In our previous blog posting, Faith Lamprey demystified the technology of Electronic Data Interchange (EDI) for us. So we thought … why not tackle another technology for our readers?
In this posting, a trio of PC professors discusses the mechanism of the blockchain. As is now our customary practice, we peer reviewed this posting in a blind review format to ensure the quality of the content.
Organizations are now exploring the adoption of an innovative new technology that could improve the reliability of business information. This technology, known as blockchain, utilizes a network of many independent parties to authorize and record transactions on a public ledger.
Why a public ledger? This approach allows many different sources to confirm proposed transactions, creating a multi-party validation system that is purportedly impervious to unauthorized modifications that violate the existing record. Thus, information that is created with blockchain technology is supposedly more accurate and more verifiable than transactions that use traditional authentication methods.
Here’s a simple example regarding a credit card purchase between a customer and an online vendor. Normally, when a customer submits an order, the vendor checks with a single financial intermediary to confirm that the customer has sufficient credit to complete the transaction. The vendor only seeks a confirmation with a single bank and, once the confirmation is received, the bank updates its records to reflect the new credit balance.
Now imagine that the same purchase is verified using blockchain technology. Under this scenario, the vendor seeks an authorization for the transaction among all parties in the blockchain network. All of these parties have a current and complete copy of the customer’s available credit, and thus all can reach a joint consensus on the customer’s ability to pay for the transaction.
When they reach this consensus, they all add a new transaction (i.e. a block) to the existing record (i.e., the chain), thereby creating a shared recording of the transaction. Every party on the network can then use the new chain immediately as an updated record to authenticate future transactions.
Because multiple parties confirm each transaction, it is purportedly very difficult to manipulate the data without authorization. Therefore, this approach represents a potential improvement for organizational record keeping, although it presents new challenges for business enterprises and their auditors.
What challenges? Ironically, some believe that blockchain technology may become disruptive to the audit profession because it provides opportunities to verify transaction data more effectively and efficiently than current audit methodologies. In other words, it may reduce audit costs and improve audit quality simultaneously.
Consider the case of an auditor testing the existence of a client’s recorded revenue. This assertion is typically tested by confirming a sample of transactions with a client’s customers, and then by examining sales invoices, cash receipts, and other supporting documentation.
These audit procedures are often time-consuming because customers may not respond to confirmation requests in a timely manner, and because supporting documentation is often paper-based and must be carefully scrutinized for reliability.
Using blockchain technology, sales transactions between an audit client and its customers are recorded in a public general journal. An auditor thus needs only to verify that a transaction is recorded in a blockchain in order to test whether a revenue entry is supported by a customer payment. Because the blockchain is stored across a network of computers, and not within a single centralized database, falsification of the transaction data is supposedly impossible.
In other words, the simple existence of the relevant block provides the audit evidence that the transaction actually occurred between the parties. A verification process such as this could easily be automated, reducing the need for intervention by a human auditor. This is why the technology may prove disruptive to the audit profession.
You may have noticed, though, that we keep using the words “purportedly” and “supposedly” while describing the presumption that falsification of information within a blockchain is extremely difficult or even impossible. Why do we keep doing that?
It’s because, in the world of online technologies, hackers have become proficient at coordinating unauthorized invasions of web sites and other systems by widely distributed servers, personal computers, and web-connected home devices. Recently, for instance, a public utility in New England was attacked by thousands of such devices, operating under the control of an anonymous entity.
Proponents of blockchain technology assure us that the distributed nature of its record keeping function provides a higher level of authenticity. And yet, given the ongoing threat of Distributed Denial of Service (DDoS) attacks, such assurances should not be taken for granted.
by Michael Kraten, Stephen Kuselias, and Stephen Perreault (in alphabetical order)