AICPA, CIMA offer audit risk guidance for crypto

The American Institute of CPAs and the Chartered Institute of Management Accountants jointly released guidance Tuesday for auditing and accounting for the risks of digital assets such as cryptocurrency.

The AICPA and CIMA updated their practice aid, “Accounting for and auditing of digital assets,” with new nonauthoritative guidance on audit risk assessment, along with processes and controls, laws, and regulations and related parties. The practice aid was originally released in 2019, but was updated last year and now with the new information on audit risk assessment.

Cryptocurrency investing has caught on increasingly in recent years, particularly in the past year, when digital currencies like Bitcoin, Ethereum and Dogecoin have seen remarkable growth in prices. However, a recent downturn in the market has led to worries among crypto investors, who are also concerned about increasing regulation from the Securities and Exchange Commission and efforts by the Internal Revenue Service to require improved reporting of crypto transactions to discourage tax evasion and money laundering.

Yuriko Nakao/Bloomberg

The guidance was developed by members of the AICPA & CIMA Digital Assets Working Group (DAWG) and their staff and is specific to the U.S. generally accepted auditing standards (GAAS). “There are challenges and unique considerations when auditing an entity that holds or transacts with digital assets,” said Diana Krupica, lead manager of emerging assurance technologies at the AICPA and CIMA, in a statement. “From performing risk assessment procedures and understanding new processes and controls to identify related parties, it is important for auditors to look through the lens of digital assets and understand exactly what audit procedures need to be performed. We hope this latest guidance will help auditors consider the potential risks unique to the digital assets environment.”

The practice aid now includes material explaining how to understand and evaluate an entity’s risk assessment processes and controls. It discusses the specific considerations that could be important when performing risk assessment procedures, such as the kinds of procedures that auditors can perform, or are required to perform, to identify and determine the risks of a material misstatement in audits of entities that participate in the digital asset or crypto environment.

Another section discusses laws and regulations, along with related-party transactions. It describes the particular challenges and potential procedures that auditors should consider to comply with laws and regulations, along with the identification, accounting and disclosure of related parties in an audit of an entity that holds or transacts with digital assets.

A new appendix,Blockchain Universal Glossary, has been added to the practice aid that was developed as a reference for all AICPA and CIMA blockchain and digital assets-related content. It defines digital assets as going beyond cryptocurrency, defining them broadly as digital records, made using cryptography for verification and security purposes, on a distributed ledger such as a blockchain. “Although all industries encounter change, the digital assets ecosystem is evolving rapidly,” the AICPA and CIMA warned. “As firms seek to provide audits to entities within the ecosystem, caution and consideration must be given to unique risks and challenges.”