The AICPA on Thursday published nonauthoritative guidance on how to audit digital assets such as cryptoassets.
The guidance was added to the free practice aid Accounting for and Auditing of Digital Assets. The AICPA created the practice aid in December with nonauthoritative guidance on accounting for digital assets.
The practice aid defines digital assets broadly as digital records made using cryptography, for verification and security purposes, on a distributed ledger. Examples of digital assets include the cryptoasset bitcoin, which operates on the bitcoin blockchain, and ether, which operates on the Ethereum blockchain.
Thursday’s additions to the practice aid provide auditors with information to consider when assessing whether to accept or continue audit engagements that involve digital assets. With the digital assets ecosystem evolving rapidly, accounting firms will need to perform evaluations to make sure that they accept only the client relationships and engagements for which the audits can be performed in accordance with professional standards and applicable legal and regulatory requirements to enable an appropriate auditor’s report.
What’s new in the practice aid
The material published Thursday adds 20 pages of nonauthoritative auditing guidance to the 10 pages of nonauthoritative accounting guidance released in December. The new content is designed to help firms evaluating potential auditing engagements involving digital assets to assess items such as:
- The audit firm’s current industry expertise and understanding of digital assets.
- Management’s competencies and capabilities to maintain the entity’s books and records and secure its assets.
- The client’s integrity and commitment to compliance with laws and regulations and its overall business strategy and the role the entity serves or intends to serve within the digital assets ecosystem.
“Overconfidence in the digital assets ecosystem is a real risk,” said Amy Steele, CPA, Audit & Assurance partner, Deloitte & Touche LLP, chair of the AICPA Digital Assets Working Group, which produced the guide. “This practice aid is a great step at highlighting some of the unique challenges and considerations for auditors seeking to perform audits in this ecosystem.”
The material published Thursday examines relevant professional standards, challenges specific to digital areas, and procedures specific to digital assets in four main categories:
- Auditor skill sets and competencies.
- Management skills sets and competencies.
- Management integrity and overall business strategy.
- Processes and controls, including information technology.
The new content focuses on auditing digital assets under generally accepted auditing standards but does not cover audits of public companies, audits performed according to PCAOB standards, and nonaudit attest engagements. The auditing section also does not address ethics or independence considerations but did note that these considerations remain critical to an auditor’s conformity to professional standards and that engagements in the digital assets ecosystem may introduce new or different compliance risks warranting additional consideration by the auditor.
— Jeff Drew (Jeff.Drew@aicpa-cima.com) is a JofA senior editor.