PCAOB Puts Focus on Cryptocurrency Audits

Chris Gaetano
Published Date:
May 27, 2020
The Public Company Accounting Oversight Board (PCAOB), having observed a growing number of financial statements disclosing transactions involving cryptocurrencies, issued a new publication with points to consider when auditing them.

It noted, to start, that cryptocurrency transactions can take many different forms. They may include, for example, earning a fee, or “reward,” for validating new blocks on a blockchain; purchasing goods or services in exchange for cryptoassets; exchanging one cryptoasset for another; or selling cryptoassets for a fiat currency, such as the U.S. dollar. A cryptocurrency transaction can also include acting as an intermediary or providing third-party services for such transactions.

In any case, the PCAOB reminded stakeholders that auditing standards require a firm to undertake only those engagements that the firm can reasonably expect to be completed with professional competence. It noted that performing such engagements may require certain specialized skills and knowledge, and it added that the performance of engagement-quality reviews would require an appropriate level of knowledge and competence relating to cryptoassets.

For instance, said the PCAOB, the engagement team may need specialized skills or knowledge in the areas of cryptography, distributed ledger technology, valuation, and laws and regulations. The team members might also need knowledge regarding differing business models and technologies underlying transactions in cryptoassets (e.g., generating new coins vs. trading existing ones), and they might require different skills, knowledge, and resources (including specialized audit software) to identify, assess, and respond to risks of material misstatement. Further, the engagement team may need specialized skills or knowledge in applying existing legal and regulatory frameworks to cryptoassets. The U.S. Securities and Exchange Commission (SEC) staff provides information and guidance about digital assets on its website

Before taking on the engagement, a firm must also evaluate the risk of providing services in a particular circumstance. When it comes to cryptocurrency, the PCAOB brought up the fact that cryptoasset holdings are generally designed to be pseudonymous, meaning that it may be more difficult for an auditor to recognize when a cryptoasset-related transaction involves fraud or another illegal act, or related parties.

During the engagement itself, the PCAOB said that the auditor should be aware of audit risks. For instance, the types of potential misstatements associated with balances of cryptoassets could depend on whether the cryptoassets are stored in the issuer’s own digital wallet or by a third party; or the issuer may not have the personnel or expertise to deal with cryptoassets, increasing the risk of error in processing and reporting transactions that involve cryptoassets.

The PCAOB also noted that, as per standards, auditors must also think about how cryptocurrency transactions play into the issuer's internal controls. This would mean understanding matters such as controls over the generation and management of private keys (i.e., access passcodes), or controls over the reliability of blockchain information to be used as audit evidence.

The board overall said that it is monitoring the growth of cryptocurrency and is prepared to assess its implications for PCAOB standards.

Click here to see more of the latest news from the NYSSCPA.