Evaluating Blockchain Using COSO

Abstract

As companies begin to explore and develop technology solutions based on blockchain and smart contracts, there is a need to understand the impact of blockchain and smart contracts on the assessment of internal controls and enterprise risk. Especially since the distributed ledger and smart contracts blur the system boundaries between trading partners, there is a need to understand whether internal control assessments based on a single company approach is adequate in an integrated and collaborative environment. This paper provides an overview of smart contracts for practitioners and describes the associated risks of engaging in a blockchain consortium. We also list potential questions related to internal controls that may be considered when either engaging in a consortium or executing a smart contract. We then discuss whether current frameworks, specifically the Committee of Sponsoring Organizations' (COSO) integrated and COSO's Enterprise Risk Management (ERM) frameworks, adequately address a collaborative supply chain ecosystem.