Although it has existed for more than a decade, cryptocurrency is still somewhat of a novelty. Any official guidance is almost nonexistent. As a result, it can be extremely difficult to audit. How do you classify it?
“There is a real risk that crypto assets could be easily over- or understated given this lack of universal guidance,” says Ross Thompson, accountancy and finance lecturer from Arden University. “This means audit risks are higher, which should be considered during client acceptance and retention and planning audit procedures. It also means auditors often have no choice but to simply apply established, generic principles such as ‘prudence’ and ‘going concern’.”
It’s not all bad, however. Thompson explains that blockchain technology allows auditors to access information in real time, through the read-only nodes on blockchains. It means that auditors don’t have to wait for clients to provide data on their crypto transactions.
“It does mean the auditing process will change, resulting in the increased need for automation, analytics, and machine-learning capabilities, as supporting documentation, such as contracts and invoices, could be encrypted. Auditors will have to develop procedures to obtain audit evidence directly from blockchains in a totally new way.”
Not all cryptos are created equal, says Marc Jones, Partner in Commercial Litigation, Fraud and Securities Litigation at Stewarts. Crypto assets such as digital bonds from the European investment banks will not have the same volatility and valuation problems as certain cryptocurrencies or NFTs.
“Recent market turmoil showed that not even apparently similar types of crypto behave in the same way,” he says. “The contrast between Tether and Terra provides a stark example. Both describe themselves as ‘stablecoins’. Over the last six months, Tether consistently sat at a value of plus/minus $0.00015. Terra is now defunct.”
The difference between the two was collateral, Jones explains. Terra was an algorithmic stablecoin with only ‘endogenous’ collateral – digital tokens created by Terra itself. Tether is backed largely by commercial paper; assets that regular markets would recognise as real world collateral. It’s not necessarily the digital/real nature of the collateral that makes the difference, however.
While Bitcoin, which is wholly uncollateralised, has fallen back to its value in January 2021, it is still 100% up on its value 18 months before that. Jones argues that, as with regular financial markets, there is a place for a broad spectrum of cryptos ranging from the more volatile/risky to the more stable/secure.
Crypto ownership is concentrated on a relatively small number of owners, which means they can significantly move prices by buying and selling coins. In other markets, ownership is usually more dispersed, so sudden, significant movements are less frequent.
Understanding of its market behaviour is limited, making it difficult to predict the causes of price movements, says Thompson. “It is not well regulated in most jurisdictions and is not backed by governments or corporates, which means there is little buyer/seller protection. There’s also a reliance on supply and demand, which can contribute to sudden price changes.”
It also thrives on speculation to the extent that good or bad news can cause impressive spikes or huge drops in prices. “Speculators tend to be more short-term in their thinking when compared to value investors. This means the adoption rate can quite easily take a hit; one of the main reasons why it remains so volatile.”
The risk of material misstatements in accounts are high given the volatility of cryptocurrencies and potential for fraud. Thompson says that auditors need to be especially alert to potential money laundering and related party transaction frauds. “New procedures for ‘knowing your client’ are urgently required where clients have business activities involving crypto.”
Another risk area is around the rights and ownership of crypto assets. While the blockchain can provide evidence of transactions such as the purchase of crypto currency, auditors should further consider the security of private keys that provide access to cryptocurrency.
The high privacy and secrecy levels in blockchain may inhibit access to audit evidence, which raises the possibility that management overrides may go undetected.
“Client companies are similarly finding it difficult to embed robust internal controls thus increasing audit risks accordingly,” says Thompson. “Auditors cannot test controls that do not exist. This argues for the internal audit profession to become more proactive in designing effective internal controls in crypto environments.”
Some of the large audit firms are developing crypto auditing software and analytical tools. Auditor training programmes for crypto are also becoming more prevalent. Auditors are also turning to crypto valuers to assist with assurance projects where clients are particularly exposed to crypto.
There is ongoing work on developing international accounting standards for crypto, even though it may be a while until we see crypto being regulated to the point where users and authorities feel comfortable, says Thompson.
“Some stability may allow crypto to be better regulated and better trusted, resulting in more people using it and reacting less to speculation. This could result in it being a form of payment or a form of investment, such as buying a house, as estate agents, lawyers and the counterparty may be warmer to accepting crypto or feel more comfortable doing so. Once there is an uptick in stable use, there will be an increase and better understanding around the auditing process. But with crypto still being a relatively illiquid market, it is currently difficult to find people willing to accept it as a form of payment.”