How Will Blockchain Technology Impact Auditing and Accounting: Permissionless Vs.

Permissioned Blockchain

Manlu Liu
Associate Professor
Saunders College of Business
Rochester Institute of Technology
107 Lomb Memorial Drive
Rochester, NY 14623
(585)475-5795
[email protected]

Kean Wu†
Assistant Professor
Saunders College of Business
Rochester Institute of Technology
107 Lomb Memorial Drive
Rochester, NY 14623
(585)475-2102
[email protected]

Jennifer Xu
Associate Professor
Bentley University
175 Forest Street
Waltham, MA 02452
(781)891-2711
[email protected]

†
Corresponding author
 How Will Blockchain Technology Impact Auditing and
Accounting: Permissionless vs. Permissioned Blockchain

ABSTRACT

Blockchain offers a drastically new way to record, process, and store financial
transactions and information, and has the potential to fundamentally change the landscape of the
accounting profession and reshape the business ecosystem. In this article, we introduce two types
(i.e., permissionless and permissioned) of blockchain and lay out their technological features. We
further discuss implications of blockchain to auditing and elaborate opportunities and challenges
of two types of blockchain to auditors. We conclude by making specific recommendations for
auditors to adapt, adjust, and elevate themselves to the role of strategic partners in blockchain
implementation.

Keywords: permissionless blockchain; permissioned blockchain; internal control; auditing;

accounting

JEL Classifications: M15, M41, M42, O14, O33, O55

 I. INTRODUCTION

Known as the underlying technology for cryptocurrencies such as Bitcoin, blockchain has

been regarded as one of the most important disruptive technologies after the Internet (Swan

2015; Yermack 2017). It has wide-ranging implications for data processing, transmission,

storage, and security (Brandon 2016; Gross, Hemker, Hoelscher, and Reed 2017), and has the

potential to create a new ecosystem for the handling of accounting information (Dai and

Vasarhelyi, 2017; Kokina, Mancha, and Pachamanova 2017). Although blockchain technology is

still in its infancy, the Big Four accounting firms and many financial institutions have already

noticed blockchain’s potential and actively engaged in its experiments, development, and

investments (Bajpai 2017). Deloitte, for instance, took the first step in launching a blockchain

initiative in 2014 (Deloitt 2016). EY became the first advisory firm to accept Bitcoin for its

services in 2017 and, more recently, rolled out a number of applications and services to facilitate

the commercial use of blockchain technology across the enterprise (EY 2017). KPMG has

partnered with Microsoft in joint projects which use cases that apply blockchain technology to

business propositions and processes (KPMG 2017). And PWC launched its digital asset services

using blockchain technology in 2016 and planned to adopt blockchain in live production systems

by 2020 (PWC 2017).

In this paper, we introduce blockchain and lay out possible impacts of blockchain on

accounting and auditing practices. We also make recommendations for strategies and action

plans for auditors involved in the ecosystem of accounting information.

II. BLOCKCHAIN ILLUSTRATION

2.1 Blockchain System vs. Traditional System

1
 A blockchain is essentially a public ledger, where groups of transactions or events are

recorded and stored in a chain-like data structure (Simoyama, Grigg, Bueno, and Oliveira 2017).

These transaction groups are called blocks and are ordered on the chain by transaction time.

Later blocks are appended to the end of the chain, while maintaining the hash of the previous

block (Crosby, Pattanayak, Verma, and Kalyanaraman 2016). We use Figure 1 to compare a fund

transfer transaction in traditional digital ledger and blockchain systems. Panel A presents a

traditional digital ledger system, where a sender initiates a request of fund transfer to an

intermediary, i.e., a bank. The bank then examines the legitimacy of the request including the

sufficiency of funds and transaction limit. If the bank approves the request, money will be

transferred from the sender’s bank to a receiver’s bank. At the same time, the sender’s bank

records the transaction in its ledger and notifies the sender. Finally, the receiver’s bank records

the money transfer in its ledger and notifies the receiver. Notably, the involvement of

intermediaries could cause delays in the transaction, as well as errors and discrepancies across

different ledgers from different parties.

[Insert Figure 1 about here]

Panel B illustrates how a blockchain works for the same transaction. In this new system,

an individual who wants to transfer funds creates an encrypted message containing information

about the amount and the recipient’s network address. The message is broadcasted to the entire

network, where other members compare the amount with the sender’s most recent balance

recorded in the blockchain and examine the validity of the message. If the message is verified,

the transaction is executed, and a new block containing the transaction is appended to the end of

the blockchain. Unlike traditional fund transfers, no financial intermediary is involved in this

process to validate, or approve the transaction, which is often referred as decentralization.

2
2.2 Basic Technological Features of Blockchain

Compared to the traditional centralized transaction system, blockchain technology comes

with several technological features.

• Cryptographic Transactions recorded on a blockchain are encrypted using public-private

key pairs. Using the example from Figure 1, the message containing the money transfer

information is encrypted using the sender’s private key and then broadcasted to the entire

network.

• Real-time Because transactions are posted to the blockchain nearly as soon as they occur,

blockchain technology provides nearly real-time transaction records and reconciliation of

accounts.

• Hosting of Smart Contracts Blockchain accommodates smart contracts by embedding

programming code. These programs can execute transactions and create corresponding

ledger entries when certain contract conditions are triggered. Self-executing smart

contracts allow timing of ownership transfers from one party to another in a decentralized

environment (Kosba, Miller, Shi, Wen, and Papmanthou 2016).

III. TWO TYPES OF BLOCKCHAIN

3.1 Permissionless and Permissioned Blockchain

As blockchain technology has evolved, two types of blockchain have emerged:

permissionless and permissioned blockchain (Zheng, Xie, Dai, Chen, and Wang 2017). A

permissionless blockchain is best described as one that enables records to be “shared by all

network users, updated by miners, monitored by everyone, and owned and controlled by no one”

3
(Swan 2015, 1).1 With a permissionless blockchain, such as Bitcoin, any entity (individual or

organization) can use its computers or mobile devices to join the network. A permissionless

blockchain has the benefit of decentralization and has been backed by the success of several

widespread applications including the cryptocurrency Bitcoin. However, it has drawbacks. For

example, permissionless blockchain, such as Bitcoin, has a speed limit in processing large

volumes of transactions, which constrains its large-scale application as compared to the existing

payment system such as Visa and Mastercard. What’s more critical is its privacy protection, and

business owners have concerns that distributed ledgers might compromise business secretes.

A permissioned blockchain refers to a type of blockchain with restrictions in its

membership and control procedures. In such a blockchain, such as Ripple, an intrinsic

configuration defines the participants' roles in which certain members can access, write

information on the blockchain, or approve admission of new members. Because different

members have different access-control authorizations, a permissioned blockchain is deemed as

partially decentralized. On one hand, with appropriate deployment of access-control layers, a

permissioned blockchain has a greater potential to maintain privacy and fit business governance

needs than a permissionless blockchain (AICPA and CPA Canada 2017). On the other hand, a

centralized agency with override privileges is allowed in a permissioned blockchain and might

undermine the credibility of the blockchain.

3.2 Technological Features Distinct between Permissionless and Permissioned Blockchain

Permissioned and permissionless blockchains differ in their underlying properties. We

further discuss the distinct features below.

• Trustlessness and Immutability

1
Miners are users with extensive computational resources that can be used for transaction validation purposes.

4
 ¾ Trustlessness means no participant needs to rely on the honesty of others. In

permissionless blockchain, intermediaries or central authorities are not needed,

and transaction records remain immutable once added to the blockchain (Crosby,

Pattanayak, Verma, and Kalyanaraman 2016). Any attempt to alter one or a few

copies of the blockchain will be futile as it would cause these copies to be

inconsistent with all other copies in the network.

¾ Permissioned blockchain is not completely trustless. Transactions could be rolled

back by a centralized agency with override authority. Transaction records could

also be reversed if the majority of the members choose to do so. Therefore, the

trustlessness of a permissioned blockchain relies on the credibility of the

centralized agency and the architecture of the consensus protocol.

• Distributed Consensus and Transparency

¾ In permissionless blockchain, each participant in the network maintains an

identical copy of the blockchain. Consensus is achieved by synchronizing all

copies constantly, which ensures that data are transparent, correct, and up to date.

Although users release no identity information during transactions, these

transactions are traceable and visible in the entire network. Transaction records

can be accessed and accurately reconstructed at any time.

¾ A permissioned blockchain does not offer absolute transparency. The master copy

of transaction records is not distributed to all participants. Instead, some

participants may only have a part of the copy. Whether certain information is

restricted or accessible to certain participants depends on the access-control

configuration. Given the confidentiality protection from these access restrictions,

5
 permissioned blockchains will be more suitable in business environment (AICPA

and CPA Canada 2017).

IV. ENTERPRISE USE CASE AND IMPLICATIONS

According to coinmap.org, 15,004 businesses in the world accept Bitcoin as a form of

payment for their goods and services.2 For example, the board of directors of Overstock has

approved up to 50% of their sales revenue to be paid in cryptocurrencies such as Bitcoin. At the

end of 2018, Overstock held $2.4 million worth of Bitcoins and reported them as other current

assets. Besides Bitcoin acceptance, many companies have realized blockchain’s potential power

to boost their business (Stratopoulos and Wang 2019). For example, FedEx is using blockchain

to track high-value cargo and plans to extend this functionality to almost all of its shipments.

IBM creates “Food Trust Blockchain” – including nine partners such as Nestlé and Dole. Also,

in response to worldwide food contamination outbreaks, retail giant Walmart is tackling food

safety in the supply chain using blockchain technology (Kamath 2018).

Organizations implementing blockchain with smart contracts may improve compliance

effectiveness and risk management. For example, smart contracts could facilitate organizations’

adherence to various laws and regulations (Pilkington 2016; Wild, Arnold, and Stafford 2015;

OECD 2018). Pre-defined alerting schemes could be implanted in blockchain to identify

suspicious transactions in a timely manner. They could also be used to monitor an organization’s

financial health and aid decision-makers to design new control mechanisms (Psaila 2017).

4.1 Blockchain Creates Business Information Ecosystems

Blockchain technology is not only an information system in a single company for a set of

transactions, but is an infrastructure for business communities (Ito, Narula, and Ali 2017;
2
Retrieved on June 18, 2019.

6
Sheldon 2018). As more individuals and organizations join a blockchain network, a large

community of stakeholders, such as companies, investors, auditors, tax authorities, and

regulators, comprises an ecosystem with information transferring and sharing. In permissionless

blockchain where there is no centralized authority, the enlargement of a blockchain will make

the information in the network more secure. According to the 51% attack rule, only when a

group of miners controls an absolute majority of the computer power on blockchain can they

alter the transaction record. A large community makes it infeasible for a few entities to dominate

the network and manipulate the content of the ledger. Figure 2 presents a blockchain network

with its stakeholders forming a new business ecosystem.

[Insert Figure 2 about here]

Moreover, a set of different blockchains could be linked together to form a blockchain

consortium, which further promotes information sharing and cross-examination in a larger base.

With close to a real-time information sharing configuration, the records on blockchain could be

exposed to scrutiny by more cross-chain participants. This provides third parties an even broader

scope to scrutinize reliability of business transactions.

4.2 Cost of Implementation

Based on cost-benefit analyses, organizations will decide whether, to what extent, and

how they will adopt blockchain (Appelbaum and Smith 2018). We provide a list of explicit and

implicit costs of adoption for organizations to consider:

• Cost of implementing and maintaining a blockchain

• Repetition and competition between an existing ERP system and a blockchain

• Reconciliation between records on a blockchain, other reports, and physical existence

7
 • Potential information leakage to outsiders, including business competitors and customers

• Obstruction from managers due to externality of increased transparency

V. IMPLICATIONS FOR AUDITING

5.1 New Business to Auditors

At the application level, blockchain brings new business to auditors, such as reviewing

certain transactions and verifying the existence of digital assets, and attesting to consistency

between information on a blockchain and in the physical world. These new tasks could be

challenging, particularly when there is no centralized authorities on blockchain. Auditors need to

leverage their expertise in IT system audits to invent novel methods to accomplish verification of

ownership. As we discussed in the previous section, different types of blockchain have their

advantages and limitations. In Table 1, we provide a list of opportunities and challenges audit

firms need to face in permissionless and permissioned blockchains, with more focus on the latter.

[Insert Table 1 about here]

Moreover, blockchain could fundamentally change the auditing process. As a complete

record of transactions is stored on blockchain, auditors will no longer need to request, and wait

for trading parties to provide, data and documents. In addition, blockchain will surpass the

traditional audit sampling process, and allow continuous audits for any “on-chain” transactions

in any specific period. The adoption of blockchain will free up resources that were previously

expended on evidence collection and verification.

5.2 Shift from Testing of Transactions to Testing of Controls

Despite aforementioned efficiency gains from blockchain adoption, it is important to note

that the transaction record stored on the blockchain does not necessarily assure the reliability of

8
organizations’ financial reports. For example, an “on-chain” transaction still could be executed

between related parties, linked to some unobservable “off-chain” agreement or fraudulent

transaction (AICPA and CPA Canada 2017). Therefore, what is critical is the effectiveness of

internal controls surrounding blockchain. When auditors encounter a specific blockchain, they

need to examine clients’ incentives, as well as blockchain code quality, protocol changes, and

power allocation among peers. After all, the focus of auditors will not be testing transactions

directly, but instead testing these controls to obtain appropriate assurance that the transactions

hosted on the blockchain are accurate. We use Table 2 to present possible impacts of blockchain

on both internal and external auditing practices.

[Insert Table 2 about here]

5.3 Recommendations and Perspectives

Blockchain technology brings tangible challenges to the audit industry and calls for

strategic transformation in this area (Coyne and McMickle 2017; Lin and Liao 2017). Audit

firms’ comprehensive knowledge about business operations and governance will position them

as critical advisors to organizations approaching these new technologies (ICAEW 2017; Raj

2017; Smith 2017; Rapoport 2018). To prepare for the changes brought by this disruptive

technology, auditing professionals need to adjust, and elevate themselves to the role of strategic

partner (Karajovic, Kim, and Laskowski 2017). In the current stage, auditors should consider the

following initial steps to adapt to the new environment:

• Acquire competency in blockchain technology and governance of blockchain. Auditors

should be able to assess the costs and benefits of adopting specific blockchains, and provide

advice on blockchain implementation for their clients (Sheldon 2019). Audit firms could

reach this goal by adjusting their hiring and training strategy.

9
• Actively participate in blockchain development with emphasis on risk control. Auditors

should consider stepping forward to influence and lead implementation of blockchain. Audit

firms should shift their focus to assess the effectiveness of risk management and advise on

solutions and assurance for internal control.

Rapidly growing technology brings enormous opportunities to auditors. In order to promote

high-quality services, auditors should consider the following long-run prospects:

• Move to continuous auditing. Blockchain applications make it feasible to conduct

continuous auditing due to real-time access to transaction records (Smith 2017).

• Grow the advisory function. With resources freed from traditional evidence collecting and

testing, audit firms should consider applying appropriate data analytics in blockchain, and

expand advisory services such as control design, change management, and blockchain

governance (ICAEW 2017).

10
 REFERENCES

American Institute of CPAs (AICPA) and Chartered Professional Accountants of Canada (CPA
Canada). 2017. Blockchain Technology and Its Potential Impact on the Audit and
Assurance Profession. Available at:
https://www.aicpa.org/content/dam/aicpa/interestareas/frc/assuranceadvisoryservices/dow
nloadabledocuments/blockchain-technology-and-its-potential-impact-on-the-audit-and-
assurance-profession.pdf
Appelbaum, D. and S. Smith. 2018. Blockchain Basics and Hands-on Guidance. The CPA
Journal. Available at: https://www.cpajournal.com/2018/06/19/blockchain-basics-and-
hands-on-guidance/
Bajpai, P. 2017. 'Big 4' Accounting Firms Are Experimenting with Blockchain and Bitcoin.
Available at: https://www.nasdaq.com/article/big-4-accounting-firms-are-experimenting-
with-blockchain-and-bitcoin-cm812018
Brandon, D. 2016. The blockchain: The future of business information systems? International
Journal of the Academic Business World 10: 33-40.
Coyne, J. G. and P. L. McMickle. 2017. Can blockchains serve an accounting purpose? Journal
of Emerging Technologies in Accounting 14(2): 101-111.
Crosby, M., P. Pattanayak, S. Verma, and V. Kalyanaraman. 2016. Blockchain technology:
Beyond bitcoin. Applied Innovation Review 2: 6-19.
Dai, J., and M. A. Vasarhelyi. 2017. Toward blockchain-based accounting and
assurance. Journal of Information Systems 31(3): 5-21.
Deloitt. 2016. Tech Trends 2016 - Innovating in the Digital Era. Westlek, TX: Deloitte
University Press
EY. 2017. EY infuses blockchain into enterprises and across industries with launch of EY Ops
Chain. Available at: http://www.ey.com/gl/en/newsroom/news-releases/news-ey-infuses-
blockchain-into-enterprises-and-across-industries-with-launch-of-ey-ops-chain
Gross, A., J. Hemker, J. Hoelscher, and B. Reed. 2017. The role of secondary sources on the
taxation of digital currency (Bitcoin) before IRS guidance was issued. Journal of
Accounting Education 39: 48-54.
ICAEW. 2017. Blockchain and the Future of Accountancy. Available
at: https://www.icaew.com/-/media/corporate/files/technical/information-
technology/technology/blockchain-and-the-future-of-accountancy.ashx
Ito, J., N. Narula, and R. Ali. 2017. The Blockchain Will Do to the Financial System What the
Internet Did to Media. Harvard Business Review.
Kamath, R. 2018. Food traceability on blockchain: Walmart’s pork and mango pilots with
IBM. The Journal of the British Blockchain Association 1(1): 1-12.
Karajovic, M., H. Kim, and M. Laskowski. 2017. Thinking outside the block: Projected phases
of blockchain integration in the accounting industry. Working paper.
Kokina, J., R. Mancha, and D. Pachamanova. 2017. Blockchain: Emergent industry adoption and
implications for accounting. Journal of Emerging Technologies in Accounting 14(2): 91-
100.
Kosba, A., A. Miller, E. Shi, Z. Wen, and C. Papmanthou. 2016. Hawk: The blockchain model of
cryptography and privacy-preserving smart contracts. Paper presented at the IEEE 2016
Symposium on Security and Privacy.

11
KPMG. 2017. KPMG and Microsoft announce new “Blockchain Nodes”. Available at:
https://home.kpmg.com/us/en/home/media/press-releases/2017/02/kpmg-and-microsoft-
announce-new-blockchain-nodes.html
Lin, I. C., and T. C. Liao. 2017. A survey of blockchain security issues and challenges.
International Journal of Network Security 19: 653-659.
Organisation for Economic Co-operation and Development (OECD). 2018. Blockchain
Technology and Corporate Governance. Available at:
http://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?cote=DAF/CA/CG/RD
(2018)1/REV1&docLanguage=En
Pilkington, M. 2016. Blockchain technology: Principles and applications. In F. X. Olleros, M.
Zhegu, & E. Elgar (Eds.), Handbook of Research on Digital Transformations. Cheltenham,
UK: Edward Elgar.
Psaila, S. 2017. Blockchain: A game changer for audit processes. Available at:
https://www2.deloitte.com/mt/en/pages/audit/articles/mt-blockchain-a-game-changer-for-
audit.html
PWC, 2017. Redrawing the lines: FinTech’s growing influence on financial services. Available
at: https://www.pwc.com/gx/en/industries/financial-services/assets/pwc-fintech-exec-
summary-2017.pdf
Raj, R.V. 2017. Will External Audits Vanish in the Blockchain World? IFAC, Audit &
Assurance, 2. Available at: https://www.ifac.org/global-knowledge-gateway/audit-
assurance/discussion/will-external-audits-vanish-blockchain-world
Rapoport, M. 2018. PwC Has an Answer for the Blockchain: Audit It. Available
at: https://www.wsj.com/articles/pwc-has-an-answer-for-the-blockchain-audit-it-
1521194401
Simoyama, F. d. O., I. Grigg, R. L. P. Bueno, and L. C. D. Oliveira. 2017. Triple entry ledgers
with blockchain for auditing. International Journal of Auditing Technology 3(3): 163 -
183.
Sheldon, M. D. 2018. Using blockchain to aggregate and share misconduct issues across the
accounting profession. Current Issues in Auditing. 12(2): 27-35
Sheldon, M. D. 2019. A primer for information technology general control considerations on a
private and permission blockchain audit. Current Issues in Auditing. (forthcoming)
Smith, S. S. 2017. Blockchain, AI, and Accounting. Available at: https://www.ifac.org/global-
knowledge-gateway/practice-management/discussion/blockchain-ai-and-accounting
Stratopoulos, T., and V. Wang. 2019. Blockchain technology adoption. Working paper.
Available at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3188470
Swan, M. 2015. Blockchain: Blueprint for a New Economy. Beijing: O'Reilly.
Wild, J., M. Arnold, and P. Stafford. 2015. Technology: Banks seek the key to blockchain.
Financial Times.
Yermack, D. 2017. Corporate governance and blockchains. Review of Finance. 21(1): 7-31
Zheng, Z., S. Xie, H. Dai, X. Chen, and H. Wang. 2017. Blockchain challenges and opportunities:
A survey. International Journal of Web and Grid Services. 14(4): 352 - 375.

12
 FIGURE 1

Panel A: The Fund Transfer Process in a Traditional Digital Ledger System

Panel B: The Fund Transfer Process in a Blockchain Network

13
 FIGURE 2

New business ecosystem based on blockchain technology

14
 TABLE 1
Opportunities and Challenges to Auditors
Opportunities
Permissionless • Examine transaction record on blockchain
blockchain • Develop novel audit process on blockchain
transactions
• Verify the consistency between items on blockchain
and in the physical world
Permissioned • Develop guidelines for blockchain implementation
blockchain • Leverage industry knowledge and experience to offer
advice for best practices for blockchain consensus
protocols
• Leverage business networks to form permissioned
blockchain based on market demand
• Act as planner and coordinator of potential
participants of a blockchain
• Leverage their expertise on IT auditing to audit
internal control of blockchain, including data
integrity and security
• Offer independent rating services to a specific
blockchain
• Act as administrator of blockchain
Challenges
• No reversal of erroneous transactions
• No centralized authority to verify the
existence, ownership, and measurement of
items recorded on blockchain
• Data retrieval due to clients’ loss of private
key
• No centralized authority to report
cyberattack
• Need to be proficient in various blockchain
technologies
• Difficult to reach consensus rules among all
participants, when acting as an
organizational agent
• Audit transaction linked to a side agreement
that is “off-chain”
• Tackle the situation when central authority
has power to override information on
blockchain
• Cope with change of consensus protocol in
a blockchain
15
 TABLE 2
Blockchain’s Impacts on Auditing Practices

Auditing Blockchain’s Impact Internal External

Practices Audit Audit
● Whole-population investigation X X
Evidence
replacing the traditional sampling
gathering
approach
● Direct access to transaction history
● Real-time transaction validation by a X X
Transaction
community of miners
validation and
● Record verification and maintenance
verification
by all users
● Built-in compliance with most recent X
Compliance
standards, regulations, and laws
evaluation
● Instant presentation of the underlying
regulation to an operator
● Immediate detection of violations
● Automating reconciliation (if X X
Transaction
transactions take place between parties
reconciliation
within a single blockchain network)
● Instant settlement
● Reduction of time spent on
reconciliation and increased efficiency
● Near real-time financial reporting X X
Financial
● No errors
reporting
● Less prone to fraud
● Providing complete, accurate records X
Planning and
for auditors to quickly spot problems,
advising
prioritize plans, and find long-term
patterns
● Offering reliable and timely X
Decision
information stored in blockchain to
support
perform analytics
● Predicting consequences of actions
● Facilitating smart contracts by
embedded analytical models (i.e., to
identify trends)

16