There are great predictions on the potential of blockchain-based solutions to “revolutionize” everything from financial markets to the very way that we outright recognize human identity for billions of people around the globe. Initial solutions on blockchain were more centered around the financial industry, but the trend has shifted now to address a wide array of sectors, and the majority of them have a social impact. In the current world, technology is empowering society to research with new solutions and business models. Blockchain is a kind of technology that has the power to deal with significant inefficiencies and transform operations in the social sector and to improve our lifestyle. Blockchain’s inherent characteristics of immutability, decentralization, and transparency help build trust across multiple systems. In this chapter, we will be demonstrating blockchain’s capacity to create scalable social impact and to identify the elements that need to be reported to mitigate challenges in its application.
Unique combinations of behavior
The social effects of blockchain can be powerful and lasting, while developers take on building these types of solutions. Blockchain has the potential to significantly impactful from the design, application, and approach to the development. With this kind of potential, the implementation of blockchain technologies has long-term implications for society and individuals. This chapter outlines why reporting is particularly crucial with blockchain and offers a framework to guide policymakers and social impact organizations to make appropriate design decisions to enable reporting right from the development of the solution. As social media, crypto currencies, and algorithms have shown, technology is not neutral. Values are embedded in the code. It is important to understand the manner in which the problem is defined and by whom, who is building the solution, the method in which it gets programmed and implemented, who has access, and what rules are created have consequences in intentional and unintentional ways. In the applications and implementation of blockchain, it is critical to understand that seemingly innocuous design choices have resounding ethical implications on people’s lives. It is essential to ensure that proper provisions are made in the system for the required level of reporting.
Design Considerations for Reporting
- 1.
Governance—How is governance created and maintained?
- 2.
Identity—How is identity defined and established?
- 3.
Verification and Authentication—How are inputs verified and transactions authenticated?
- 4.
Access Control—How is access defined, granted, and executed?
- 5.
Data Ownership—How is the ownership of data defined, granted, and executed?
- 6.
Security—The manner in which security is set up and ensured.
Governance
Governance refers to the establishment and maintenance of the rules that govern the entire blockchain system. A fundamental characteristic of blockchain technology is having a rigid set of rules by which all transactions within the system are governed. In the social sector, it is critical to ensure that a sound human governance structure is driving the technology. Governance includes questions such as who sets up the rules, who maintains the system, how the rules are executed, and how a blockchain system would be closed out. The established governance structure should also be responsible for ensuring adherence to the guiding principles and design philosophy of the project.
Determining who the stakeholders are, their roles, and how their roles are established.
Establishing the processes, rules, and regulations of governance (both technical and otherwise).
Creating pathways for these rules and roles to change over time.
Having a plan for closing out or continuing the system if key stakeholders leave.
Identity
Significant ethical considerations surround what constitutes “identity” and to whom identity is granted in a given blockchain, and the manner in which identity information is used, accessed, and protected. Multiple pieces of identifying information collectively create a digital identity. Blockchains can be used to establish limited, or transactional, digital identities for accessing information or services. Portable, foundational digital identities can also be established using blockchain systems. Portable, foundational digital identities are the identities that are permanently linked to a unique individual and hence can be used in a variety of contexts, moving with the individual, to prove identity or credentials.
Understand who is granted identity in this context.
- Understand the solution identity level.
Note: a transactional identity can be considered as a limited-purpose identity. It grants a person single-use or limited access to a certain service. On the other hand, a foundational identity serves as a fully functioning identity that can be used for many purposes over time.
Determine the identifiers that will be used to constitute this entity.
- Prevent exposure of personally identifiable information on a blockchain.
This may require never putting personally identifiable information directly on a blockchain.
Verification and Authentication
Verification of inputs and then its authentication is important in an open ledger system. The process of verifying information put onto a blockchain comes with a lot of challenges. The verification process for digital assets like crypto currencies or digital photographs is closely related to the transaction authentication process. It is done to determine if the entity that initiated a transaction has any control over that asset. When a non-digital asset, such as a person or an object, is linked to a blockchain, complication increases in verification because it introduces human interaction and, therefore, various political, legal, and ethical obstacles. For instance, how can someone’s claim of land ownership be verified?
- Determining how and by whom verification will be done for the initial entry, or “zero state,” follow-on data input, and how transactions between users are authenticated.
This includes setting up both information vetting processes and technical structures that prevent invalid entries.
Ensuring that all stakeholders can trust the established process.
Understand any economic, legal, political, and social impact of consensus protocol algorithms.
Access Control
Access definition, granting, and execution are critical for any person for using and interacting with a blockchain system. Also, the scope of access to individuals’ personal information on a blockchain may result in serious implications for those individuals if that information is exploited. Beyond the specifics of accessing a blockchain to view or write to the ledger, access also includes more intangible questions around digital literacy and the effective ability to access the system.
Who has permissions to write?
Who has permissions to read?
The manner in which the permissions are established.
The level of access that users are given.
Data Ownership
There are some important questions like the owner of the data, who exercises control over the data, where and the manner in which the data is stored, and how adjustments are made to incorrect information. A fascinating characteristic of blockchain is its ability to give users the power to exercise functional control over data. It has the potential to answer questions on the owner of the data, exercising control over the data, where and the manner in which the data is stored, and how incorrect information is adjusted. For example, the Sovrin Foundation is building a self-sovereign identity trust framework that creates a robust governance structure that allows people to exert positive control over their personal digital identity information.
Understanding who owns data, both in name and in practice.
Knowing and understanding the manner in which stakeholders will be able to use the owned data and thus benefit from it.
- Deciding if data will be stored externally or in the blockchain.
Considering data storage options that are decentralized.
Creating a process for users where they will be able to flag and fix incorrect information.
Security
A distributed infrastructure can have data scattered all over it. This, in turn, reduces the vulnerabilities compared with data that is aggregated and stored in one location. It is not necessary for users to remember passwords. In fact, it is also not necessary for them to link their personal information, like emails or contact numbers, to collections of stored information. However, there are ethical challenges here as well. Blockchain security uses encryption algorithms and the use of public/private key pairs that are like a publicly known “address” and a private digital key to essentially unlock the mailbox at that address. Blockchain technologies have been increasingly used for securing private information like health records. At an individual level, this refers to a user’s understanding of potential risks as well as private key management. At the system level, this refers to potential vulnerabilities within and at the periphery of the system. What would happen in case of loss of digital key that is used to control assets or medical information?
Determining who establishes security as well as who is responsible for breaching it.
To ensure that vulnerable data is adequately protected against current and future threats.
Deciding the manner in which different pieces of information will be protected.
Creating a system for safe and effective access to private keys.
Blockchain Ecosystem
Any solution on blockchain is driven by an ecosystem comprised of these factors: the user, community, existing infrastructure, and financials. Therefore, it is very important from a reporting perspective to conduct a ecosystem assessment. This assessment will help to understand and acknowledge the roles that each of these core components plays in contributing to the blockchain-based solution. The roles of these components are mostly connected via a web of complex interactions. These roles may vary throughout the project timeline. However, ecosystems are not static, they are fluid and thus continue to change and evolve throughout the entire life cycle of the project. It is important to understand not only natural changes to the ecosystem but also the manner in which the implementation and the design of a blockchain solution may affect (hasten or spur) these processes. The assessment should also be periodically revisited to inform and evaluate key design choices. It should also be updated and reconsidered as the project progresses.
Users
User Assessment Questions
- Who are the users?
- Important key attributes of the users.
Digital literacy of users.
Context literacy of users.
The reason behind these being the end users of the desired outcome.
- Needs/goals of the users.
The manner in which these might change over time.
- Vulnerabilities of the users.
The manner in which these might change over time.
- Risks to the users.
The manner in which these might change over time.
Community
Community Assessment Questions
- The relevant boundaries of the community that includes physical, social, cultural, and economic.
Possibility of these boundaries conflicting with one another.
- Relationships that are important in the community.
Nominal power holder in the community.
Effective power holder in the community.
The manner in which the distribution of power is established.
- Possibility of having marginalized or vulnerable community members.
The possibility of having internal threats to certain members of the community.
Are these relationships formalized or informal?
- Relationship of the community with external actors.
- The various external organizations that have relationships within the community.
The relationship with all community members or a particular subset.
Possibility of any external threats to members of the community.
- Community-level needs/goals.
The change it might bring in the future.
- What are community-level vulnerabilities?
How might these change in the future?
- What are community-level risks?
How might these change in the future? (Consider the evolution of technology, climate change, changes in power.)
Infrastructure
Infrastructure Assessment Questions
- The manner in which the current infrastructure reaches the outcome.
- Where in the process is improvement occurring (time saving, cost saving)?
The possibility of this improvement being replicated by a completely new blockchain system.
If not, the manner in which the opportunity costs of remaining with the old system are balanced.
- The policies, legal and regulatory frameworks, informal systems, cultural and social systems, and other processes that are in place which might affect the desired outcome.
The elements of the infrastructure that could be leveraged in the blockchain solution.
Factors or dynamics that may disrupt or prevent the execution of the solution.
- Current existing data.
Ownership of the data.
- Accuracy of the data.
Is there a universal or adequate acceptance of its accuracy?
Preciseness of the data.
Comprehensively of the data.
The manner in which it is stored.
Financials
Financial Assessment Questions
Financial incentives of the entity building a blockchain.
The manner in which the blockchain would be financed at each stage in the process.
Financially who would benefit from the implementation of a blockchain and how?
- Financial incentives that are needed for keeping the current system in place.
Who would be harmed financially from the implementation of a new blockchain?
Sustainability of the funding model for the blockchain.
- Are there financial hurdles that would drive design decisions?
Would the resulting design decisions increase or decrease user utility?
Would the resulting design decisions increase or decrease user risk?
Reporting
As centralized initiatives are diligently launched to implement a regulation framework around digital currencies in general, it is imperative that entrepreneurs who are in this space be proactive and forward-thinking and implement a reporting framework for any portal that a client faces in a crypto currency enterprise. Oftentimes reporting frameworks are included into the original designs of platforms and are more than often backfilled or outsourced to third-party software. It is more prudent to take no chances because of the highly regulatory nature of the security industry to make implementing a reporting framework a high priority. One of the many benefits of taking the approach of architecting the portal around a governance framework is that a reporting framework is intuitively design. Referring to Chap. 4 based upon a governance framework that incorporates participant management adhering to roles, activities, events entitlements, a natural reporting framework can be constructed. Based upon the governance framework a general parameterized reporting platform becomes a natural fit.
As participants are onboarded within the network through a registration process a unique encrypted ID is assigned to each individual or entity that desires to become a member of the network. General information from that participant is collected during this process along with supporting documents to satisfy the KYC regulations. All information goes through a verification process to certify all information accepting all applicants who pass the validation process and rejecting others. The KYC process is necessary, although it may appear to violate the privacy and anonymity principles of crypto currencies. Separating the architecture design of the marketplace that defines the context and transaction nature of the currency from the underlying payments system that facilitates decentralized transactions components allows the harmony of the crypto enterprise to exist. Crypto currency without a defined marketplace based upon historical analysis would be a game played among a niche group of software and technology enthusiasts. Reaching a critical mass without a marketplace would be nearly impossible.
The marketplace is the value-added surface that brings relevance to digital currency. A compromise is reached to keep the entrepreneurs, who are brave enough to champion innovation in digital currency, from suffering the threat of serious legal ramifications and having a viable business. As demonstrated, the governance framework has a natural reporting structure as participants are recorded using a private highly secured network, a VPN, as discussed previously in Chap. 4.
The data model constructed will include unique ID and location details of individuals. Additional information important to the reporting process, such as initial registration date, process date, and member date, need to be recorded. Implementing this concept at a minimal, using these three types of dates reports, actual dates that participants registered will provide a mechanism to report on how efficient the marketplace is. The time difference between an initial registration and when the registration was officially acknowledged and began to become processed will give an indication of the efficiency of the administration and registration process of the marketplace. The time difference between the initial registration date and the member date minus the lag from the process date would give an indication about the efficiency of the individual providing the verification documentation needed to satisfy registration requirements. These subtitle parameters provide an insight into managing efficiency to the owners of the portal. If the verification process is taking longer than average, they also provide a warning to owners that individuals may be providing fraudulent information to get verified documents in place.
It is best for owners to have as much insight as possible since they are the one facing a legal risk, as members come online and their account becomes active and able to hold currency. The governance framework comprising events and actions will record member account activity and maintain current position holdings. These details begin to shape some standardized reports that must be instituted within any financial account management which are personal account summary. Before laying out the personal account summary, let’s analyze the general structure of the reporting framework. The portal will allow reporting experiences based upon the login roles. If the individual is a site administrator they would have different reporting entitlements than that of an individual user. An individual user may also have different reporting features. To satisfy the minimum requirements for compliance, it is sufficient to focus on administrating duty of reporting roles, members assigned to roles, rules on activity levels that go over rule thresholds. In addition to site administrators providing regulatory reporting to governing agents, facilities to individual members is a requirement also.
Having the underlying infrastructure to create indexes and tagged data elements from a defined data model makes parametrized reporting possible. As a best practice, designing the reporting foundation implementing the Application Programming Interface is most essential to create a feature-rich user reporting experience. To provide a minimum reporting set to satisfy regulators using the natural generalized framework start by indexing out roles. Each role category will have a unique ID, which could be a system numeric ID. Ensure the model contains an alpha identifier up to a certain specified length and contains a description element that provides further clarity.
Id: ldr0001
roleCode: ADM
name: Administrator
description: Site administrator and entitlement officer
Id: ldr0002
roleCode:VNDR
name: Vendor
description: Business service proprietor
Additional roles are created in this manner for possibly owner, authenticator, economic participant. Id, rolecode, and name are elements that are possibly indexed out to provide a parametrized search for roles. Other data entities created as part of the architecture are users, action types, acctActivity. Creating at a minimum, the specified design, reports able to be generated that list user users of a specified role.
Listing the follow reports would satisfy reporting requirements:
Parameterized reporting involves having the ability to index out data elements within the framework to run queries and return a result set. Following these guidelines entrepreneurs can extend the base setup and develop fully enriched services.
view_all_roles
view_all_rolesByID
view_all_users
view_all_usersByID
view_all_userByRole
Account summary
Apart from profile report and activity reporting, it is essential to have an account summary showing coin holding and current market value.
Dimensions
A more complex type of reporting and analysis involves a platform exposing dimension. In our data model, three dates were added to the user record: regDate, procDate, memDate. Having categories, specialized dates allow for dimensional analysis to take place. A time series can be created by user account balances over a given time period. Also, reports require creating categories that have the ability to index on those categories.
Analytics
As more and more data is being produced and collected, it is a natural use case for big data analysis. In our LUCKY DOG marketplace, the blockchain will record the transaction of canine breeds, the selling price set by particular breeders, grooming services, authentication prices. The blockchain can be interrogated by artificial intelligence processes that are able to create sets of data. These sets of data are sampled at different sets of time and fed into a machine-learning engine. As these neuronetworks grow these data sets can produce ranking in breeds of dogs, rankings on breeders, vendors, and many more as data sets are created. Service recommendation lists are possible to be created by the sets as specific users’ activity is interrogated through the blockchain.
Financial Reporting and Auditing
The LUCKY DOG marketplace has the building blocks to create reports to manage users, record daily activity, and compute theoretical values of individual holdings. However, to stay in business and steer clear of any suspicion of being a rogue marketplace, the owner should institute a formal auditing reporting. Since transactions are happening and the tokens or crypto currencies are considered financial instruments of value, establishing a standardized professional auditing procedure that aligns with industry standards is safe.
It is customary for large conglomerates to consult CPA auditors in the reporting procedure of audited information as they help a multitrillion-dollar capital markets system operation with integrity. CPA auditors operate within tight regulations and maintain extremely high auditing standards and professional codes of conduct. These CPA entities are always independent to ensure unbiased reporting. CPA auditing professionals follow detailed objective-driven procedures and exercise professional skepticism to ensure that a corporate financial statements does not contain material misstatements. And in certain instances they determine if internal financial reporting controls are effective. The role of professional CPA in the auditing process is necessary and vital to the integrity of many industries. However, blockchain technology brings the virtue of immutable record keeping, which raises an important discussion point whether this powerful technology may drastically reduce or eliminate the need for a financial statement audited by a CPA.
Examining the process further reveals that there are limits to blockchain in respect to reporting. However, having a proactive framework in place at conception is the regulatory responsibility for any entrepreneur having a crypto market. As our LUCKY DOG market example demonstrates, the blockchain can accurately and reliably provide a verifiable transaction between a breeder and a buyer. However, the blockchain cannot report whether a dog that was delivered is in good health or free from any physical defects.
classified incorrectly
executed between non-independent parties
unauthorized, fraudulent, or illegal
linked to a side agreement that is “off-chain.”
Furthermore, estimated values can leak into transactions recorded on the blockchain. A reconciliation between historical values and estimated values must occur. In such events, independent auditors are mandatory.
With the increased adoption of blockchain, central locations may become equipped to obtain audit data. These centralized enriched data become invaluable resources for auditors, making it wise to develop standard procedures to obtain audit information directly from the blockchain. Proper cleansing controls are necessary to ensure confidence that the data is reliable. As data flows to the public blockchain, it must be carefully determined if the cleansing procedures, workflow, or protocols can be manipulated or compromised under certain conditions. These precautionary assessments are necessary since many of the entities will not have control over the auditing data.
Using blockchain for formal financial reporting in the audit process may be corporate initiatives which will require an update and reevaluation of management accounting policies for digital assets and liabilities. Currently, these policies have not been directly addressed in international financial reporting procedures or domestic accounting principles. The professional auditing communities must refit the audit procedures to take advantage of the virtues of blockchain as well as address the inherent risk.
The opportunity to streamline financial reporting is more appealing for many institutions versus the effort of overcoming the reporting complexities associated with the blockchain, given that myriad files containing data for reconciliation, account information, journal entries, extracts, subledgers, supporting spreadsheets, and trial balances are delivered to CPA auditors in a variety of digital and manual formats. Streamlining this process is significant. The chance for CPA auditors to have near real-time data access from read-only nodes on the blockchain is invaluable and provides a significant cost benefit of time and financial savings.
As more and more entities and processes migrate to blockchain solutions, accessing information in the blockchain will likely become more efficient. For example, if a significant class of transactions for an industry is recorded in a blockchain, it might be possible for a CPA auditor to develop software to continuously audit organizations using the blockchain. This could eliminate many of the manual data extraction and audit preparation activities that are labor-intensive and time-consuming for an entity’s management and staff. Speeding up audit preparation activities could help reduce the lag between the transaction and verification dates—one of the major criticisms of financial reporting. Reducing lag time could offer the opportunity to increase the efficiency and effectiveness of financial reporting and auditing by enabling management and auditors to focus on riskier and more complex transactions while conducting routine auditing in near real time. With blockchain-enabled digitization, auditors could deploy more automation, analytics, and machine-learning capabilities such as automatically alerting relevant parties about unusual transactions on a near real-time basis. Supporting documentation, such as contracts, agreements, purchase orders, and invoices, could be encrypted and securely stored or linked to a blockchain. By giving CPA auditors access to unalterable audit evidence, the pace of financial reporting and auditing could be improved. While the audit process may become more continuous, auditors will still have to apply professional judgment when analyzing accounting estimates and other judgments made by management in the preparation of financial statements. In addition, for areas that become automated, they will also need to evaluate and test internal controls over the data integrity of all sources of relevant financial information.
As blockchain systems standardize transaction processing across many industries, a CPA, including CPA auditors, may be able to provide assurance to users of the technology. The CPA may be able to fill a potential future role because of their skill sets, independence, objectivity, and expertise. The following list of potential new roles for a CPA is illustrative only and not all-inclusive; significant regulatory and professional hurdles may remain before a CPA is able to take on these potential roles.
Auditor of Smart Contracts and Oracles
How to redefine skill sets for certain professions to remain relevant?
What factors would impact assurance engagement risk?
What would an assurance provider’s ongoing responsibility entail once a smart contract is released into a blockchain?
In the scope of a financial statement audit, management will be responsible for establishing controls to verify whether the smart contract source code is consistent with the intended business logic. An independent CPA auditing an entity with smart contracts/blockchain is likely to consider management’s controls over the smart contract code. However, many companies may choose to reuse smart contracts built by other entities already active on a blockchain. Future auditing standards and auditing guidance may need to contemplate this technology and thereby bring clarity to the role of the CPA auditor in those scenarios.
Service Auditor of Consortium Blockchains
When providing assurance across a blockchain, who is the client?
How would a CPA auditor assess engagement risk for an autonomous system?
How would independence rules apply to users of a blockchain?
Administrator Function
By taking on such a critical role, is the assurance provider independent from the blockchain participants?
Could the CPA auditor conduct financial statement audits on those participants?
Arbitration Function
What legal framework would be used to settle disputes?
What skill set would be required for a CPA auditor?
Could this role create unintended threats to independence regarding attest clients?
The implementation and adoption of blockchain in the auditing function is evolving very rapidly. And the complete scope of how the technology will impact the industry overall is not clear as many unknowns still exist. Blockchain is penetrating the industry as CPA auditors are starting to use blockchain transactions in organization auditing process. The rate of adoption will increase but blockchain technology will not replace financial reporting and financial auditing statements in the immediate future. A marketplace providing a clear auditing function will limit any suspicion of a rogue business operation.