockchain’s decentralized, transparent and traceability nature, authorities and key stakeholders have been working on keeping players in check to protect users and project owners.
One great tool that seems to complete the work is auditing blockchain and crypto-based projects.
What is smart contract audit?
According to Oxford, an audit can be defined as the official account inspection of an organization by an independent body. Blockchain audits are mainly aimed at ensuring participants within the technology are providing the best solution while remaining compliant with the set regulations.
Current regulations and auditing standards
There are already some regulations that require blockchain-based projects in theory to conduct audits.
For instance, the California Consumer Privacy Act (CCPA) directs the project to undergo an auditing process at least once in a given 12 years. In addition, the American Institute of CPAs’ SOC 2 audit standards require firms to undergo audits every six months.
At the same time, the European Union’s General Data Protection Regulation (GDPR) calls for regular testing, assessing and evaluating the effectiveness of technical and organizational measures. The GDPR, however, applies to the handling of personally identifiable information.
Blockchain-based auditors rely on different apparatuses such as data analytics to better understand the project in order to identify errors and anomalies in the data patterns. Unlike traditional assets, auditors find it much easier to audit blockchain-based projects. This is because the technology records all transactions transparently, secure and uninterrupted by third parties.
This, therefore, facilitates easy access to data, saving auditors time and overall cost work needed. In addition, some blockchain applications, especially decentralized finance (DeFi), use smart contracts to automate business processes. This makes it easier for auditors to verify transactions and the data therein.
Need of Guidelines for current auditing standards
However, this is easier said than done. Despite the advantages that come with the technology, auditing blockchain-based projects still need a lot of adjustments. As it is now, many within the industry agree that the current auditing standards are too vague and need more guidelines. When auditing a blockchain technology or application, entities are faced with a few questions.
Firstly, they need to figure out (the process) of auditing the network and the data stored within a blockchain. Auditors also need to figure out how to use the current data analytic to support their work.
Secondly, there are currently no specific auditing standards for blockchain. Regulators are still trying to create clear guidelines and regulations for the blockchain.
Notably, the hard part for most has been understanding the place of law in blockchain’s interoperability. Furthermore, it has been more difficult to predict when and how long it might take to issue such standardized guidelines.
According to a report in 2016, existing auditing standards are, for a larger part, reactive in nature, responding to particular needs instead of anticipating the needs. The consequence of this is that these standards are always lagging.
Also, jurisdictions have different auditing agendas, making it harder to execute efficient audits. Lastly, some auditing companies or organizations lack the proper skills set like statistical inferences needed to evaluate blockchain.
Possible auditing solutions
As stated earlier, the nature of blockchain calls for a different approach to how things are run. This means taking on new tools and strategies to keep up with the technology. There is a need for information technology (IT) based auditing standards.
There is also a need for regulators to increase the pace at which they release new standards or updates on blockchain audits. Over the last few years, blockchain applications have been evolving almost monthly, if not weekly. This has made it difficult for regulators to create working guidelines.
However, regulators can correct this mismatch by applying the available technologies to keep up with the blockchain’s changes and technologies. It should also be mandatory for companies to go through another audit following a significant amendment to their code. Auditors should also seek to create a self-regulatory organization (SRO) to create accountability within the ecosystem.
In addition, there should be standardized skill set requirements for auditors that will go a long way in ascertaining the stability of the overall auditing process.
Finally, governments should create bodies responsible for the oversight of existing blockchain code auditors or make it mandatory for auditing firms registering with regulatory bodies.