Establish auditability and trust through Shared Audit Trails and Blockchain Technology!
In the first part of this three-part series [1], we investigated the inefficacy of over 90% of carbon certificates. We uncovered that Verra [2], a carbon offset certifier, allowed for areas of forests to be counted multiple times, thus invalidating the offsets. This has brought to light worries about the capability of companies like Shell [3] and Rossmann [4] to make meaningful progress through carbon offsetting and to reduce their carbon footprint.
This article will discuss shared audit trails. Auditing is a process of creating an organized, time-stamped log of the history and information relevant to a transaction, business process, or financial ledger. Its purpose is to chronologically track the sequence of events and actions that occurred. A full audit trail consists of a thorough record of all occurrences during a transaction, with the timestamping of each step of the transaction. Audit trails can range from basic records with only the necessary information to extensive records with many characteristics [5].
Audit trails, which are used in various domains, can manifest in different ways. In grocery stores, the receipt which is generated from a purchase serves as a basic audit trail. It includes information about what was bought, when and where it took place. When it comes to the financial sector, the Security and Exchange Commission (SEC) and the New York Stock Exchange (NYSE) maintain audit trails to detect any improper stock market activities, like when someone is manipulating the stock price. They document and note down all the trades so they can find who the manipulator is and in some cases, they have to resort to forensic accounting [6]. In the healthcare industry, an audit trail is used to monitor who has accessed a patient's medical data and any alterations made to it.
The audit control system and audit log make up a shared audit trail. The audit control system sets up the audit trail, determining which events require a record, while the audit log is an event log that keeps track of the events specified by the audit control system.
In the example above, the tracking view of a shipment appears to be a straightforward process. However, it is actually quite complex, especially when different organizations are involved. We can see this in the event log from a shipping carrier, which shows a shipment being sent from Frankfurt, Germany, through the delivery network, and eventually arriving in Paris, France. Initially, the German shipping company Deutsche Post is in charge of transporting the package, then it is handed over to the French shipping company La Poste, who is responsible for delivering it to the recipient. If the package were to be lost during transit, the event log would make it possible to determine where exactly it went missing and who is responsible. Nonetheless, such deduction may not always be so straightforward. and who is to blame based on the event log. However, this is not always the case.
When collaborating between organizations, potential issues of trust may arise, especially regarding confirming that an event happened. To prevent any potential claims for reimbursement from other involved parties, organizations must be able to demonstrate that the event did, in fact, occur [7].
Blockchain technology can be used to guarantee non-repudiation by creating a decentralized event log [8]. This log will store the incident and related information immutably in a distributed shared ledger. The data related to the event will be encrypted and added to the ledger as a transaction, while the original text will be dispersed beyond the chain to other relevant parties. These participants can verify the validity of the event by matching the on-chain hash with the hash obtained from off-chain.
The trust pattern recently implemented in the logistics domain utilizes blockchain technology to log SLA violations detected by IoT devices during the delivery of high-value parcels. Despite its potential, this pattern is limited due to the capability of organizations to keep an event occurrence concealed and not record it to the blockchain. As a result, blockchain technology can be used to create a shared audit trail that gives organizations a reliable way to guarantee non-repudiation of events that occur [9].
For this use case we have created Trust Trail, a blockchain-based tracking platform that monitors the carbon capture supply chain. This application utilizes blockchain technology to save attestations and evidence in an unchangeable shared audit record of the process. Even though someone might attempt to create false proof, it can be attested to by various individuals in the process, forming a decentralized network of actors with an audit trail on their activities. This offers a clear advantage over other organizations that produce certificates but count on a centralized authority.
In the next article of this series, we will show how the Trust Trail platform makes use of shared audit trails.
Follow us on LinkedIn or directly get in touch if that topic is close to you.
[1] https://www.deeptechcenter.org/post/analysis-shows-over-90-of-rainforest-carbon-offsets-from-largest-certifier-are-ineffective
[2] https://verra.org/
[3] https://www.shell.com/
[4] https://www.rossmann.de/
[5] https://www.auditboard.com/blog/what-is-an-audit-trail/
[6] https://www.investopedia.com/terms/a/audittrail.asp
[7] Müller, Marcel & Ostern, Nadine & Rosemann, Michael. Silver Bullet for all Trust Issues? Blockchain-based Trust Patterns for Collaborative Business Processes. 10.13140/RG.2.2.23651.58402, 2020.
[8] Pradipta K Banerjee, Pooja Kulkarni, and Harshal S Patil. Distributed logging of application events in a blockchain, June 11 2019. US Patent 10,320,566.
[9] Marcel Müller, Sandro Rodriguez Garzon, Martin Westerkamp, and Zoltan Andras Lux. Hidals: A hybrid iot-based decentralized application for logistics and supply chain management. In 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), pages 0802–0808. IEEE, 2019.
.png)