Blockchain and Internal Audit: A Personal Journey into Digital Future
I still remember the first time blockchain crossed my desk during an audit. It was 2023, and I was reviewing a digital transformation initiative when I came across terms like “distributed ledger technology” and “tokenised securities” in the risk registers. My first reaction? Confusion. Here was this buzzword-filled technology that everyone was talking about, but I had no idea how to assess the controls, let alone the risks.
Fast forward to today, and that confusion has turned into fascination. Taking up a structured course on blockchain and digital assets opened the door to the world of digital finance. I took that step not just because blockchain is reshaping business, but because it's fundamentally changing what it means to provide assurance. As young professionals in internal audit, we are not just observers. We are part of this transformation.
Why Blockchain Matters to Internal Audit
Think of blockchain as a shared record book. Everyone in the network has access to the same version, and once something is written in it, it can’t be changed. No single party controls it. Instead of your bank updating your account balance, this information is shared and updated across many locations at once.
What struck me most in that first blockchain-related audit was how different the control environment felt. In traditional audits, we ask: “Who has access?” or “Who can modify the system?” But blockchain is built to operate without central control. This challenged the way I thought about assurance and pushed me to explore what blockchain really means for internal audit.
Four Ways Blockchain is Changing Internal Audit
From real-life use cases in Singapore to hands-on experience, here are four shifts I have observed that affect how we approach our work.
New Risks Require New Thinking
A local financial services firm once launched smart contracts. One tiny bug almost locked millions of dollars permanently. Unlike regular IT systems, blockchain doesn’t allow rollbacks. Once it’s done, it’s done.
But the real issue wasn’t the tech - it was governance. Only three people could update the contract. That concentrated too much power in too few hands. One mistake or compromise, and there was no safety net. Without proper oversight and transparency, the risk became unacceptable.
This taught me something important: it is not just about writing secure code. It is about having the right people, processes, and decision rights around it. Good technology needs great governance.
Real-Time Assurance Is Now Possible
One of the most exciting aspects of blockchain is the ability to provide real-time assurance. In a traditional audit, we sample transactions after they happen. With blockchain, every transaction is recorded instantly and transparently.
While auditing a supply chain implementation, we were able to monitor inventory movement in real time. There was no need for stock counts because everything was traceable and live. This also means internal auditors must understand how to read and interpret blockchain data so we can make sense of what we are seeing and provide meaningful insights.
Audit Trails That Never Lie But Can Mislead
Blockchain creates a perfect and unchangeable audit trail. That sounds ideal, right? It is, but only to a certain extent. In one project, I was relieved to find a flawless trail of activity. However, I later realised that the initial data entered was inaccurate. The system preserved it perfectly, but it was still wrong. Blockchain protects the integrity of data after it is recorded. It does not verify whether the data was correct to begin with. Because of this, internal auditors still play a vital role in reviewing upstream processes, especially how data enters the system.
Collaboration Is Key
Blockchain audits are never solo efforts. You need the tech teams to explain how the system works, legal teams to understand regulatory compliance, and business teams to clarify operations. I have found that internal audit’s value lies in bringing all these perspectives together to ask the right questions. And that’s where our role shifts, from checking compliance boxes to advising on how to implement blockchain responsibly.
Singapore’s Blockchain Reality: What We Are Actually Auditing
Blockchain is no longer an emerging concept in Singapore. It is already being used in day-to-day financial operations. As adoption becomes more widespread, internal auditors are being called to evaluate areas that did not exist just a few years ago. These include digital forms of currency, decentralised finance tools, and tokenised assets embedded in core business processes.
Regulatory developments are moving in tandem. The Monetary Authority of Singapore now requires digital token service providers to be licensed and has introduced rules for safeguarding customer assets in statutory trusts. These changes introduce new expectations around compliance, governance, and operational integrity.
For internal auditors, this means moving beyond understanding the technology. It is about assessing how organisations are implementing blockchain in practice, and ensuring that the right controls and oversight are in place from the outset.
What I Wish I Had Known Earlier: A Personal Roadmap
Looking back, here’s what helped me most in my blockchain learning journey:
Start with the Business, Not the Technology
Don’t dive straight into the technical whitepapers. Instead, begin by understanding why the organisation is using blockchain. The business context will make the risks and controls easier to grasp.
Ask these Audit Questions
- Who controls the private keys and how are they stored?
- How are smart contracts updated and who approves the changes?
- How is data validated before it is entered into the blockchain?
- What is the disaster recovery plan if something goes wrong?
Build your Network
Attend IIA Singapore events and participate in public consultations led by the Monetary Authority of Singapore as well as initiatives by Infocomm Media Development Authority. These opportunities provide practical insights from the audit and fintech communities, regulators and industry experts.
Learn by Doing
Setting up a digital wallet and making a simple transaction can offer insights that no training material alone can provide.
The Path Forward: Our Role as Internal Auditors
What surprised me most was not how complex blockchain is but how it redefines trust and control. We are moving from traditional controls like passwords and approval limits to concepts like cryptographic signatures and smart contracts.
Internal auditors must adapt. We are uniquely positioned to bridge the gap between business needs and emerging technologies. By staying curious and open-minded, we can help our organisations adopt blockchain responsibly while maintaining sound governance.
This shift is already underway and not something in the distant future. In Singapore, blockchain is transforming financial services, supply chains and government-led digital initiatives. As internal auditors, we have a responsibility to understand these changes, challenge assumptions and provide assurance in this evolving digital landscape.
Chaitanya Muthaiyan is with the Innovation and Decision Science Team at Group Audit, UOB, and is Vice Chairperson of the IIA Singapore Young Professionals Working Group (YPWG).
