The framework, which can be found in the Blockchain Framework and Guidance report, looks to help enterprises answer three questions with regard to implementation:
- Do the proposed blockchain control objective domains adequately cover risk vectors and business process objectives for the organisation transacting in this space?
- Have we identified the relevant stakeholders of blockchain control objectives?
- Do we understand our engagement with the larger blockchain ecosystem in evaluating risk and control objectives?
The report outlines stakeholder management processes; an area which this publication has frequently explored with regard to getting all parties onside, from C-suite, to IT, to partners.
ISACA recommends creating and launching a communications management plan – noting that many enterprises already have shared portals and processes in place – with regular updating and appropriate buy-in processes. Return on investment is key; the report says teams ‘should be prepared to present a summary report of the project to all stakeholders, and show actual versus projected improvements in process flows and ROI for the project.’
The association cites Amazon, DAML, Ethereum, Hyperledger, Microsoft and R3 as prominent blockchain platform providers about whom enterprises should be aware. Enterprises are ‘encouraged’ to research multiple vendors, including blockchain as a service providers, as a continuous review, and assess issues which may persist after implementation, such as evolutions within the technology itself.
“The use of public or hybrid blockchain in an implementation may be impacted by blockchain ecosystem changes,” the report notes, such as a soft or hard fork. “Changes on the enterprise side may impact how blockchain is used in the future. It is important for implementers of blockchain technology to maintain a holistic and forward-looking perspective because the growth of blockchain, like any new technology, will have potential significant impacts on existing and future enterprise implementations.”
In a separate report, titled ‘Blockchain – An Executive View’, ISACA notes that the technology may not suit all organisations. The advice again relates to long-term thinking, with three strategic issues needing to be considered:
- If the enterprise finds itself doing business with an increasing number of enterprises that use blockchain, how will that affect the enterprise ecosystem in several years?
- What will be the impact on the enterprise if its operations cannot match the operations of blockchain-using partners or competitors?
- What type of competitive advantage can be gained – such as reduced cost, greater efficiencies, more immediate and reliable information – if blockchain is implemented?
“Enterprises considering the implementation of blockchain technology should first do their due diligence and take some key steps – including asking themselves strategic questions, exploring enterprise risks, and assessing how blockchain adoption would map to their existing technologies, both now and in the future,” said report author Ron Quaranta.
Quaranta, who is CEO of the Wall Street Blockchain Alliance and member of ISACA’s Emerging Technology Advisory Group, added: “The benefits of this technology can be powerful, provided that enterprises have strong governance, controls and security protocols in place.
“This framework is an important step in understanding blockchain technology and realising those benefits.”
You can download a copy of the report here (free, account required).