How to audit the next generation of digital assets

Management’s responsibilities

Digital assets have diverse terms and conditions and may be held for different purposes even within the same organization. Let’s use cryptocurrency as a topic given the wide use case. Generally, we are seeing the market treating cryptocurrencies as intangible assets to the extent that they are not inventories. In order to reach that conclusion, let’s consider why cryptocurrencies might not meet the definition of cash or financial instruments. 

• Cash – the description of cash in International Financial Reporting Standards (IAS 32 Financial Instruments: Presentation) suggests that cash is expected to be used as a medium of exchange and as the monetary unit in pricing goods or services to such an extent that it would be the basis on which all transactions are measured and recognized in financial statements.  However, there are currently no cryptocurrencies that demonstrate the characteristics of cash.
• Financial assets – IAS 32 defines a financial asset. In summary, a financial asset is any asset that is: (a) cash; (b) an equity instrument of another entity; (c) a contractual right to receive cash or another financial asset from another entity; (d) a contractual right to exchange financial assets or financial liabilities with another entity under particular conditions; or (e) a particular contract that will or may be settled in the entity’s own equity instruments. However, cryptocurrency is not cash, an equity instrument of another entity, nor a contract with a counterparty.  

After considering these facts, it leaves us with intangible assets, which give rise to future economic benefit, lack physical substance, are identifiable, controlled by the entity and are not in scope of other standards. Since cryptocurrencies are not tangible (they have no physical substance), they meet the definition under IAS 38; subject to the cost or, if applicable, revaluation model, which continuously compares the carrying amount of the digital asset against its fair value, on subsequent measurement.

The auditor’s responsibilities

The different accounting approaches may pose a challenge for auditors, so efforts are under way to establish consistency across global auditing practices. Accountancy bodies (such as the American Institute of Certified Public Accountants and the Center for Audit Quality) have launched working groups focused specifically on handling emerging technologies, including digital assets. While there are still obstacles to overcome before procedures and approaches are fully aligned, these are promising steps forward and, over time, we can hope to see gradual convergence. 

The auditor’s first responsibility is to evaluate the actual blockchain protocol that is used. At EY, for instance, the blockchain assurance team works to understand the nature of the digital assets and their underlying protocols, since this is critical to the auditor in assessing evidence from the blockchain. 

To add further complexity, the definition and assessment of risks can vary depending on the specific digital asset in question, or the way in which the client transacts. This means there can be a wide range of influences on the risk spectrum.

For instance, more mature digital assets typically have a higher number of interested parties (e.g., holders, developers, miners). Similarly, digital assets that are pegged to other economic claims (e.g., gold-backed cryptocurrency or the stablecoin propositions mentioned earlier) might present different risks than those without such intrinsic value such as utility tokens and native digital assets such as Bitcoin. Asset-backed tokens may even present additional complexity, since their smart contract functionality would have to be considered as well. The position of any particular digital asset on the risk spectrum depends on a number of factors. Is the blockchain widely used? Is it open source? How many developers use it?

Auditors also must consider whether transactions are manually initiated or executed automatically via a smart contract. If automatic, there are risks of unauthorized or incorrect transactions associated with software flaws, hacking and reliance on potentially inaccurate information provided to the blockchain by third-party data feed services (known as oracles).

These challenges are further complicated by the fact that it is more difficult for the auditor to verify the existence of digital assets than traditional assets.  

Regulators and standard setters

Most governments recognize that introducing regulations to help monitor digital assets will offer greater protection to investors and businesses, but consistent regulation across jurisdictions does not yet exist. Two examples illustrate how polarized approaches can be: Luxembourg has gone to some lengths to encourage the use of digital assets by introducing the first nationally licensed bitcoin exchange; in India, on the other hand, an inter-ministerial committee is proposing to criminalize dealing in private cryptocurrencies.

Similarly, while the International Accounting Standards Board has not put digital assets on its standard-setting agenda at this stage, it is, along with other standard setters, continuing to monitor the development of digital assets and their significance for the International Financial Reporting Standards.