The American Institute of CPAs (AICPA), The Chartered Institute of Management Accountants (CIMA) and ISACA, an international professional association focused on IT governance, have collaborated to produce a joint white paper, Blockchain Risk: Consideration for Professionals.

Developed by the ISACA-AICPA & CIMA Joint Blockchain Working Group, Blockchain Risk provides context around specific risk related to blockchain implementation and operation. It is organised by five key domains—governance, infrastructure, data, key management, and smart contracts.

ISACA senior director, emerging technology and innovation, Dustin Brewer said: “Many enterprises are eager to harness the power of blockchain to transform their businesses or operations. While there are great benefits to using blockchain, practitioners should ensure they fully understand all types of risk to avoid potentially exposing their business to vulnerabilities, attack vectors or other issues before implementing—or even retroactively, if needed.”

Blockchain Risk aims to emphasize that a broad array of practitioners—from CPAs and IT auditors to cybersecurity professionals and those in management roles—should gain an understanding of blockchain risks, including:

  • Governance/design risk: Lack of protocols for unconfirmed transactions can allow processing of fraudulent transactions that were previously rejected, posing a threat to the network.
  • Infrastructure/protocol management risk: Conditional instructions in protocol or smart contract code can allow infinite loops that put the ongoing operation and integrity of the network at risk.
  • Key management: Creating a key/seed with insufficient breakup can place all future use of the keys for storing and transacting in crypto assets at risk. The keys can be brute forced or guessed, resulting in a loss of assets.


AICPA & CIMA lead manager of emerging assurance technologies and advisory innovation said: “It is important for any entity using blockchain technology to understand that there are unique risks in this space and it is imperative to identify those risks quickly. Using a resource such as this risk matrix means entities will be alerted to issues in order to design the necessary processes and controls to mitigate such risks and enable success.”

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The white paper also includes a list of additional blockchain resources from ISACA and AICPA & CIMA, including ISACA’s new Blockchain Framework and Guidance and Blockchain Preparation Audit Program, and AICPA& CIMA’s Blockchain and Beyond Learning Programs and Blockchain Universal Glossary.



Earlier this week, AICPA announced that it will be launching a new accounting curriculum at an event to be held in June