When Will Auditors Join the Blockchain Gang?

Most people looked at blockchain technology quizzically during the early years of its development a decade ago. Blockchain was conceived as a digitalized and decentralized public ledger for transactions made using Bitcoin. In a relatively short time, blockchain technology has enabled the rise of a slew of other cryptocurrencies, and now is being explored for applications in business operations such as product tracking and traceability. In the process, it has introduced a new way for financial transactions to be verified, automating some of the work that auditors do. Is this a welcome development? Erica Pimentel, an assistant professor at Smith School of Business, is one of the leading researchers studying the impact of fintech on the accounting profession. She explains what is at stake in this conversation with Smith Business Insight. 

Blockchain is a rock-solid and secure record-keeping ledger that is free of human intervention. True or false?

We hear about blockchains being 100 per cent immutable and tamper-proof, but that’s not true. The Bank of Canada, for instance, was thinking of launching a digital version of our currency. The reason they didn’t go ahead with it is because of the notion of blockchain finality. Can a transaction be reversed? Statistically, it’s highly improbable that a transaction can be reversed but theoretically it’s possible. That’s not enough for a Canadian dollar transaction. You want to know it’s final.

We also think of blockchains as being entirely driven by code, but they’re not. Behind every blockchain project is a core of developers, people who decide which codes change and which don’t. With this off-chain governance, there are human beings behind every blockchain project, and with human beings comes interference, politics and all these other things.

I’m working on a project that’s looking at the history of Bitcoin from the time it was made to today. We’ve looked at all the emails and all the message board exchanges between Satoshi Nakamoto [the pseudonym for the person credited with creating Bitcoin] and the early Bitcoin community. What we found is that from the beginning when Bitcoin was named, there was a presumption there would be people behind the scenes to flip the switch if things didn’t work. And if you look at Bitcoin’s history, every time something bad happened, these core developers stepped in and made it right. So the idea that this is decentralized on-chain-only governance is false. It’s a fallacy.

If you have to audit blockchain-based assets, what challenges are you up against?

The first one is at the client acceptance level. We don’t know what we don’t know. Often these new projects come along and we only find out later that, in fact, they were scams or frauds. There’s this huge client-level acceptance risk that stops accounting firms from getting past go.

Once they accept a client, there are three main risks over cryptocurrency: existence, ownership and valuation. With existence, we have to ask: Are the coins real? Can you rely on the blockchain record? If you’re dealing with Bitcoin, we can rely on the blockchain. We can rely on the Ethereum blockchain. But for some alternative coins, the actual ledger itself may be unreliable, unless we do extensive testing, which is difficult to do. So we don’t know if that cryptocurrency actually exists.

Now, ownership. If I have your banking password, I can access your bank account but I don’t own the funds. With an anonymous wallet, just because I have access to your Bitcoin private key doesn’t mean I own that Bitcoin. That is probably the most difficult thing to overcome. Does someone own or not own a cryptocurrency simply because we don’t have those legal documents that we’re accustomed to using in the real world?

Then there’s the third risk: valuation. There’s huge volatility in the value of any individual cryptocurrency. How reliable are the values that are available? When I audit the U.S. dollar—how much USD do you have at the end of the year?—I can go on the Bank of Canada website, get the exchange rate and know with certainty what USD was worth on December 31 at midnight. With crypto, there is no one source as there is for traditional currencies. Also, some crypto are not highly liquid. I have a pretty good idea what a Bitcoin is worth at any point in time within a reasonable margin of error, but if I have a crypto that was a coin issued under an ICO (initial coin offering) that has not since traded, how do I really know what its value is today if I don’t have recent trading history?

What does this mean for entrepreneurs and investors in the blockchain space?

There are two issues. First, if you’re a software firm, for example, and blockchain is part of your product offering, it’s not particularly risky. Say you’re developing software that will put your supply chain on a blockchain. But if everything you do is on a blockchain—say you’re a firm that creates NFTs (non-fungible tokens)—a bank may say they won’t lend money to you unless you get an audit. The problem is the firm in this example is highly unlikely to find an auditor willing to go near them unless they’re able to demonstrate they have rigorous internal controls to make themselves auditable. If you can’t get an auditor, or make yourself auditable as a firm, you’ll be unable to get audited financial statements. This means the bank won’t do business with you without that audit opinion.

But in my interviews with cryptographers and others, they’re telling me that firms in this space don’t use traditional financing. They will either sell software as a service and use those funds to finance their operations or use what’s known as decentralized finance, which are blockchain-based peer-to-peer lending operations. You borrow from the folks who understand what it is you’re doing. 

Blockchain looks like a huge disruption to the accounting and auditing industry, almost existential.

Absolutely. Smart contracts stored on a blockchain are programs based on algorithmic logic. They’re only as effective as the code upon which they’re built. So there are firms dedicated to doing code audits and security audits, staffed by engineers. They’re not auditors doing audits; they’re engineers doing audits.

This is an opportunity for accounting firms to say, we’re the experts of verification, we’re the ones who are much better at auditing contracts but also designing the business logic behind them. An engineer can tell you the most efficient way to design the contract from an algorithm perspective, but what about the tax consequences? Are there withholding consequences? What are the business process implications of designing the contract this way or that way or of having funds in escrow or not in escrow? The entire business logic behind designing these smart contracts, that’s where accountants can come in. You can’t automate judgment. Wherever there’s human intervention, there’s risk, and that’s where the accountants will continue to be valuable. 

Blockchain is not going away. So how do you see auditing firms adjusting to these new technological developments?

Auditors realize they need to change what they expect of their new auditors. It’ll mean bringing non-accountants into audit firms, people with a tech background and/or upscaling folks who want to become auditors. They may need basic coding skills. They may need data analysis skills. They may need to understand machine learning. As a profession, there needs to be more coverage of IT in the competency map, not less.

The idea of us just being masters of dollars and cents is over. It’s fintech, financial technology. I need to have both the financial and the technology to be a competent business advisor in this space. We’ve been resistant to change what our profession is about. We want to be masters of dollars and cents, not masters of dollars and cents and code, but that’s what we’re going to have to become.