Case Study
Audit of a private, permissioned blockchain
Conducted advisory and audit engagement prior to production launch for two Fortune 500 companies’ private permissioned blockchain used for 70,000 transactions and $500+ million in annual money movement between the firms’ 45,000 users.
Key Risks
- Governance and regulatory compliance
- Key management and permissions
- Infrastructure integrations between legacy and blockchain technology and security controls for underpinning infrastructure
- Secure software development practices
- Financial validation of Blockchain with general ledger
- Consensus mechanism, network nodes and anti-fraud vulnerabilities
Outcomes
Both companies transitioned from a paper-based accounts payable/accounts receivable system to a full production blockchain deployment. Blockchain technology resulted in better financial integrity for financial reporting than paper-based system.
Off-chain advisory services recommended improvements to the governance and change management protocols used for the administration of the blockchain.
On-chain audit testing identified vulnerabilities and presented findings to improve private key management and least privilege.