Is your company transacting in Bitcoin or using blockchain to secure the custody records of digital assets? Some new guidance from the AICPA could help you get a handle on auditing them.
The American Institute of CPAs updated its practice guide Accounting and Auditing Digital Assets on July 17 with guidance on how to audit digital assets, especially as digital asset use increases. While the guide is primarily aimed at accountants and external audit firms, it has plenty of useful information for internal auditors who are increasingly encountering digital assets during audits.
The guidance helps auditors understand the risks associated with digital assets and comes from professional literature and the experience of the AICPA Digital Assets Working Group and AICPA staff. It is specifically tailored to U.S. generally accepted auditing standards. The original guidance included 10 questions in the accounting subgroup, while the new addition added the audit subgroup that focuses on auditing applications.
Auditor Skill Sets and Competencies
The guidance highlights the importance of the firm assessing its employees’ expertise and its ability to deliver on proper audits, and to mitigate the risk of a firm that is ill-equipped to perform the audit providing an unsatisfactory service. Especially with the auditing of digital assets, companies may find themselves without the requisite knowledge to properly perform the audit. Client acceptance and continuance procedures are especially important, and audit firms need to be able to objectively asses themselves to ensure proper audits.
As digital assets are a relatively new, to keep up with competency requirements, firms or internal audit departments have several strategies they can use to stay updated. Closely following technologies, regulations, and financial reporting standard that affect current and potential clients allows a firm to stay current and adapt to the everchanging landscape. Recruiting and developing talent, especially in cybersecurity and information technology, allows firms to have personnel that understand new developments and digital asset needs. Properly supervising engagement team members that may include staff, internal specialists, and external specialists that may not be familiar to the audit team will lead to cooperation and further understanding. Establishing an ongoing curriculum of training will help auditors continue to learn.
The firms should create a firm-wide criteria for client acceptance, lessening the risk that the firm will accept an engagement it is not qualified to perform. The firm should also build a general awareness of digital asset risks among all staff through training programs. The firm should also identify individuals with demonstrated competence in auditing firms with digital assets, and identify them to serve as subject matter experts, and involve them in client acceptance procedures. To ensure the audit firm can serve its proper function, firms need to adapt existing quality controls to answer the needs of digital asset auditing.
Management Skill Sets and Competencies
Because of the complexity of digital assets, management might find it hard to keep the books and secure assets. Even if the auditor has the required competencies, if management does not address shortfalls in operations, an audit might not be possible. The auditor might lack reliable records from a lack of proper bookkeeping. Management may not have implemented necessary processes and controls, or are over reliant on the auditor, compromising the auditor’s independence.
Management needs to identify and address the risks associated with digital assets and implement internal controls to account for them. Book and record keeping are very important, and management should keep up with the pace of changes in the field to update its record keeping practices. Management also needs to have competent personnel, and be able to identify the need for specialists if necessary.
Management Integrity
Firms should establish criteria for accepting clients and continuation with clients based on the client’s integrity. Firms must make sure that management has established a climate of honest and ethical behavior and that the control environment empowers the internal control system. The auditor also needs to understand the legal and regulatory framework within which the client operates and client compliance with the framework.
Digital assets especially present opportunities for illegal activity with its pseudo-anonymous nature. The ease of entry into digital assets also make way for those who lack integrity to permeate the space. Confusion surrounding the technology may also be roadblocks to proper compliance and integrity. Auditors need to keep in mind the challenges of digital assets when evaluating clients.
Digital assets are a rising technology that auditors will run into in the future. To ensure quality audits, the practice aid offers good tips and advice for auditors trying to assess clients and encourages an understanding of the field and specialization to handle the unique difficulties that come with digital assets. 
Stephanie Liu is assistant editor at Internal Audit 360°