Blockchain Technology: establishing risk-based approaches

Blockchain is considered an emerging technology that has the potential to significantly transform the way we transact. The establishment of new asset classes and transactional models substitute conventional payment and settlement platforms. The major advantage that blockchain offers is transparency and the elimination of custodial necessity. However, organizations implementing blockchain in their IT environment are also faced with a new set of risks arising from this distributed ledger technology. This article will introduce some of the key risks arising from the implementation of this technology in existing IT environments.

Scalability & Continuity

Coordination and communication between nodes that are often spatially separated from each other and located within the participant’s internal IT environments might result in a lack of scalability or even threaten the continuity of the blockchain system and the process activities of organizations relying on the blockchain system.

Centralisation & Collusion

Nodes might be owned by a single organization or by a collaboration of organizations. Competitors might be blocked from transacting on this system or risk being restricted from using certain functionalities.

Data Management & Privacy

Incorrect, incomplete, or even unauthorized transactions might result in unintended consequences such as degraded data integrity or violated privacy requirements due to inaccessibility of personal data, and what the transaction commits cannot be reverted.

Smart Contracts

Smart contracts are agreements between blockchain participants that are codified into the authoritative ledger. If smart contracts are incorrectly designed, this might result in unintended and unforeseen consequences.

Consensus & Network

If the consensus process is flawed, organizations transacting on the blockchain might be exposed to significant risks – both operational and financial.


By its very nature, blockchains allow for transacting between parties that do not need to know or trust each other. This exposes an organization to the risk of participating in money laundering or terrorist financing.

Functional Requirements

Selecting or developing a blockchain that does not align with the organization’s business or operating model needs might have significant consequences for the organization’s business activities that rely on the blockchain.

Cryptographic Key Management

Improper management of cryptographic key-pairs might result in unauthorized access to the system.

Third-Party & Governance

Blockchain relies on both the overall control environment of the network as well as the control environments of the individual participating organizations. One can argue whether ‘third parties in a blockchain context are actually ‘second parties.

Culled from “Digital Auditing and Beyond”, Steven van der Weerd MSc, 2019

For media inquiries, please contact:

[email protected]