The Internal Auditors’ Perception of Blockchain Technology Implementation in Companies’ Business Activities

the research problem was related to internal auditors’ perception of implementing BCT in their companies’ business activities. Based on the conducted critical literature review, we developed the following research hypothesis: internal auditors who work in a company where BCT is already implemented in its business activities will have a favorable view of the implementation of BCT in the company’s business activities compared to internal auditors whose company does not currently use and have no plans to implement BCT in the following years. To test research hypothesis, survey research was conducted among internal auditors in Croatia. We obtained responses from 77 internal auditors from different sectors. Collected data were analysed by applying multiple regression analysis. Obtained results indicated that there exists a statistically significant relationship between internal auditors’ perception of implementing BCT and companies’ application level of BCT.


Introduction
Today exist numerous primary and secondary digital technologies, which are completely changing the world we live and work in, and new ones, more advanced, more innovative and more disruptive are on the horizon.Artificial intelligence, cloud computing, big data, internet of things, robots, drones, robotic process automation, augmented, virtual and mixed reality, nanotechnology, machine learning, 3D printing, blockchain technology (BCT), to name a few, have become an integral part of our daily working and private lives.We cannot anymore imagine ourselves without being constantly 'connected' and without our phones, laptops, gadgets, social media, etc.As information and communication technologies (ICTs) have an impact on our private lives, they also have a significant impact on the corporate world, which can be observed throughout its financial and non-financial consequences.Various ICTs' implementation and usage drastically reduced transaction costs for companies, by lowering entry barriers for startups and enabling established companies to expand into adjacent areas (Tapscott & Tapscott, 2017, p. 11).Modern ICTs are becoming more inexpensive, readily available, and customized for mass market consumption (Sanglier, 2018, p. 3).This means that these ICTs are becoming more available to all types of companies, from micro companies to large corporations, and not only reserved exclusively for the large ones, as it was in the past, allowing startups and newcomers to the market to succeed, which significantly increases competition for traditional established large multinational corporations, that also need to innovate or they will disappear from the globalized market.
Besides their positive sides, ICTs have also negative ones, but companies' governance structures need to be proactive and turn this negative sides into positive onespossibilities for success and competitive advantage.Therefore, companies of today need to be extremely cautious, proactive and agile, and successfully manage crisis.They must implement relevant controls that need to be and stay up-to-date, and effectively and efficiently manage risks related to new technology implementations and usage in their day-to-day business operations and their core business functions.It is very important to pay special attention at the interconnectivity of various different technologies, and not to look at the impacts of just one individual technology on companies' business activities.Even though every technology is a disrupter for some company's business activities or functions, it is much more important to consider how different ICTs can interact, evolve and reshape ways of working, from production to delivery, from customer services to marketing, from strategical to project governance (Sanglier, 2018, p. 8)."The individual impact of each technology can be multiplied when it is combined with other types of digital technology" (Kloch & Little, 2019, p. 6).Considering that, a term 'metaverse' has been developed.The metaverse is a paradigm that uses different digital technologies for creation of a three-dimensional environment where physical and digital worlds interact enabled by modern disruptive, high-end ICTs, including BCT (Lubetsky, et al., 2022, p. 3).The metaverse is something just alike a 'mirror world' where "each object in the physical world will have a representation in the mirror world, and continuously update the information about conditions, locations, surrounding environment, history, etc., to the virtual representation" (Dai & Vasarhelyi, 2016, p. 8).There internal audit 4.0 will take place.Internal audit 4.0 will use digital tools for data collection inside and outside the company via a network in a near-real time and apply innovative data analysis techniques for oversight and monitoring core business activities that will significantly facilitate governance structures' decision-making processes (Dai & Vasarhelyi, 2016, p. 13).It is, therefore, crucial that internal audit functions adapt to their companies' changes and needs, to be able to provide value and protection their companies and its governance structures require (Minnaar & Fisher, 2022, p. 2).
Therefore, regarding technological innovations and disruptions, companies' governance structures need continuous and agile insights, professional opinions, as well as proactive and innovative advices by an independent, objective and proactive internal audit functions, as the third line of defense in an effective risk management and control in a digital era.
Based on everything previously stated, the objectives of the research aroused: 1. to theoretically analyze the roles and types of engagements though which internal auditors can provide relevant results to governance structures regarding the BCT implementation in their companies' business activities.2. to empirically investigate the internal auditors' perception of the BCT implementation in their companies' business activities in order for them to be ready and capable of conducting the appropriate internal audit engagements.
In this paper the focus was on BCT and its impact on companies' business activities as perceived by internal auditors, because this prominent ICT is described as a key game changer or emerging disrupter technology of the future by different authors (Tapscott & Tapscott, 2017;Sanglier, 2018;Kloch & Little, 2019;Blau et al., 2022;Chedrawi & Howayeck, 2018;Spremić, 2018;Xu et al., 2019;Khan et al., 2021;Tušek et al., 2021a;Tušek et al., 2021b;Elommal & Manita, 2022;Manzoor et al., 2022;Yaqoob et al., 2022;Onjewu et al., 2023).Furthermore, internal auditor is in the best position in a company to give the company's governance structure an objective, timely and innovative reasoning regarding this ICT and its impacts on business activities though 'second pairs of eyes and ears'.
To achieve research objectives defined in this paper, relevant scientific and professional literature was critically analyzed, after which empirical research in the form of a survey research was conducted on a sample of internal auditors in the Republic of Croatia, and then collected primary data were analyzed by appropriate data analysis techniques.
This paper is structured as follows.After the introduction, in the second section a literature review about BCT implementation in companies' business activities and internal auditing of BCT in companies' business activities is given that formed the basis for research hypothesis development.The third section describes the data and methodology used for testing the research hypothesis.Furthermore, in the fourth section the research results are shown and thoroughly described, which is followed by a discussion and concluding remarks in the fifth section that also incorporates research limitations followed by statement of the future research avenues.

The Blockchain Technology Implementation in Companies' Business Activities
Distributed ledgers have a long history, dating back to 4100 BCE in Mesopotamia, when they were represented by clay tablets, further developing through paper ledgers-books, ledgers stored onto hard drives and finally developed as distributed ledgers stored into the cloud and assisted by BCT (Sanglier, 2018, p. 13).Essentially, BCT can be described as a form of distributed ledger (Sanglier, 2018, p. 13), meaning it is a database with permanent record of transactions shared across a network of connected devices (Kloch & Little, 2019, p. 4)."The ledger is controlled by a series of keys and signatures, which both maintain the ledger's transparency and accuracy and ensure its safety" (Sanglier, 2018, p. 13).BCT is shown as an innovative, secure intermediary that could replace traditional intermediaries, like banks, governments, big tech companies, whose primary and basic purpose is to establish trust and maintain integrity (Tapscott & Tapscott, 2017, p. 10).BCT is, therefore, a protocol for recording transactions, or a way of doing things, and should not be just considered as a single technology (Han et al., 2023, p. 3).
The facts that BCT is distributed, public, and encrypted, are its main advantages, because this means that it cannot be hacked, anyone has access to it at any time, and it is extremely secure technology (Tapscott & Tapscott, 2017, p. 11).Even though BCT transactions are anonymous and encrypted, there still exist a risk of data hacking (Xu et al., 2019, p. 9).Besides security threats and other known and unknown vulnerabilities related to BCT, there also exist legal issues and challenges related to reliance on 'off-chain' resources, immutability, scalability, and consensus mechanism issues (Khan, 2021(Khan, , pp. 2901(Khan, -2918)).
From the underlying technology for digital currencies, BCT can now be applied to variety of business processes and companies in various industries, e.g.financial services, healthcare, software development, manufacturing and food production, transportation, disaster relief operations, etc. (Kloch & Little, 2019;Manzoor et al., 2022;Yaqoob et al., 2022).BCT can be largely applied in many areas of finance, like banking, capital markets, internet finance, and related fields (Xu et al., 2019, p. 9).Companies' governance structures can leverage BCT to gain an advantage over their competitors, especially for accounting settlement and crowdfunding, data storage and sharing, supply chain management, and smart trading (Xu, 2019).Authors Tapscott and Tapscott (2017, p. 11) believe that BCT will transform how companies are organized and managed, because it eliminates transaction costs, allows usage of externalized resources, enables vertical integration, and most importantly enables delivering added value to stakeholders.BCT has an ability to transform every business function in a company, like human resources and procurement, finance and accounting, sales and marketing, legal affairs, etc. (Tapscott & Tapscott, 2017, pp. 11-12).
For BCT and smart contracts is predicted they will resolve key problems that traditional centralized governance structures have, and that is the principal-agent dilemma and high transaction costs of coordination (Chedrawi & Howayeck, 2018, p. 12).Furthermore, authors Chedrawi and Howayeck (2018, p. 12) are also predicting that BCT implemented in companies' business activities, which are continually audited and assessed by internal auditors, will secure the transparency between principals and agents, while minimizing or completely removing the information asymmetry and the moral hazard.Similarly have concluded authors Han et al. (2023) in their paper.
"Risk and regulatory functions are at the heart of successful transformation.Whether you're digitizing a single part of the organization, connecting the business around your customers, or rethinking the entire business model, you need these functions to assess what could go wrong, how to mitigate it, and how to create stakeholder trust at every turn" (Minnaar & Fisher, 2022, p. 2).In other words, internal audit function helps create trust, which is seen as an ultimate business enabler (Minnaar & Fisher, 2022, p. 2).

Internal Auditing of Blockchain Technology in Companies' Business Activities
According to the Definition of Internal Auditing set by the Institute of Internal Auditors Global, internal auditing can be defined as "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations.It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes" (The Institute of Internal Auditors Global).As can be seen from the Definition, two core types of internal audit engagements are assurance and consulting engagements.These types of engagements cannot always be easily distinguishable, but on the contrary, combined in one single engagement, that is then called blended engagement (Anderson, 2017, p. 15.9).The main results of these internal audit engagements are opinions, advices, and insights.
The BCT has multiple impacts on the internal audit function, as it changes the object and subject of internal audit engagements, the internal audit practices, its tools and techniques, as well as internal auditors' skill sets (Sanglier, 2018;Chedrawi & Howayeck, 2018;Tušek et al., 2018Tušek et al., , 2021aTušek et al., , 2021b)).
Some research results show that internal audit functions are starting to respond to BCT implementation in their companies' business activities in recent years, but that the internal audit profession is still lagging behind the practitioners in this field (Kloch & Little, 2019, p. 4).Therefore, internal auditors' professional institutions need to start preparing internal auditors for new disruptive technologies (Hatane et al., 2023, p. 1).Internal audit practitioners will be directly or indirectly affected by BCT.Directly when either their companies or their internal audit functions embrace and implement BCT in their business activities, and indirectly when companies' suppliers, customers, or other third parties embrace BCT in their daily activities (Kloch & Little, 2019, p. 5).So, internal auditors will need to provide complex assurance engagements whose objectives will be BCT enabled and transformed companies' business activities (Chedrawi & Howayeck, 2018, p. 12).It is the assurance engagements that will ensure the internal audit profession's survival in a digital era (Chedrawi & Howayeck, 2018, p. 12).Through conducting assurance engagements, internal auditors will need to assess whether the individual components of BCT, like permission, encryption, cryptographic code, smart contract transaction codes, functionality, and security, etc., are functioning properly (Kloch & Little, 2019, p. 10).Besides assurance engagements, internal auditors can provide, enhance and protect added value to company's governance structures by conducting consulting and blended engagements.
Technological disruptions, including BCT, necessitate and enable internal audit practices innovations.Some of these innovations include continuous auditing, that tends to minimize errors and maximize fairness of the internal audit process (Lois et al., 2020, p. 206).According to the research conducted in Greece on a sample of 105 internal auditors, the implementation of continuous auditing is positively affected by the creation of virtual teams, deployment of remote auditing, and self-protection actions against cyber-attacks (Lois et al., 2020).The internal audit innovations include also the transformation of traditional four-phased internal audit process to a more agile and iterative process (Sanglier, 2018, p. 61).
As any other, still developing, technology, BCT has its positive and negative sides for internal auditing.Regarding positive sides, BCT increases the effectiveness and efficiency of the internal audit process, allows internal auditors to cover and test the whole population of transactions and focus on testing controls, forges continuous auditing, allows for developing new types of internal audit engagements, all of which enable that internal audit function can play a more strategic role in a company (Chedrawi & Howayeck, 2018;Elommal & Manita, 2022;Han et al., 2023;Lois et al., 2020).Considering negative sides that BCT poses for internal auditing, the most challenging surely represents the need for internal auditors' constant education and training in the technological field of BCT, which significantly raises the costs for internal audit functions, and it is definitely time-consuming (Kloch & Little, 2019;Minnaar & Fisher, 2022;Tušek et al., 2021b;Elommal & Manita, 2022).Furthermore, the transformation of internal audit practices, tools and techniques, as well as function's internal organizational prerequisites, or in other words, internal audit function's adaptation to companies' BCT needs is also definitely a challenge (Kloch & Little, 2019;Minnaar & Fisher, 2022;Tušek et al., 2021a;Elommal & Manita, 2022).
To be able to add, enhance and protect their companies' value in a digital era though assurance, consulting and blended engagements' results, internal auditors need to innovate their skill sets.Existing 'traditional' auditing skills will always be in demand, but they will need to be complemented with process expertise, knowledge of BCT and other disruptive ICTs, knowledge of technological developments and trends, IT controls knowledge, data knowledge, change management skills, etc. (Sanglier, 2018, pp. 61-62).This means that modern internal auditors in a digital era need to possess a mixture of strategic, behavioral, data utilization and technology skills, of course in addition to auditing skills (Minnaar & Fisher, 2022, p. 10).
Therefore, internal auditors especially need to be familiar with and learn about ICTs, including BCT, that are planned to be implemented or used in their companies' business activities.Internal auditors will need to acquire basic knowledge about the functions and risks of the BCT in order to be able to "leverage new methods and tools for validating blockchain networks' structure and viability, for evaluating the effects blockchain transactions will have on their organizations' risk exposures, and for assessing the appropriateness and effectiveness of the risk mitigation efforts associated with blockchain transactions" (Kloch & Little, 2019, p. 5).
Internal auditors' states of mind need to be complemented with curiosity and flexibility, so they can constantly learn (Sanglier, 2018, p. 62).Today more than ever before is crucial that internal audit functions stay independent, and internal auditors' objective, but this cannot be an excuse for not being involved in companies' technological transformational projects (Sanglier, 2018, p. 62).
Scientific and professional empirical research regarding the BCT and internal auditing are still very scarce, but some of them exist globally (Kloch & Little, 2019;Hatane, 2023), and in the Republic of Croatia (Tušek et al., 2021a(Tušek et al., , 2021b)), but the themes and topics of these researches are scattered.There is more literature on this topic that can be defined as conceptual or theoretical literature reviews (Sanglier, 2018;Minnaar & Fisher, 2022;Chedrawi & Howayeck, 2018;Han, 2023;Tušek et al., 2018).
According to a research conducted by the Institute of Internal Auditors' Audit Executive Center in collaboration with the Internal Audit Foundation and Crowe, internal auditors who participated in a survey had a very low perception regarding the usage or planned usage of BCT in their companies' business activities, as three quarters (76.6%) of the respondents were not aware of companies' BCT usage or planned BCT usage in their companies (Kloch & Little, 2019, p. 11).Furthermore, according to them, the largest obstacles for companies' plans to use or actual BCT usage in their activities are basic lack of understanding of BCT, lack of resources, late adopters, and other business reasons, as competing priorities (Kloch & Little, 2019, p. 12).
Authors Tušek et al. (2021a) concluded, based on the conducted empirical research on a sample of 169 internal and external auditors in the Republic of Croatia, that auditors are aware that for auditing companies' business operations supported by BCT they need to apply advanced analytical procedures, as well as to possess excellent knowledge about analytical procedures and BCT.Research results revealed that auditors possess below average knowledge in the respected fields, and therefore need to attend specialized educations (Tušek et al., 2021a(Tušek et al., , p. 1385)).Also, it was revealed that external auditors are readier to audit BCT than internal auditors (Tušek et al., 2021a(Tušek et al., , p. 1385)).
According to research results of a survey conducted on a sample of 172 internal and external auditors in the Republic of Croatia, it is evident that both types of auditors have a common opinion that they need to possess a high level of expertise in the advanced analytical procedures to audit BCT assisted business activities (Tušek et al., 2021b, p. 58).This situation necessitates internal and external auditors' education in fields of BCT and data analytics techniques (Tušek et al., 2021b, p. 59).
According to research conducted in Indonesia on a sample of 202 internal auditors, the perceived usefulness of metaverse technology and perception of external control are significantly influencing the internal auditors and their companies' intention to adopt metaverse (Hatane et al., 2023, p. 1).Furthermore, research results also revealed that internal auditors' perception on the usefulness of adopting metaverse technology is relatively low, because they do not feel that metaverse is helpful in making their job more efficient (Hatane et al., 2023, p. 10).This means that internal auditors' perception about BCT implementation in their companies' business activities is rising and that BCT is, but still at the slower pace, entering on the internal audit agendas.
Author Sanglier (2018, pp. 53-61) proposed a concept or an approach for auditing disruptive technologies, including BCT, by internal auditors that is based on the five pillars described in more detail in Table 1.
A Concept for Auditing Disruptive Technologies Pillar Description Uunderstand -internal auditors must have a clear understanding of the company's current technology (governance) strategy, plans and initiatives -internal auditors need to be involved in regular discussions regarding ICTs implementation from the outset -internal auditors need to understand the universe of specific risks associated with respected ICT Pparticipate -internal audit function should be part of the disruption program(s) -internal auditors need to be familiar with the latest developments in the specific ICTs with which their companies are engaged, as well as with related risks -internal auditors need to be proactive and visit companies, vendors, and other experts to be completely familiar with and have right, up-to-date knowledge about specific ICT and its expected impacts internal auditors' education in disruptive ICTs is and will be a lifelong process -internal auditors need to give advice on risks and controls needed for every strategy; on compliance controls for safety, environmental and other regulatory requirements; on whether all parties have been included Llead -internal audit function's leaders should discuss with company's and business functions' leaders regarding disruptive ICTs programs, even if the company has not yet engaged in ICTs' programs -internal audit function can show leadership in the development of appropriate organizational, customer, and supplier policies that are compliant with regulatory requirements internal audit function's leaders should independently and objectively report on risks and projects to supervisory committees -the internal audit team should communicate how its own risk assessment processes and audit methodology has been impacted by such ICTs Vvolunteer -internal audit function's leaders should volunteer audit resources to partner on pilots of other implementation phases -volunteering may entail consulting on changes to policies, roles, and controls OMoversight and monitoring -internal audit function can objectively assess whether proposed complexity adds or detracts from the company's overall value proposition -after the project implementation, the internal audit function needs to schedule an audit, or procure one from and external provider if internal auditors where closely involved in the design and build -internal audit function should perform an audit of ICT post-implementation success, including assessing the current implementation and making recommendations about improvement to the ROI process itself -Source: (Sanglier, 2018, pp. 53-61).
According to all previously theoretically analyzed and elaborated, we assumed that internal auditors employed in companies that have already implemented or have plans to implement BCT in their business activities within the next year have a better perception of the implementation of BCT in companies' business activities compared to internal auditors whose companies do not use and have no intention to implement BCT in their business activities in the forthcoming years.In this research, we define internal auditors' perception as their ability to understand, be aware, be familiar with, and prepare to acquire additional skills needed and be ready and able to audit BCT supported business activities.So, our conducted literature review resulted with the statement of the following research hypothesis: H1: Internal auditors who work in a company where BCT is already implemented in its business activities will have a favorable view of the implementation of BCT in the company's business activities compared to internal auditors whose company does not currently use and have no plans to implement BCT in company's business activities in the following years.

Data and Methodology
Data needed to test the research hypothesis were gathered via a survey distributed to internal auditors in the Republic of Croatia in April 2020.Respecting the fact that there is no comprehensive database of internal auditors in the Republic of Croatia, and considering also that only public sector entities and financial institutions are obliged to have internal audit functions, we collected needed information by using official and unofficial sources.Thus, thanks to the Croatian legislation, we determined the number of certified internal auditors in the public sector using a publicly available database managed by the Ministry of Finance.The source 283 active certified internal auditors in the public sector in December 2019.
Using data from the Croatian Financial Services Supervisory Agency, we found the number of financial institutions, including credit institutions, insurance companies, leasing entities, investment funds, etc., that are obliged to implement internal audit functions.
Unfortunately, for private sector companies, there is no legal obligation to form an internal audit function; thus, there is no official number of functions within the private sector.Nevertheless, we collected e-mail addresses for 302 internal auditors and distributed our survey via Lime Survey.Within two weeks, we managed to obtain responses from 77 internal auditors from different sectors, making a response rate of 25.50%.As expected, the most significant number of internal auditors in the research are employed in the public sector, considering that it is the largest pool of internal auditors in the Republic of Croatia.Thus, public sector internal auditors make 77% of total observations, followed by internal auditors employed in financial services with 17%, and the least number of internal auditors who participated in the survey are employed in private sector companies (Table 2).Nevertheless, our sample structure adequately represents internal audit professionals in the Republic of Croatia.Considering that most internal auditors in the research are employed in the public sector, we used the term 'an entity' instead of 'a company' to describe obtained results in the results section.
To test our research hypothesis, we applied a multiple regression analysis.By applying a multiple regression model, we tested the relationship of a dependent variable (Y) with two independent variables (xi) and the effect of sector designation by using a dummy variable (di).Thus, the multiple regression model in a general form can be written as (1) (Bowerman et al., 2016, p. 616): in which α0 is intercept, βi where i = 1, 2, 3, …, k represents regression coefficients, δi where i = 1, 2, 3, …, k represents dummy variable coefficients, and ε is an error term.A prerequisite of applying a linear multiple regression model is the existence of independence between residuals, i.e., autocorrelation between residuals equals zero.This independence is often tested using the Durbin-Watson (DW) test, where the acceptable value of the test is in a range between 1.50 and 2.50 (Garson, 2012, p. 47).When the value is 2, perfect independence exists.Additionally, independent variables assume that there is no multicollinearity problem which is usually tested by applying the variance inflation factor, i.e., the so-called VIF score, where its value of less than five means no multicollinearity problem (Garson, 2012, p. 45).
Therefore, taking into account our research problem, as a dependent variable we choose internal auditors' perception of BCT implementation in entities' business activities (IA_perc), and as independent variables we used the state of BCT application in entities' business activities (ENT_app), as well as the level of application of advanced ICT tools and techniques by internal auditors to assess their progress level (IA_ICTapp).In that context, we asked internal auditors about their perception of entities using BCT in their transactions in the following five years (IA_perc).Offered answers were nominal variables, which we coded to be applicable to our research.Thus, if internal auditors answered that less than 20% of transactions would be processed by applying BCT, the answer was coded one; if they answered that between 20% and 50% of transactions would be processed by applying BCT, the answer was coded 2, and finally, if they answered that more than 50% of transactions would be processed by using BCT code 3 was assigned.The question regarding the application of BCT in the business activities of an entity (ENT_app) offered five application levels, from 1 (no plans to develop and use BCT in business activities) to 5 (BCT is actively used in entity's business activities).Additionally, as an independent variable, we included questions regarding the application of advanced ICT tools and techniques by internal auditors (IA_ICTapp) measured on a 5-point Likert scale, where 1 represents no application at all, and number 5 represents applications of advanced ICT tools and techniques.Finally, considering the fact of unequal distribution in a number of observations between different sectors, we included a dummy variable with three observations (public sector -d0_public, financial sector -d1_financial, private sector -d3_private) into the model as a control variable.Therefore, based on (1), the final model can be written as (2): Additionally, we used the Kruskal-Wallis test to test if there exist statistically significant differences between internal auditors' perceptions in different sectors.The test is a nonparametric variation of the parametric ANOVA test based on ranks used to assess if observed distributions are the same.Thus, an empirical p-value higher than 0.05 indicates that distributions are the same and there are no statistically significant differences between the observations.

Research Results
As earlier elaborated, our research aims to investigate the internal auditors' perception of their view regarding the implementation of BCT in the business activities of their entities.We assumed that those internal auditors in whose entities BCT is already implemented, or implementation plans exist have a better perception of the implementation of BCT within business activities of their entities within the next five years compared to internal auditors whose entities do not have implementation plans.Thus, our focus in this research are Croatian internal auditors.A total of 77 internal auditors participated in our research.Of the total respondents, 55 or 65%, are female, and 27 or 35% are male internal auditors.The most significant number of respondents, 84%, have more than ten years of working experience.Only 4% of the research participants have less than five years of working experience (Table 3).Thus, we can conclude that the sample consists of experienced internal auditors.Except for great experience measured by the number of working years, internal auditors in our sample are mostly certificated.On average, they have 1.22 certificates.Over half are certified internal auditors, and 65% are certified internal auditors in the public sector.The lowest number of internal auditors covered by the sample have certificates for statutory auditors, only 6% of total respondents.The highest percentage of 70% of internal auditors are male with certificates for internal auditors in the public sector (Table 4).Perception of internal auditors on the implementation of BCT in entities' business activities within the next five years observed by sector is also low, as in the case by gender.Internal auditors in the financial and private sectors have the lowest possible perception regarding BCT implementation, i.e., all respondents in the sample rated it with the lowest grade.Perception of internal auditors in the public sector is slightly more favorable, with an average grade of 1.0678 (Table 5).Again, applying the Kruskal-Wallis test, we tested differences between distribution by sector and concluded that the distribution across sectors is the same (p-value 0.736).6).Thus, additional factors affect internal auditors' perception of the implementation of BCT in the business activities of entities; however, entities' BCT application and application of ICT by internal auditors explain significant variability in their perception.The result of ANOVA confirms that the model is statistically significant, i.e., its p-value is 0.000.According to the results of collinearity statistics, the VIF score indicates no multicollinearity between independent variables.For all observed independent variables, the VIF score is between 1.033 and 1.084, suggesting that they are not correlated in the context of the multiple regression model (Table 7).Detailed results confirm the statistical significance of independent variables in the model.Entities' application or plans for implementing BCT in their business activities is statistically significant for internal auditors' perception of the implementation of BCT in the entity's business activities.Thus, if the application or plans to implement BCT in business activities of the entity increases by 1, the perception of internal auditors on the implementation of BCT will increase by 0.217 (Table 8).Taking these results into account, we accepted our research hypothesis (H1) that internal auditors who work in a company where BCT is already implemented in its business activities will have a favorable view of the implementation of BCT in the company's business activities compared to internal auditors whose company does not currently use and have no plans to implement BCT in company's business activities in the following years.Additionally, we found a statistically significant but negative effect of internal auditors' ICT application on their perception of BCT implementation, i.e., if the application level increases by 1, the perception will decrease by 0.043.There seems to be skepticism among internal auditors with advanced ICT skills regarding the broad application of BCT in companies' business activities in the coming years.This skepticism is reflected in the negative relationship between internal auditors' perception on the implementation of BCT in companies' business activities and the application level of advanced ICT tools and techniques.

Conclusion
Internal auditors are employees whose assurance and consulting engagements cover every business function, activity and process of a company.Their activities include performing internal audit engagements to add value and improve the effectiveness and efficiency of all corporate operations, strategies, systems, control procedures, and the company at every level.
That is also the case with implementing new technologies in business processes, including possibilities for implementing BCT in the company's business activities.As a novel technology, BCT has numerous possibilities for improving companies' business activities, as well as internal audit functions' ways of working, because it represents, in its essence, a way of conducting activities or a way of doing things.On the other side, BCT is not without its downsides, challenges and obstacles for implementation and application in companies and internal audit functions.BCT can be implemented and applied to various industries and business activities, including financial services, healthcare, manufacturing and food production, transportation, software development, etc.It is especially appropriate for data storage and sharing, smart trading, accounting settlement and crowdfunding, and similar business processes.BCT is very hard to be hacked, it is always accessible, anonymous and highly secure technology.These are BCT's main advantages.Regarding main challenges and obstacles for its application, it can be concluded that there exist risks of data hacking and other legal issues.Regarding BCT application in internal auditing field, it can be stated that BCT increases the effectiveness and efficiency of internal auditing by allowing internal auditors to cover and test the population of data and by enabling continuous auditing.To be able to incorporate BCT in their ways of working, it is necessary that internal auditors' constantly educate and train themselves in the field of BCT.
Thus, internal auditors' perception of implementing technology like BCT is a starting point for specialized education, upcoming changes in the internal audit methodology and internal auditors' approach to auditing business activities and processes that are affected by BCT.The main objective of this paper was to analyze and investigate the internal auditors' perception of implementing BCT in their companies' business activities.In that context, we assumed that internal auditors employed in companies that have already implemented or have plans to implement BCT technology in their business activities within the next year have a better perception of the implementation of BCT in companies' business activities compared to internal auditors whose companies do not use and have no intention to implement BCT in their business activities in the forthcoming years.To investigate this research objective, we conducted a survey among Croatian internal auditors and obtained responses from 77 examinees.We analyzed the data using appropriate descriptive statistics and a multiple regression model.Our results indicated that there indeed exists a statistically significant relationship between internal auditors' perception of implementing BCT and companies' application level of BCT.Thus, the higher the level of application of BCT in companies' business activities, the greater the internal auditors' perception of the implementation of BCT.This result indicates that those internal auditors whose companies are using or plan to use BCT in their business activities are better informed and have a better perception of BCT in general.
However, the negative relationship between internal auditors' perception and the application level of advanced ICT tools and techniques indicates the existence of certain skepticism of ICT-skilled internal auditors for the broad application of BCT in all business activities in forthcoming years.The limitation of this research is obtaining only primary data on internal auditors' current approaches and perceptions of advanced technology applications and opportunities.Thus, future research may focus more on specific data analytics techniques and ICTs' tools applied by internal auditors, as well as various contemporary technologies that can improve the effectiveness and efficiency of companies' business activities.
The implications of not possessing the knowledge and skills regarding the application and auditing of emerging technology, including blockchain, for internal auditors can result in reduced audit efficiency and accuracy, increased risk of fraud and corruption, inadequate recognition of cyber risks, and lower competitiveness.Therefore, acquiring appropriate knowledge and skills is necessary to ensure that audit results remain reliable and effective.Furthermore, internal auditors must adopt new technologies and data analytics techniques to be competitive and to be able to deal with upcoming ICT changes in companies' business activities.

Table 2 .
Structure of Internal Auditors Included in the Research by Sector

Table 3 .
Structure of the Internal Auditors Included in the Research by the Gender and Years of Experience

Table 4 .
Structure of the Internal Auditors Included in the Research by Certification and Gender

Table 6 .
MultipleThe Durbin-Watson test results indicate no autocorrelation problem, i.e., no autocorrelation in the residuals, as its value is 2.123.R-squared suggests that the multiple regression model fits observed variables well.The model explains 40.7% of the variability of the dependent variable (Table

Table 7 .
ANOVA Table for Multiple Regression Model