The American Institute of CPAs (AICPA), The Chartered Institute of Management Accountants (CIMA) and ISACA, an international professional association focused on IT governance, have collaborated to produce a joint white paper, Blockchain Risk: Consideration for Professionals.

Developed by the ISACA-AICPA & CIMA Joint Blockchain Working Group, Blockchain Risk provides context around specific risk related to blockchain implementation and operation. It is organised by five key domains—governance, infrastructure, data, key management, and smart contracts.

ISACA senior director, emerging technology and innovation, Dustin Brewer said: “Many enterprises are eager to harness the power of blockchain to transform their businesses or operations. While there are great benefits to using blockchain, practitioners should ensure they fully understand all types of risk to avoid potentially exposing their business to vulnerabilities, attack vectors or other issues before implementing—or even retroactively, if needed.”

Blockchain Risk aims to emphasize that a broad array of practitioners—from CPAs and IT auditors to cybersecurity professionals and those in management roles—should gain an understanding of blockchain risks, including:

  • Governance/design risk: Lack of protocols for unconfirmed transactions can allow processing of fraudulent transactions that were previously rejected, posing a threat to the network.
  • Infrastructure/protocol management risk: Conditional instructions in protocol or smart contract code can allow infinite loops that put the ongoing operation and integrity of the network at risk.
  • Key management: Creating a key/seed with insufficient breakup can place all future use of the keys for storing and transacting in crypto assets at risk. The keys can be brute forced or guessed, resulting in a loss of assets.


AICPA & CIMA lead manager of emerging assurance technologies and advisory innovation said: “It is important for any entity using blockchain technology to understand that there are unique risks in this space and it is imperative to identify those risks quickly. Using a resource such as this risk matrix means entities will be alerted to issues in order to design the necessary processes and controls to mitigate such risks and enable success.”

The white paper also includes a list of additional blockchain resources from ISACA and AICPA & CIMA, including ISACA’s new Blockchain Framework and Guidance and Blockchain Preparation Audit Program, and AICPA& CIMA’s Blockchain and Beyond Learning Programs and Blockchain Universal Glossary.



Earlier this week, AICPA announced that it will be launching a new accounting curriculum at an event to be held in June