Accounting Information Systems Content for Free-Response Part of Final

types of nodes

*full node- program that fully validates transactions and blocks (full ledger) -lightweight node- does not store a full copy of the blockchain, passes its data to full nodes to be processed

section 320

reports on examination of controls at a service organization relevant to user entities' internal control over financial reporting

public blockchain

anyone can read the blockchain ledger and submit new transactions

hash rate

number of nonces tried per second (currently in the trillions)

nonce

the one data input to the block header that miners can change

Bitcoin vs bitcoin

-Bitcoin is the protocols, platform, and software used to run the digital currency bitcoin -bitcoin is a unit of currency

August -> October 2008

-Bitcoin.org was registered -Lehman Brothers filed for chapter 11, AIG bailed out, Bank of America buys Merrill Lynch, US Government established 700 billion for Troubled Asset Relief Program -Bitcoin whitepaper released on Halloween 2008, written by Satoshi

why blockchain matters to accountants

-accountants are expert record keepers, who keep records of financial transactions in ledgers

mystery of Satoshi Nakamoto

-anonymous creator of bitcoin -identity remains unknown (could be a person, many people, a corporation, a government) -Bitcoin whitepaper demonstrates considerable knowledge across disciplines (cryptography, computer science, economics, psychology, technical writing)

new transactions

-are communicated (broadcasted/propagated/gossiped) amongst nodes -nodes do not receive transactions in the same order, blocks determine order -nodes verify each transaction received for appropriateness

tokens

-are fungible (replaceable) or non-fungible -security token represents an investment -utility token gives access to use the blockchain product or service in the future -asset-backed tokens are tied to an asset in the physical world

Bitcoin vs blockchain

-bitcoin is not blockchain -many blockchains now exist, with a great deal of variation in technical design -Bitcoin's blockchain set the foundation for those that followed

blockchain structures

-centralized has one central intermediary -decentralized has many key intermediaries -distributed can indirectly communicate with everyone (goal of blockchain)

ethereum

-created by Vitalik Buterin in 2015 -offers a more simplistic programmable language to develop applications that run on a block chain -native token is ether, a utility token -uses proof of stake and is resistant to ASICs -accounts are either externally owned (store ether) or smart contract (can have code stored with it)

problems that blockchain solves

-direct exchanges of value over the internet -individual parties cannot censor transactions (removes middlemen) -eliminates the double spend problem (the same digital token being spent more than once) -enables creation of scarce digital assets -advances network resiliency

bitcoin as a deflationary currency

-discourages spending due to negative inflation rate (value goes up over time) *conflict- Bitcoin only has value if people use it, but why use it if its value goes up over time?

brief overview of Bitcoin

-each bitcoin can be broken down to eight decimal places -21 million bitcoins are to be released by the year 2140

when using the work of another practitioner, you are responsible for

-engagement complying with professional standards, legal requirements, and firm policies -determining if the practitioner's report is appropriate for the circumstances

types of Bitcoin wallets

-hot storage: internet connection required to access wallet -cold storage: no internet connection required -full node: runs a full node and implements all the functions of the blockchain -lightweight: uses a connection with a series of servers to obtain information

SOC 2 reports

-intended to meet needs of a broad range of users who need control information relevant to security, availability, processing integrity of systems as well as confidentiality and privacy of information -2 types, and use is restricted

SOC 1 reports

-intended to meet needs of entities that use service orgs and the CPAs that audit them in evaluating the effect of the controls on the user entities' financial statements -effect financial statements -2 types

SOC 3 reports

-intended to meet needs of users who need assurance about security, availability, processing integrity, confidentiality, or privacy, but don't have the means of using a SOC 2 report -general use, freely distributed

Bitcoin details

-is implemented using blockchain -can process about 7 transactions per second, with new blocks added about every 10 minutes -new bitcoins are released by the protocol in coinbase transactions, which represent rewards granted when new blocks are created

other threats and concerns

-it can be cost prohibitive to maintain a full node or mining operation, which leads to more centralized control -transactions are irreversible and anonymous, which clashes with US banking regulations -blockchain is not an efficient storage mechanism for large files -blockchains are not interoperable

assurance timeline

-limited assurance is needed for review engagement, conclusion, and negative assurance -reasonable assurance is needed for examination engagement, opinion, and positive assurance

blockchain

-linear model that is used to store data -the first block is known as the genesis block *book analogy- can be thought of as a book, where the book in its entirety represents the blockchain and each individual page represents a block

Satoshi conspiracies

-many conspiracies of who Satoshi could be (Nick Szabo, Craig Wright, Hal Finney) -many motives to claim to be Satoshi (Satoshi has 1 million bitcoin)

validated transactions

-meet all three criteria -are stored in a full node's memory pool (staging area) -miners take these transactions and work to add/confirm them into blocks

broadcast the winning nonce

-miner that solves the proof of work by finding an appropriate nonce broadcasts that nonce to the nodes -as part of this process, the associated transactions are then added to/confirmed in a new block -hash of the confirmed block then becomes the previous block hash that is included in the header of the subsequent block -miners use this previous block hash when working to confirm the next block

opinions and conclusions

-opinion made during examination engagement, conclusion expressed during review engagement -relate to if the subject matter is in accordance with criteria and fairly stated

address

-participation in Bitcoin begins by establishing an address that can be sent bitcoins -steps to derive an address: cryptographic seed (random information collected to create a private key) -> private key (password) -> public key (anyone can see) -> blockchain address

acceptance of a change in the terms of the engagement

-practitioner can only agree to a change in terms if reasonable justification exists -if there is reasonable justification, practitioner should issue a report on the change that doesn't reference original engagement, procedures, and scope limitations

examination engagement

-practitioner obtains reasonable assurance (high, not absolute) by obtaining sufficient appropriate evidence to be able to draw conclusions to base their opinion on -same level of assurance as needed for a financial statement audit

agreed-upon procedures engagement

-practitioner performs procedures and reports the findings, without providing an opinion or conclusion -parties agree upon and are responsible for the sufficiency of these procedures

engagement documentation

-prepared on a timely basis, final file assembled no later than 60 days after report release date -practitioner shouldn't discard documentation, and if they amend it they have to document the reasons and when and by whom the amendment was made

Bitcoin blockchain

is public and permissionless (anyone can read the ledger and write transactions)

features of blockchain (book analogy)

-provides a linear record of something, allows you to go back and view the ledger at a specific point in time -comprised of individual blocks of data, and these blocks have size limitations -blocks must remain in a specific order -blocks can only be added to the end of the blockchain, but not removed (append only)

ledger

-provides a record of bitcoin transactions, which is shared, replicated, and distributed -is append only, verified, and agreed-upon -submitted transactions must be verified, and there is consensus on the data added via blocks

engagement partner assuming responsibility for the work of another practitioner

-required to communicate clearly with the other practitioner and evaluate the adequacy of their work -involvement is affected by your understanding of the other practitioner and degree to which they are subject to common quality control policies

cryptocurrency exchanges

-similar to how a stock exchange functions -creates a place for buyers and sellers to be matched, providing a level of anonymity for the parties involved -maintains custody of cash and cryptocurrencies used in the exchanges

initial coin offering

-somewhat similar to how companies might raise funds using an IPO -typically begin with a white paper outlining the new blockchain and its cryptoasset -lots of scams and is not yet well regulated, so buyer beware

attestation engagement

-types are examination, review, or agreed-upon procedures engagement -performed under AT-C standards and related to subject matter that is the responsibility of another party

is blockchain necessary? EY 5 point test

1) are there multiple parties in the ecosystem? 2) is establishing trust between all parties an issue? 3) is it critical to have a tamper proof, permanent record of transactions? 4) are we securing the ownership or management of a finite resource? 5) does the ecosystem benefit from improved transparency?

why 21 million bitcoins are to be released by 2140?

21 million bitcoins * 100 thousand parts per bitcoin = 21 trillion -21 trillion dollars is the same as the global money supply when Bitcoin was created (objective to become a global currency)

hashing transaction data

data from individual transactions are hashed, then hashes are hashed together until all transactions are used to create a single root hash which becomes part of the data represented in the block header -hash for one block is included in part of the hash for the next block

permissionless blockchain

anyone can write transactions to the blockchain

high fee

becomes more appealing for miners to include your transaction in the next confirmed block -earnings are also used to incentivize miners to use their computational power to support the blockchain rather than working to fraud it

Bitcoin wallet

bitcoins are not actually stored in the wallet, your keys to get into your account are stored

how could Satoshi's identity be proven

by accessing Satoshi's wallet and releasing bitcoin

examples of reasonable justification for requesting a change in the engagement

changes in circumstances affecting requirements of responsible party of a misunderstanding of the nature of the original engagement

examples of changes that cannot be considered reasonable

changes relating to incorrect, incomplete, or unsatisfactory information

cryptography

code writing, is used extensively, used in private and public keys to send and receive cryptoassets, hashing transactions, and hashing block header data to solve the proof of work and link blocks

section 105

concepts common to all attestation engagements

peer to peer network

distributed system of nodes with equal rights

leadership responsibilities for quality in attestation engagements

engagement partner should take responsibility for appropriateness of procedures, compliance with standards, accordance to firm policies, documentation being maintained, appropriate consultation

section 205

examination engagements

timing of blockchain's emergence

financial crisis of 2008 caused upside-down mortgages due to the burst of the housing bubble (mortgage is greater than house's value), complex financial instruments that passed risk through to the public, bailout of major banks using taxpayer money -result is low trust in financial institutions and the federal government

SOC 1 report type 2

focus on the suitability of the design and operating effectiveness of controls throughout a specified period

SOC 1 report type 1

focus on the suitability of the design of the controls as of a specified date

merkle tree

hashes all the transactions, reduces the amount of data needed to represent transactions

mining tools

have evolved to achieve a higher hash rate and thus achieve a higher likelihood of confirming the block and earning its rewards and fees -early tools of central processing units and graphical processing units were originally used for gaming -application specific integrated circuits are the most evolved tools, designed specifically for mining bitcoin

subject matter of an attestation engagement

historical/prospective performance, physical characteristics, historical events, analyses, systems and processes (internal controls) and behavior -can be at a point in time or for a period of time

51% attack problem

if 51% of the nodes (and the majority of miners' hashing power) work together, previously recorded transactions can be changed which allows the fraudster to double spend cryptocurrency -can combat this with high hash rate and geographically distributed nodes and miners

fraudulent transactions

if a node tries to introduce a fraudulent transaction, the nonce produced from the proof of work will not work for the other nodes -there will be consensus across the chain that the fraudulent transaction is not valid

overpowering a blockchain

if there are more dishonest nodes than honest nodes, and if they control the majority of the hashing power on the blockchain, there is a possibility that the blockchain can be rewritten

forking

if there is not consensus amongst nodes about which new block is valid or whether changes to the protocol should be accepted, the blockchain might fork -soft fork is backward compatible, hard fork is not backward compatible

cryptocurrency

includes bitcoins, altcoins, and stablecoins

encryption

it is a misconception that data stored on blockchains are encrypted -public blockchain ledgers are grounded in the idea of transparency (anyone can view)

proof of stake mining

just one node will be made responsible for adding the next block, which is more environmentally friendly

sections of SOC 1 and 2 reports

managements assertion on controls, service auditor's report on controls, description of the system, service auditor's tests of controls, other information provided by service org

hashing block header data

mathematical puzzle which requires the resulting hash to begin with a pre-specified number of zeros -the current difficulty determines this requirement

incentive to find the nonce

miner that finds a correct nonce receives a block reward (newly issued bitcoins) and fees offered by included transactions (specified by the transaction initiator)

proof of work mining

miners repeatedly apply a different nonce to the block header data until they generate a hash that begins with at least a certain number of zeros -uses a lot of electricity

multisig approach

multiple private keys required to release funds

SOC 2 Trust Services Criteria

reports on controls relevant to security, availability, processing integrity, confidentiality, or privacy

SOC 1 ICFR

reports on controls relevant to user entities' internal controls over financial reporting

using the work of another practitioner

obtain an understanding if the other practitioner is independent and compliant, understand their professional competence, communicate clearly about their findings, be involved in their work, determine whether to refer to them

hash collisions

occur when two pieces of digital content produce the same hash, which is not useful

private blockchain

only authorized parties can read the blockchain ledger and submit new transactions

permissioned

only authorized users can write transactions to the blockchain

SOC 2 reports play an important role in

oversight of organization, vendor management programs, internal corporate governance, risk management processes, regulatory oversight

difficulty

periodically adjusts so that blocks are created approximately every 10 minutes, and is adjusted every two weeks or 2,016 blocks based on current hash rate

review engagement

practitioner obtains limited assurance by obtaining sufficient appropriate evidence in order to express a conclusion

mining

process of adding transactions to blocks, which then become a part of the permanent blockchain ledger -miners hash the inputs to a block and compete to solve a puzzle that will allow the block to be added to the blockchain

types of blockchain

public and permissioned is less common, private and permissionless is not realistic, private and permissioned is for enterprised users

use of SOC 1 reports

restricted to management of service org, user entities, and user auditors

block reward halving

reward issued in the coinbase transaction is cut in half, which occurs every 4 years or 210,000 blocks -current block reward is 6.25 bitcoin every 10 minutes

hashing

running digital content through an algorithm to produce a fixed-length string of letters and numbers to uniquely represent the content -the same content will always produce the same hash if run through the same algorithm -any changes to the content will result in a completely different hash -cannot recreate the original content from the hash

Dapp

series of smart contracts used to build a decentralized application

smart contracts

short computer programs on Ethereum which encode rules of an agreement and act like an automated escrow service, and once triggered, they are irreversible

SOC 3 Trust Services Criteria for General Use Report

simplified version of SOC 2 that can be read by anyone

sharding approach

single private key with multiple parts required to release funds

forks in Bitcoin

there have been forks in Bitcoin, and the hard forks have resulted in new altcoins (Bitcoin Cash, Bitcoin Gold)

SOC 2 reports are unique because

they detail the service auditor's tests of internal controls at a service org

difference between traditional accounting and blockchain

traditional accounting relies on double entry rules to balance the transactions of a single entity, whereas blockchain allows the balance of transactions among all entities using a shared ledger

key relationships

user entity -> service org -> subservice org -> service org -> service auditor -> internal auditor -> service auditor -> service org -> completed SOC report

DAO

uses a series of dapps to build a decentralized autonomous organization, which is a corporation that runs completely autonomously based on programmed logic

Bitcoin hash

uses the 64 character hash SHA 256, regardless of the size of the data file to be hashed

criteria for verifying new transactions

whether the sender has sufficient funds, whether the transaction is signed, and whether funds are directed to an existing address

peer to peer version of electronic cash

would allow online payments to be sent directly from one party to another without going through a financial institution (no government interference)