When it comes to blockchain, companies still have a lot to figure out. Many CIOs and technologists I speak with admit they're still on the hunt for the right use case. Is there a killer application for blockchain beyond cryptocurrency? Analysts sure think so: Gartner predicts blockchain will eventually hit $3 trillion in investment by 2030.
And while executives are intrigued by the possibilities, investigating applications surrounding payment processing, supply chain management, and contract administration, to name just a few ideas, these largely remain in the conceptual stages. Companies are taking it slowly—just 3 percent of enterprises say they are making a substantial investment in the technology, but they're getting their ducks in a row. (Consider that registration for the Consensus blockchain conference happening this week doubled from last year to this.)
That's why now is the perfect time to consider how you're approaching blockchain projects. Who's part of your innovation process? Are you considering issues related to governance, risk, and compliance from the get-go? How are you working across business functions so that you can more quickly bring pilots—then production applications—to fruition?
Teaming with risk and compliance can improve innovation
Blockchain's greatest strength is that it represents a new way of recording and managing information. But its methodology is complex and markedly different from traditional computing techniques, so much so that simply understanding how it works can be a major undertaking.
For a developer immersed in blockchain technology, this can be all too easy to forget. It's human nature to distrust what we don't understand, and this psychology spills over into the enterprise too. So, while developers are excitedly investigating blockchain-based initiatives, others in the organization, such as internal audit or risk management, may want to pump the brakes a bit—or you may think that they do.
But you might be surprised to learn that the people in these functions may view themselves as innovators. In PwC's recent Risk in Review study of 1,500 risk executives, we identified a group of leaders that we called the Adapters. They were confident in their organizations' ability to manage innovation-related risk and they were more directly involved in innovation activities. For example, 57 percent of Adapters who said they provided input on innovation activities even before the planning stage.
As a technology innovation leader, you need to find and cultivate those Adapters. You can also get ahead of the game by embracing internal audit, risk, and compliance teams from the start, working with them hand in hand to integrate governance and controls from the beginning of a project (even at the proof of concept stage). This is the best way to ensure that innovation flows efficiently into production.
In any mature enterprise, tech projects are rarely green-lighted unless the development team can show that the right business functions have been involved with the project and the right questions have been asked and answered. Smart innovators are proactive in involving departments like legal, internal audit, risk, and compliance because they don't want a project to be derailed at the last minute because they didn't involve the right people. I've seen the benefits of this approach firsthand, where we've integrated an intellectual property specialist from our legal group into our venture teams. He's able to raise important questions and inform our approach as we develop new products and services.
How to bridge the gap
Bridging the gap between technology and these functions foremost requires an understanding—by both sides—of the risks to which the organization is exposing itself. To that end, internal audit, risk, and compliance can help innovators by developing a risk and controls framework that can be applied in the earliest stages of development, so technologists have a checklist to consider as they develop initiatives. Even better, an organization can leverage agile development techniques by including legal, internal audit, risk management, or compliance leads directly as part of an interdisciplinary development team. When you embed the risk function alongside innovators, you naturally remove obstacles farther down the road, speeding up the development process.
For their part, internal auditors can also leverage the risk and controls framework as it is populated to help establish their own comfort level with the new technology. As a minimum viable product takes shape, the framework can be used to establish areas where risk management should take a closer look at the application—both in the short and long term.
The ultimate goal is to equip the CIO with enough information and power to confidently stand before a risk committee—or the board of directors—and tell them that the organization is not just innovating with blockchain, it's also protecting its brand.