AICPA white paper tackles blockchain and SOC for Service Organization reports

By Jeff Drew

The AICPA has released a white paper that provides practitioners (known as service auditors) with advice about performing SOC for Service Organization reports on companies that have incorporated blockchain into their service-delivery systems.

The use of blockchain may allow service organizations to provide new services (e.g., developing new systems to support supply chain efficiency) and to reduce the costs of providing existing services (e.g., reducing the risk of unauthorized changes to business records). But blockchain use also brings increased risks for service organizations and user entities.

As noted in the white paper, management is responsible for identifying, assessing, documenting, and responding to blockchain-related risks through the design and implementation of controls that mitigate those risks.

The white paper, Implications of the Use of Blockchain in SOC for Service Organization Examinations, is geared toward service auditors who perform SOC for Service Organizations: Internal Control Over Financial Reporting (SOC 1) examination or SOC for Service Organizations: Trust Services Criteria (SOC 2) examinations. Practitioners conducting SOC for Supply Chain examinations may also find the white paper helpful.

Specifically, the white paper aims to educate service auditors about the unique features of blockchain and the risks associated with using the technology as part of a system that delivers services to user entities. Understanding those risks and the controls implemented by the organization to mitigate those risks is critical for the service auditor who performs a SOC 1 — SOC for Service Organizations: (ICFR) examination or a SOC 2 — SOC for Service Organizations: Trust Services Criteria examination. The white paper also discusses some of the ways those examinations may be affected by the use of blockchain.

The paper is organized into two parts. Part 1:

  • Presents an overview of blockchain, including a discussion of the different types of blockchain networks and some of the unique features that make blockchain different from other technologies a service organization may use in its system; and
  • Identifies specific risks of using blockchain.

Part 2 of the paper:

  • Presents an overview of relevant professional standards and criteria governing SOC for Service Organization examinations;
  • Discusses the need for the service auditor’s team to possess knowledge about blockchain and the specialized skills and competencies to perform the engagement, including the use of specialists when appropriate;
  • Describes the unique elements of the service auditor’s understanding of a service organization’s system when blockchain is integral to and interfaces with that system; and
  • Discusses unique considerations when forming an opinion on the description of a service organization’s system that includes blockchain, the suitability of the design of the controls, and in a type 2 examination, the operating effectiveness of controls.

Jeff Drew ( is a JofA senior editor.


Get your clients ready for tax season

Upon its enactment in March, the American Rescue Plan Act (ARPA) introduced many new tax changes, some of which retroactively affected 2020 returns. Making the right moves now can help you mitigate any surprises heading into 2022.


Black CPA Centennial, 1921–2021

With 2021 marking the 100th anniversary of the first Black licensed CPA in the United States, a yearlong campaign kicked off to recognize the nation’s Black CPAs and encourage greater progress in diversity, inclusion, and equity in the CPA profession.