Auditing in the Crypto-Asset Sector

Similar documents
Technical Line. A holder s accounting for cryptocurrencies. What you need to know. Overview

IFRS Discussion Group

Blockchain 101. Featuring: MNP & The CSE Date: December 4, 2018

Adviser alert IFRS Viewpoint Accounting for cryptocurrencies the basics

IFRS Viewpoint. Accounting for cryptocurrencies the basics

L3. Blockchains and Cryptocurrencies

In the future, many kinds of cryptocurrencies will be born, and service competition will increase.

Accounting for crypto assets mining and validation issues

Cryptocurrencies (Session I) Computer Science and Law

Surface Web/Deep Web/Dark Web

Crypto-Philanthropy: Virtual Currency and the Future of Charitable Giving

IS BLOCKCHAIN THE FUTURE OF REAL ESTATE? DENITZA TYUFEKCHIEVA

Tax Reporting of Bitcoin and Other Cryptocurrency: Calculating Basis, Income and Gain

arxiv: v1 [q-fin.gn] 6 Dec 2016

EVERYTHING YOU NEED TO KNOW ABOUT DIGITAL LEDGER TECHNOLOGY, THE BLOCKCHAIN AND CRYPTOCURRENCIESÓ (Part I June 2018)

$110100$010. Crypto Currencies. Good or Evil? 10$ $100010

November 2018 Abstract

Table of contents. 2

Blockchain Overview. Amr Eid Cloud Architect, Cloud Platform, MEA

Will Blockchain Change the Audit? Zhiyong Li. Jianghan University, Wuhan, China. Introduction. The Blockchain Technology

Blockchain and the Maritime Industry

Contents Crowe LLP

Bitcoin. CS 161: Computer Security Prof. Raluca Ada Popa. April 11, 2019

Wall Street Meets Digital Assets: Organizing and Administering Cryptocurrency Hedge Funds. Stacey J. Relton Strait

Blockchain and Risk ISACA Northern UK, April 20 th, Mike Small CEng, FBCS, CITP Senior Analyst Kuppinger Cole

BITCOINS and CRYPTOCURRENCIES How It Works. Principal Consultant CISA, CISSP

White Paper. Bizanc Blockchain

Whitepaper. 1

Introduction to Blockchain Technology

Private Wealth Management. Understanding Blockchain as a Potential Disruptor

New IRS Scrutiny on Cryptocurrency Reporting: Filing Requirements and Exchange Treatment

If no board of directors exists, identify the equivalent body with oversight responsibility.

Audit report on the Consolidated Financial Statements issued by an Independent Auditor

Tezos Contribution and XTZ Allocation Terms and Explanatory Notes. 1. Principles

INTRODUCTION TO THE BLOCKCHAIN ERRIN ICT Working Group Meeting on Blockchain June 13, Javier Prieto IoT Digital Innovation Hub

Bitcoin. CS 161: Computer Security Prof. Raluca Ada Poipa. April 24, 2018

All Rights Reserved 2017 TCG

SRI LANKA AUDITING STANDARD 540 AUDITING ACCOUNTING ESTIMATES, INCLUDING FAIR VALUE ACCOUNTING ESTIMATES, AND RELATED DISCLOSURES CONTENTS

FLASH TOKEN WHITE PAPER

Block This Way: Securing Identities using Blockchain

Blockchain Technology. State Legislative Update July 2018

IEW. OINT OF NOTHER ROM BLOCKCHAIN 101 // EXECUTIVE DECK. Marcelo T. de Alvear 405 Oficina # 9 Ciudad de Buenos Aires Argentina

Report on Inspection of Grant Thornton LLP (Headquartered in Chicago, Illinois) Public Company Accounting Oversight Board

Pottery Research is an organization that uses knowledge of law and financial markets, where it interacts, to assist investment and business stability

International Standard on Auditing (UK) 540 (Revised June 2016)

Product Overview. Version October 2, 2017 thetoken.io Page 1 of 9

Bitcoin, Blockchain Technology, Block Chain Ecosystem : What You Need to Know?

The Blockchain Trevor Hyde

Conceptual Framework for Legal & Risk Assessment of Blockchain Crypto Property (BCP)

Copyright Scottsdale Institute All Rights Reserved.

THE ISSUER. Sponsored by First Block Capital Inc. Suite 2600, 1055 West Georgia Street, Vancouver, BC, V6E 3R5 Phone: address:

SATURN Blockchain is the answer What was the question again? 14 th Annual SEI Architecture Technology User Network Conference

ANNUAL REPORT ON THE INTERIM INSPECTION PROGRAM RELATED TO AUDITS OF BROKERS AND DEALERS (PCAOB Release No August 20, 2018)

SECRET COIN WHITE PAPER

Applying IFRS. Accounting by holders of crypto-assets. August 2018

The first blockchain-based digital commodities platform

Distributed and automated exchange between cryptocurrency and traditional currency. Inventor: Brandon Elliott, US

Anthony O Dowd IBM Blockchain Labs V3.3, 12 July 16

Crypto-assets and crypto-businesses a regulatory and legal issues

Safe Harbour FORWARD-LOOKING STATEMENTS

Sphinx WAY TO BE ULTRA SUCCESS WAY TO ULTRA SUCCESS

Deliberation on IFRS. by CA. D.S. Rawat

Hive Project Whitepaper

II. THE FUNCTIONS OF SECURITIES CUSTODIANS.

McGraw-Hill/Irwin. Copyright 2013 by The McGraw-Hill Companies, Inc. All rights reserved.

21 st Geneva Report on the World Economy. Peterson Institute Presentation September 26, 2018

Blockchain Technology: Concepts. Whitepaper 1

Assurance in a blockchain world How you can prepare to address the risks

Bitcoin and Cboe Bitcoin XBT Futures

BITCOIN INVESTMENT TRUST A Delaware Trust. QUARTERLY REPORT For the quarterly period ended March 31, 2016

Independent Auditor s Report

Blockchain in Healthcare

New Kids on the Blockchain: RIM Blockchain Applications Today & Tomorrow

Bitcoin Currency & Blockchain Technology

CME Bitcoin Futures The Basics

Blockchain and distributed ledger technology at Travelport

BLOCKCHAIN IN PRACTICE

Federal Reserve Bank of Chicago

an introduction to Blockchain Technology

Blockchain for financials

BLOCKCHAIN DIGITAL REVOLUTION PROSPECTS AND CHALLENGES Fadele Adeolu (CYBERSECURITY CENTRAL BANK OF NIGERIA)

A block chain based decentralized exchange

Transforming Industries Through Blockchain Innovations. Marc Taverner, Bitfury Global Ambassador BLOCKCHAIN SUMMIT, London, June

INTERNATIONAL STANDARD ON AUDITING 545 AUDITING FAIR VALUE MEASUREMENTS AND DISCLOSURES CONTENTS

BLOCKCHAIN EVOLUTION. The shifting perception of blockchain and the potential impact on businesses, governments and the investment landscape.

Blockchain made Simple

UNLOCKING THE REAL BENEFITS OF BLOCKCHAIN THROUGH ITS SWEET SPOT

whitepaper Abstract Introduction Features Special Functionality Roles in DiQi network Application / Use cases Conclusion

BLOCKCHAIN WORKSHOP. by Deriv Asia & DX Markets. Sam Ahmed. 2015: Not to be circulated or distributed.

Objective of IAS 18 The objective of IAS 18 is to prescribe the accounting treatment for revenue arising from certain types of transactions and events

Building Blockchain Solutions

IAASB Teleconference (April 24, 2018) Proposed ISA 540 (Revised) Selected Paragraphs Clean

Chapter 10. Auditing the Revenue Process

Blockchain: An introduction and use-cases June 12 th, 2018

Investing in the Blockchain Ecosystem

Blockchain and the possible impact on testing. New technology needs new testing?

HIVE Blockchain Technologies Ltd.

Harnessing Commodity Markets Commodities and Blockchain - Distributed Ledger Technology

FORM 7 MONTHLY PROGRESS REPORT

Transforming Industries Through Blockchain Innovations

Transcription:

Auditing in the Crypto-Asset Sector Introduction Many of the reporting issuers in Canada s crypto-asset sector obtained material crypto-asset holdings or engaged in material crypto-mining activity during the most recent fiscal year under audit. Planning and execution of these audits have begun. CPAB will publish communications that reflect our perspectives and expectations of auditors related to audits of reporting issuers in the crypto-asset sector. This communication highlights our expectations in a number of challenging areas but should not be regarded as an audit program. Auditors should continue to refer to relevant auditing standards when planning and executing their audits. Existence and ownership rights associated with crypto-asset holdings Existence When an entity uses a blockchain to support the occurrence/existence of crypto-asset transactions/balances recorded in its financial statements, auditors will need to evidence their understanding of how transactions are recorded on the applicable blockchain ledger. The protocols and cryptography associated with blockchains are designed to make blockchain ledgers resilient to tampering. However, the effectiveness of these attributes varies by blockchain and it would be inappropriate for auditors to rely on blockchain ledgers without first evaluating the reliability of the blockchains that are relevant for the audit. We expect auditors to engage blockchain and cryptography specialists to assist in understanding and evaluating blockchains that support amounts recorded in an entity s books and records where there is a risk of material misstatement 1. Auditors should identify and document their understanding of the relevant risks relating to the occurrence/existence of crypto-assets on the blockchain including (i) invalid transactions are recorded on the blockchain, (ii) validated transactions are not recorded on the blockchain, and 1 CAS 620, Using the Work of an Auditor s Expert, para. 7 1

(iii) validated transactions are subsequently modified. Auditors should identify the relevant attributes of the blockchain (e.g., cryptography, blockchain validation algorithms and consensus mechanisms) that mitigate those risks and perform tests to determine whether they are operating as intended. In testing occurrence of an entity s crypto-asset transactions and the existence of the cryptoasset balance at year end, auditors will typically use tools called block explorers to review the information recorded on blockchain ledgers. Auditors should perform procedures to ensure that these tools are designed and operating effectively to extract the relevant information from the blockchain. Ownership rights Crypto-asset transactions offer some degree of anonymity because blockchain ledgers represent the identity of entities that have transacted crypto-assets as a string of alphanumeric characters for each public address. In evaluating an entity s ownership assertion, auditors will need to design an audit approach that seeks to obtain sufficient appropriate audit evidence that the entity owns the crypto-assets that are associated with a public address. Auditors, for instance, may request management to transfer a specified amount of a cryptoasset balance between crypto wallets controlled by the entity and inspect the blockchain record for the occurrence of the transaction. Alternatively, auditors may ask management to sign arbitrary messages to prove they have access to the private key that controls a crypto-asset. The procedures above may be useful to verify an entity s access to the private key and control over the related assets. However, an entity s access to a private key should not be interpreted by auditors to mean that the entity has ownership rights to the related crypto-asset. This is because there is a risk that an entity could share the alphanumeric sequence of a private key with others such that multiple entities or individuals could assert ownership rights over the same crypto-asset. We expect that auditors will assess the potential for misrepresentation of ownership rights as a fraud risk in most of these types of audits and design procedures to mitigate that risk 2. Designing substantive procedures that are limited to verifying that an entity has access to the private key which controls a crypto-asset will be necessary but not likely sufficient to mitigate the fraud risk. We expect that effective internal controls will be essential for management to establish to its auditors that the entity has rightful and sole ownership of crypto-assets. It will be very challenging for auditors to mitigate the risk associated with ownership rights without understanding and testing the design and operating effectiveness of these internal controls. 2 CAS 240, The Auditor s Responsibilities Relating to Fraud in an Audit of Financial Statements 2

Internal controls that should be in place at the entity and tested by auditors include: Entity executes key ceremonies 3. The objective of a key ceremony control is to ensure that the keys are generated in a cryptographically secure manner, that no one could have made unauthorized copies, and that the entity is the rightful owner of the related crypto-assets. The sophistication of the key ceremony will depend on how significant crypto-asset transactions are to the entity. Entity has implemented multi-signature access controls requiring multiple levels of approval before a transaction is executed. Entity has implemented information technology general controls (ITGCs) to address the IT risks that apply to digital wallets. Additional considerations where private keys are held by a third party custodian Generally, crypto-exchanges execute trades on behalf of their clients by retaining custody of the private keys that control the assets. They act as brokers and custodians for their clients. In contrast to custodians in the traditional securities industry, crypto custodians and exchanges are relatively immature entities that remain largely unregulated. To CPAB s knowledge, no service auditors reports are available that attest to the effectiveness of internal controls in place at crypto-exchanges and custodians. The use of third party custodians creates additional audit risks the auditor will need to address. When a service auditor s report on the effectiveness of relevant controls at an exchange or custodian is unavailable and the occurrence of transactions or existence of year-end balances represents a risk of material misstatement, the auditor will need to test internal controls at the exchange or custodian directly 4. We further note that several crypto-exchanges engage in the practice of commingling their clients assets in exchange wallets. When crypto-assets are commingled, a crypto-exchange reflects transactions between buyers and sellers of the same crypto-asset in its records but not on the applicable blockchain ledger (i.e., off-chain transactions). This makes it impracticable for auditors to verify the occurrence of an entity s crypto-asset transactions by referring to the applicable blockchain record. 3 Additional information on key ceremonies may be found in the AICPA s Statement on Auditing Standards No. 70, Service Organizations. 4 CAS 402, Audit Considerations Relating to an Entity Using a Service Organization, para. 12 3

Revenue from crypto-asset mining Blockchain miners receive rewards for creating blocks of validated transactions and including them in the blockchain. Many blockchain miners pool their computing power in mining pools with other miners. We understand these pools are managed using programmed protocols or are administered by third party companies or individuals. When the mining pool adds a block to a blockchain and earns the associated reward, each miner participant receives its share of the reward based on one of several allocation methods. An auditor of a crypto-asset miner will need to develop an audit approach to test each of the major assertions relating to revenue recognition including occurrence, accuracy, and completeness. When an entity earns revenue through a mining pool, the auditor needs to understand the terms of the arrangement with the mining pool and the associated risks. The auditor s testing of revenue should include procedures to test the accuracy and completeness of the amounts allocated to the entity by the mining pool. It will not be sufficient for auditors to limit their procedures for auditing revenue transactions to vouching remuneration received for validation activities to the blockchain ledger. The auditor must understand how revenue is earned and develop an audit approach responsive to the risks identified. Other challenging areas Impairment of mining assets Several of the reporting issuers in Canada that carry out crypto-asset mining acquired mining equipment when crypto-asset prices were significantly higher than they are currently. For example, Bitcoin, Ripple and Ethereum have declined by approximately 70, 90, and 85 per cent, respectively, from January 2018 to early December 2018. The significant decline in crypto-asset prices over the past year should be viewed as an indicator 5 that the carrying amounts of mining equipment may be impaired and that, accordingly, management should be estimating the recoverable amount of these assets. Auditors should be skeptical if management s estimates include unrealistic expectations about future crypto-asset prices and productivity of the mining equipment. 5 IAS 36, Impairment of Assets, para. 12(b) 4

Related party transactions 6 Public addresses on a blockchain consist of alphanumeric strings of characters that will be difficult to associate with the real world identities of the parties that have transacted cryptoassets during the year under audit. It will be challenging for auditors to evaluate whether management has appropriately identified and disclosed all crypto-asset transactions with related parties. Auditors will likely assess this as a significant risk area. It will be difficult to obtain sufficient appropriate audit evidence when the entity does not have effective internal controls to identify related parties and related party crypto-asset transactions. Auditors should continue to perform focused audit procedures around transactions with related parties, including assessing the business purpose of crypto-asset transactions and, when applicable, that the transactions were made on terms equivalent to those that prevail in arm s length transactions. Valuation of crypto-assets 7 For entities that measure crypto-assets at fair value, valuation will likely be assessed as a significant risk by auditors. In evaluating the reasonability of an entity s crypto-asset valuations, auditors will consider whether an active market exists for the crypto-asset (i.e., whether a level 1 valuation can be performed). In some cases, there might be several markets for a particular crypto-asset that meet the definition of an active market, and each of those markets might have different prices at the measurement date. In these situations, the entity will need to determine the principal market (or, in the absence of a principal market, the most advantageous market) to value the asset. Some entities use price quotations from data providers that aggregate prices from several crypto-exchanges to value crypto-assets that trade in active markets. Auditors will need to evaluate whether those prices are reasonable proxies for what an entity will be able to sell the crypto-asset in its principal market at the measurement date. Many crypto-assets will not have an active market and the entity will need to use a valuation technique to value these assets. We expect that auditors will engage valuation specialists where the crypto-assets do not trade in active markets. 6 CAS 550, Related Parties 7 IFRS 13, Fair Value Measurement 5

Subsequent events 8 Because of the significant risks associated with existence and ownership of crypto-assets, auditors should perform procedures designed to obtain sufficient appropriate audit evidence that the assets were not lost or compromised (therefore requiring disclosure in the financial statements) during the period between the year-end date and the date of the auditor s report. These procedures may include many of the same procedures applied to test the year-end crypto-asset balances. Client acceptance considerations We ve highlighted that cryptocurrency transactions involve unique risks and auditors need to develop a comprehensive audit response. We ve also highlighted areas where we think it would not be practicable to audit cryptocurrency-related assets and transactions without relying on the effective operation of relevant controls. We expect audit firms to have a good understanding of the audit risks they will face, and the expertise they will bring to bear, in the audit before accepting these types of engagements 9. It will not be satisfactory for audit firms that have already accepted clients to assert that the audit risks for reporting in this nascent industry are not yet well understood. Further, we continue to expect to see thorough know your client procedures being performed by audit firms prior to acceptance of these engagements. Concluding comments We encourage a comprehensive approach by auditors in addressing the specific audit risks that are unique to the crypto-asset sector. We encourage the use of experts and consultation by auditors in developing their audit plan. CPAB expects to issue further communications on this topic as we learn more and conduct inspections of the audits of reporting issuers in this sector. 8 CAS 560, Subsequent Events 9 Refer to CAS 220, Quality Control for an Audit of Financial Statements, para. 12, 13, A8-A10, for more information on quality control requirements related to client acceptance 6

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback