This is a bit of a narrow view of a very vague term. Having worked with many different sizes of organisations i can say that the responsibilities of whomever is labelled CTO are completely arbitrary. The only thing you can establish is that they are the person accountable for the technology decisions.
Sometimes that's a legacy developer, sometimes that's the first sys-admin.
Sometimes it's the VP of engineering.
Sometimes that's the person that maintains the best relationships with software vendors.
Sometimes it's the person that was hired externally to explain the tech to the CEO and let's them make informed executive decisions.
Sometimes it's just a public figure used to promote the org and maybe do DevRel.
Sometimes it's the Architect that designed the ecosystem.
Sometimes it's the ancient programmer that has kidnapped the entire codebase so that no-one else can sanely work on it.
Sometimes it's a six sigma type that setup the ticketing system, PRs and the release process.
At any size, the CTO is whatever the org needs him to be at that point.
Audit logs and Access control paper trails.
Security event logging has to be:
These three requirements are tricky and often conflicting. Block-chain might be an inefficient way to achieve these, but the glove does fit quite neatly.
Logistical paperwork
These kinds of documents require multiple stages of matching and approval by untrusted 3rd parties. There are dozens of ecosystems of interacting systems that support processing these documents, but most people still use paper. Paper is more reliable when you need to deliver a container full of diapers from Poland to North Sudan. It's more reliable but incredibly prone to fraud and forgery. Having all of these approvals and transactions tracked on a blockchain and letting different systems interact with the same chain, would make it possible without each ERP having a rest API to each other ERP.