Audit Risk Assessment Guidance Added to AICPA & CIMA Digital Assets Practice Aid

As the digital asset ecosystem evolves, the auditor continues to be presented with unique risks and challenges. In response, AICPA & CIMA – which is driven by the Association of International Certified Professional Accountants – today updated its practice aid, Accounting for and Auditing of Digital Assets to include nonauthoritative guidance in the auditing areas of risk assessment, processes and controls, laws, and regulations and related parties.

This new material will complement accounting and auditing guidance issued last year. It is based on professional literature and experience from members of the AICPA & CIMA Digital Assets Working Group (DAWG) and AICPA & CIMA staff and is specific to the U.S. generally accepted auditing standards (GAAS).

“There are challenges and unique considerations when auditing an entity that holds or transacts with digital assets,” said Diana Krupica, CPA, AICPA & CIMA Lead Manager, Emerging Assurance Technologies. “From performing risk assessment procedures and understanding new processes and controls to identify related parties, it is important for auditors to look through the lens of digital assets and understand exactly what audit procedures need to be performed. We hope this latest guidance will help auditors consider the potential risks unique to the digital assets environment.”

Risk Assessment and Processes and Controls

This section of the practice aid is organized into the following topics:

Understanding the Entity and Its Environment
Understanding and Evaluating the Entity’s Risk Assessment Process
Understanding the Entity’s Processes and Controls

Each section describes the individual considerations that may be important when performing risk assessment procedures, including the types of procedures that auditors may perform, or are required to perform, to identify and assess risks of material misstatement in audits of entities engaged in the digital asset ecosystem.

Laws and Regulations and Related Parties

This section addresses the unique challenges and potential procedures auditors consider for both compliance with laws and regulations as well as identification, accounting, and disclosure of related parties in an audit of an entity that holds or transacts with digital assets. Because related party transactions may reflect a risk of material misstatement due to noncompliance, these topics are considered in the same section.

In addition, appendix A, Blockchain Universal Glossary, has been added to the practice aid that was developed as a reference for all AICPA & CIMA blockchain and digital assets-related content. Digital assets are defined broadly as digital records, made using cryptography for verification and security purposes, on a distributed ledger. Although all industries encounter change, the digital assets ecosystem is evolving rapidly. As firms seek to provide audits to entities within the ecosystem, caution, and consideration must be given to unique risks and challenges.