Audits of digital asset firms are now entering a more mature and complex stage. What started as a niche service that focused on the latest technologies has now become an integral part of public markets. PCAOB inspectors have deemed crypto audits as highly risky, new accounting standards have gone into effect, and early audits at newly public digital asset companies are establishing benchmarks that others will be expected to follow.
For leaders in finance, the expectations are increasing rapidly. Auditors are probing deeper while regulators pay more attention to the situation as well. SOX requirements are increasing in both terms of complexity and scope. Understanding the process that brought industry to this point, as well as what these changes suggest for the year ahead, executives can plan with more clarity and confidence.
Outlook: What to Expect in the Year Ahead
Auditing methods are being formalized.
Auditors are moving away from improvisation towards standardized, legally-sound processes. The new methods include ownership tests using blockchain-based message signatures or test transfers to check the control of a transaction, independent analytics to verify the transaction activity and expanded fraud audits focusing on suspicious transfers or wash trading as well as related-party transactions. In the end, the audit request will now be much more specific, timelines will be longer, and the tolerance to informal explanations is much less.
SOX compliance is getting more popular
Many digital asset companies have seen SOX as a check-the-box task under 404(a) However, the first year 404(b) reviews are uncovering significant weaknesses almost universally. Most of the weaknesses are related to custody, private key management and IT general controls. Even for companies that aren’t covered by 404(b) auditors are measuring their results against the standards and weaknesses in control are increasingly leading to the disclosure of findings to investors.
New accounting regulations raise the bar
In 2025, all cryptocurrency holdings must be evaluated at fair value every quarter. This requires documentation of valuation policies, defensible pricing sources and independent review of valuations. This change will bring real profit as well as loss volatility and requires transparent governance and open communication between the boards and investors.
The market conditions will determine the audit focus
In downturns, auditors are more vigilant about going concern assumptions, impairments and liquidity. In times of bull markets, they’ll examine whether reconciliations, KYC/AML protocols and transaction monitoring are able to keep up with the growth. Future audits will not just look backwards; they’ll determine whether the controlled environment is able to stand up to both contraction and expansion.
Emerging areas of audit are expanding the scope
Auditors are incorporating more areas that were previously considered out of the scope of a traditional financial audit. Proof of reserves, SOC reports from custodians and smart contract validations, as well as cybersecurity controls linked to changes in SEC disclosure requirements all are shifting from “voluntary” to “expected.” The PBC list for many digital asset companies is now similar to the list of financial institutions.
Insights and Takeaways: What Executives Should Do Now
Be prepared for tougher oversight
The scrutiny of audits across the sector of digital assets is increasing. The PCAOB has declared crypto a top priority and firms are increasing their procedures to prevent repeat audit findings. Finance managers should plan extra time for audits, and involve IT as well as operations at the beginning of their process, and ensure that all documentation is in place prior to the year’s end. Consider SOX compliance as an important indicator of readiness for audits and not as a checklist to be checked. Initial 404(b) audits revealed many weaknesses that are material, particularly in the areas of custody, private key management, and IT general controls. This has prompted auditors to apply these guidelines even for 404(a) people who are filers. Conducting a gap analysis ahead of time and then providing a plan for remediation to your board shows competence and preparedness.
Build stronger control foundations
Effective key management and custody control remains the mainstay of trustworthiness. Key management control equates with the management of assets and the weaknesses in this field are well-known to investors and auditors alike. Use multi-signature authorizations, restrict and log access to wallets and enlist trustworthy third-party custodians whenever feasible. These procedures, as well as regular testing of key ceremonies, are now fundamental to auditing procedures. Market conditions that are broad will influence audit focus as market downturns increase the scrutiny of going concern, liquidity and impairments, while bull markets test whether reconciliation, KYC/AML procedures and monitoring transactions are able to scale with growth. Stress-test both scenarios before auditors do to ensure resilience under changing conditions.
Be prepared for fair value volatility
The new FASB standard that requires fair value measurements every quarter introduces real loss and profit volatility. Controllers and CFOs must create clear valuation policies which define the basis of pricing, fallback methods and review procedures. Investors and boards should expect transparency regarding the reasons behind quarterly fluctuations related to crypto holdings and auditors will be able to test not just the mathematics but the underlying governance. Consistency and preparation are essential to avoid unexpected surprises in the audit procedure.
Engagement of the elevate audit committee
Audit committees are now under greater scrutiny by regulators as they view them as the frontline of control. The ability to provide committee members with more precise and more specific questions could enhance governance and create trust with investors. Discussions should center around the verification of ownership of assets along with related-party transactions, the security over vendors and custodians and progress on plans to correct for any deficiencies that are known. In the end, effective internal controls provide strategic advantages. Companies with well-organized control systems are more likely to enjoy lower costs of capital, better valuations, and greater trust among investors.
Final priorities for digital asset companies
Audits of digital asset firms are rapidly maturing. What was once managed with flexibility is now being scrutinized with the same rigorousness that is used in traditional industries. For financial leaders it is a simple lesson that preparation is crucial. Companies who approach audit preparation with discipline will be able to complete audits more efficiently and avoid disclosures to the public and establish credibility with investors.
The audit isn’t just about compliance, it’s an indicator that your company is in a position to run at a high level. To learn more about the implications of these changes for your audit in the near future and the ways Parr & Ibarra CPA in Keller, TX, can help you prepare, contact us today.
