Digital assets: Auditing, accounting, and what’s next

Hosted by Neil Amato

Accounting for and auditing of digital assets is evolving quickly. This episode passes on guidance from a CPA leader on the topic.

Amy Steele, CPA, is co-chair of the AICPA Digital Assets Working Group. She's also an audit partner at Deloitte & Touche LLP and serves as the firm's Global and US Audit and Assurance methodology leader for blockchain and digital assets. Steele is scheduled to present at the AICPA & CIMA Conference on Current SEC and PCAOB Developments. The conference agenda is here.

The episode also includes a news roundup, touching on topics that include the latest 12-month outlook of finance executives in business and industry and some of the key tax provisions in recently passed legislation.

What you'll learn from this episode:

  • An explanation of the existence assertion and valuation assertion as they relate to auditing digital assets.
  • Three challenges Steele sees related to valuation of digital assets.
  • Why Steele calls an AICPA practice aid related to digital assets "a living document."
  • The role of skill development in accounting for and auditing of digital assets.
  • A mention of some of the key tax provisions in the Build Back Better Act.
  • A roundup of several accounting news items, including an update on economic sentiment for 2022, a revised CPA Evolution Model Curriculum, and an apprenticeship path to the CGMA designation.

Play the episode below or read the edited transcript:

— To comment on this episode or to suggest an idea for another episode, contact Neil Amato, a JofA senior editor, at


Neil Amato: Welcome to the Journal of Accountancy podcast. This is senior editor Neil Amato. This is our first episode after Thanksgiving, and we've got a full plate of news for you in this episode, including a breakdown of tax provisions in recent legislation, a peek at economic sentiment for 2022, and expert commentary on accounting for and auditing of digital assets. You'll hear all that after this word from our sponsor.

Now joining the Journal of Accountancy podcast is CPA Amy Steele. Amy is a Deloitte audit partner and also the Global and US Audit and Assurance methodology leader for blockchain and digital assets. Amy is a co-chair of the AICPA Digital Assets Working Group and a presenter in a session at the AICPA & CIMA Conference on Current SEC and PCAOB Developments on the topic of digital assets. Amy, welcome to the podcast.

Amy Steele: Thank you. Happy to be here.

Amato: First, an annual PCAOB report released in October showed one emerging area of concern on this topic. Some auditors did not perform procedures to evaluate the sufficiency and appropriateness over the existence and valuation of cryptoassets recorded at year end. What should the auditors do to overcome this concern?

Steele: Sure, and while I don't have all the details related to the PCAOB's concerns in this space, I'm happy to highlight a few key factors auditors may consider and procedures auditors may perform as it relates to those assertions of existence and valuation of cryptoassets. Before I jump in, though, I want to emphasize a few important points. First, although the digital assets ecosystem is evolving very quickly, the role of the auditor doesn't change.

Fundamentally, the auditor still needs to obtain sufficient, appropriate audit evidence to address risks. The risks, the controls, and the types of evidence in the digital assets ecosystem are different and present unique challenges, but true to any audit, the more risk, the more evidence that's needed. Second, auditors may often encounter situations in which a combination of a test of controls and substantive procedures is required to respond to the specific risks of material misstatement. This is largely due to the complexity of the underlying blockchain technology, the unique risks, and the related audit challenges in gathering sufficient, appropriate audit evidence.

Then lastly, the nature of the timing and the extent of the substantive audit procedures to be performed is a matter of professional judgment and really depends on the specific facts and circumstances of the entity. Let's start with the existence assertion. There are a number of procedures auditors may perform to respond to existence risks. Such procedures will vary depending on the nature of the risks. It's really not a one-size-fits-all basket of procedures that I can say, "Take these procedures," and it's going to respond to the existence assertion. It's really triggered by the understanding of the entity and in particular, digital assets and processes that the company has.

But some of those procedures may include the following. If they use a third party to custody their assets, the auditor may inspect custodial agreements; they may inspect custodial statements; they may send confirmations to third parties. What's interesting in this space is when you send a confirmation to a third party, it's not an established institution that we're used to sending third-party confirmations to, so we don't have a regulated bank that we would be sending confirmations to. It's very important that the auditors pause and really evaluate the reliability of the confirmation response and think about if they can use it as sufficient and appropriate audit evidence.

Some other procedures for existence are similar to ones that we perform for other assertions, and it's really thinking through, how can you get comfortable that management controls the asset and also that the asset exists. We perform some interesting procedures around having management initiate some digital assets transactions to prove that the asset both exists and that they control it. We may also ask management to cryptographically sign a message. In that case, an auditor is giving a phrase or a word to management and asking them to initiate a message using their private key that demonstrates that not only does that key exist, but they have control over it. Those are two really interesting procedures that we perform.

We also pause to think about, can I rely on the blockchain itself? If we obtain evidence from a blockchain, can I use that evidence? How do I get comfortable that that blockchain is really telling the truth, that we're relying on it to do?

As it relates to the valuation assertion, that is another area that is very driven by the facts and circumstances at the entity. Some examples of some challenges here for digital assets — there are three big challenges I see.

One, there could be a lack of intrinsic value of the type of digital asset. Two, there can be challenges and identifying and assessing the principal or most advantageous market. And three, cutoff tends to be an interesting area given that the digital asset market is never closed. In each of these areas, that's very important for management to have consistent valuation policies and methodologies that they follow, that are orderly and reliable, and for auditors to evaluate, "Is there any bias in any of those estimates are judgments that management is using?"

Amato: The AICPA published nonauthoritative guidance on how to audit digital assets. I guess there was an update on that in summer of 2020, and as I said, you were co-chair of the working group that put that together. What sorts of guidance does that cover?

Steele: The AICPA practice aid is a living document. We initially published it in 2019, and we have been adding to it ever since. When we initially published it, the audit content that we focused on was related to client acceptance and continuance, risk assessment and controls. Then the third piece was laws and regs and related parties. I'll touch on each of these. The acceptance and continuance section of the practice aid is voluminous, and that is on purpose. Because as a working group, we felt it was very important for auditors to go through a number of considerations before taking on one of these engagements.

The four areas that we focus on in acceptance and continuance are auditor skill sets, management skill sets, management integrity and business strategy, and then processes and controls. I'll quickly touch on each of these. Auditor skill sets: auditing in the digital assets and blockchain ecosystem is different. It presents some unique challenges, unique evidence, a need for different audit tools, analytics, automation, and also changes in our talent perspective. The audit composition of these engagements may look different than for a manufacturing entity.

We may have specialists in cryptography, blockchain technology, data analytics, valuation. We felt as a working group it was very important in client acceptance and continuance for auditors to think about if they have the skill sets to be able to engage in the audit.

The next area we focused on was management skill set. It's important for auditors to think about if management has the skills to be able to support their books and records in this very technical space. We also emphasize the importance of management understanding the ever-evolving regulatory environment and laws, and if management has the right specialists that they need to be able to apply the financial reporting framework appropriately.

Then we pivoted to understanding the overall business strategy. This is very important because the business strategy in this space is evolving quickly. We're seeing new forms of digital assets, new use cases for blockchain technology. It's important to really understand the why behind what the company is doing, in order to evaluate if this is a company that we think can be audited and if there's an appropriate business reason for the engagement that they're doing. And lastly, controls. Controls are so important in the space.

We see very interesting controls around digital assets, safeguarding, transaction monitoring and reporting, and the controls related to using a third party to hold your digital assets. Controls are definitely king in this space. The practice aid also moved on to two areas after you accept or decide to continue and engagement with a company. Risk assessment underlines everything that we do in an audit. It's very important to understand the unique risks in this space and the unique controls that management may have. Then the last piece that we've released relates to laws and regulations and related parties. Here we took an approach that really providing some examples of the challenges specific to digital assets and audit procedures that auditors may consider as it relates to each of these topics.

Amato: In the Journal of Accountancy article on that topic, you said, "Overconfidence in the digital assets ecosystem is a real risk." Tell me some more about that overconfidence.

Steele: Yes, and I continue to believe that. We see in the digital assets ecosystem that things are rapidly evolving, and there's different use cases each day, new forms of tokens, digital assets that exist. It is so critical for auditors to really pause and understand the entity's specific role in the ecosystem, the digital assets they're engaging with, and why, in order to be able to perform an appropriate audit.

This is not a space where we have a template of here is how to go execute the audit and the exact procedures that you should perform. Because there are very unique ways that management uses digital assets. They secure digital assets. They transact with the digital assets. And auditors need to really understand that.

When I talk about overconfidence, that's where it's cautioning auditors to pause and think about the nature of the entity and why are they engaging in the particular digital assets that they are, in order to inform the risks and the response in the audit.

Amato: You mentioned it's a living document. What updates, if any, are planned to the guidance?

Steele: We have an update that is on the horizon that should be very helpful to the practice. It relates to service auditor's reports. In the digital asset ecosystem, we see a lot of entities using third parties to secure their digital assets. A number of times those third parties do not have service auditor's reports.

When management is securing their bitcoin or ether, whatever the digital asset may be, with that third party, they're left without the comfort of an auditor that has opined on those particular controls. We also see in the space, some of those service auditor's reports may not be complete. They may not have all the controls that we need.

They may not have the appropriate time periods covered, and so it's important for auditors to really read those reports and not just take the service auditor's report and rely on it. This paper that we're working on that's going to be added to the practice aid focuses on the biggest challenges related to those service auditor's reports, areas where you might see concerns and challenges, and providing the auditors with some guidance as to how to consider those service auditor's report. That I think it's going to be very helpful to the practice.

The other area that we're working on is establishing a set of Q&As. Different than our long, lengthy papers on audit, we're going to move to Q&As focused on some key assertions. The two key assertions we're starting with are the two that you asked about earlier in our conversation: existence and rights and obligations. We're focused on the key question. If an auditor needs to access information from a blockchain, what factors should they consider when they're evaluating if they rely on it?

If an entity uses a third party, what substantive procedures may the auditor perform? We're providing that framework in a Q&A structure on some of the hardest questions for us all to answer and really thinking about what evidence you need to address the risk of material misstatement related to digital assets.

Amato: Thanks again to Amy Steele. The session that she's part of is Monday, Dec. 6. We'll post a link to the conference agenda in the show notes. As I said at the start of this episode, we've got a lot of information, a full plate. First, if you want to learn more about the tax provisions of the Build Back Better Act, which was passed by the House of Representatives, go to the show notes or visit to find the coverage by Alistair Nevius. His article takes a look at some of the tax-related provisions that are designed to provide taxpayer incentives and to raise revenue for the spending in the bill.

Some of those provisions mentioned include a one-year extension of the expanded child tax credit, extension of the expanded earned income tax credit, and an increased limitation on the deduction for state and local taxes, which in tax parlance is the SALT cap.

Also on, you can read about how CPA decision-makers in business and industry feel about the year ahead. Our coverage of the quarterly economic outlook survey is posted, and a sneak peek for next week's episode we'll have more in-depth coverage and commentary on the reasons for optimism and concern from finance executives and what they see as top challenges. A quick word on the news of the survey, overall sentiment remained steady. It was down slightly from last quarter but remains higher than at this time a year ago.

In other news, the AICPA and NASBA, which is the National Association of State Boards of Accountancy, jointly published a revised CPA Evolution model curriculum in response to feedback from members of the profession. The update refreshes the resource that was published initially in June.

In tax news, an IRS official told an AICPA committee that a recent IRS legal memo specifying information that taxpayers must provide when claiming the R&D tax credit applies only to claims on amended returns.

Finally, aspiring accounting professionals will have the opportunity to use an apprenticeship path to pursue the CGMA or Chartered Global Management Accountant designation. The U.S. Department of Labor has approved the program, which is called the Registered Apprenticeship Program for Finance Business Partners. The program is built on the rigorous Finance Leadership Program for CGMA candidates in the United States.

The program is designed to provide benefits to students, employers, and universities. Candidates can earn a paycheck while they learn and benefit from exposure to more career development and mentoring opportunities. The program will launch in early 2022, and you can read Ken Tysiac's article on that program, which we'll link to in the show notes. That's all for this week. I look forward to talking to you next week. Thanks for listening to the Journal of Accountancy podcast.