Audits involving cryptoassets
FINANCIAL REPORTING INSIGHTS |
The Public Company Accounting Oversight Board (PCAOB) recently published Audits Involving Cryptoassets: Information for Auditors and Audit Committees, which highlights considerations for addressing certain responsibilities under PCAOB standards for auditors of issuers transacting in or holding cryptoassets. Such considerations for auditors generally include the following, among many others:
- Determining whether specialized skill or knowledge is needed in the performance of the audit
- Obtaining and analyzing relevant information about the nature of the issuer’s transactions involving cryptoassets
- Understanding the issuer’s objectives, strategies and related business risks involving cryptoassets
- Understanding the issuer’s internal controls that are important to addressing risks relating to cryptoassets
- Identifying and discussing fraud risks related to cryptoassets
The document also includes the following questions audit committees may consider asking the auditor when transactions involving cryptoassets or holdings of cryptoassets are material to the issuer’s financial statements:
- What is the experience of the engagement partner and other senior engagement team members with cryptoassets? Would the firm be able to supplement the engagement team’s expertise if necessary (e.g., by engaging relevant specialists)?
- What is the auditor’s understanding of the technology underlying the issuer’s cryptoasset-related activities?
- Are specialized technology-based audit tools needed to identify, assess and respond to risks of material misstatement?
- What is the auditor’s understanding of the legal and regulatory (including know-your-customer and anti-money-laundering provisions) implications of the issuer’s cryptoasset-related activities?
- How does the audit firm monitor auditor independence considerations associated with audit engagements involving cryptoassets?
- What policies and procedures does the audit firm have regarding conducting and monitoring audit engagements involving cryptoassets, including considering the risks associated with performing such audits?