About the panelists
Brandon Brown, CPA, CISA, managing director of the risk and finance advisory group of Deloitte & Touche LLP; Jeremy Goss, CPA, partner in audit, banking and financial services, at Grant Thornton LLP; Jagruit Solanki, CPA, CGMA, insurance partner in Aprio’s technology and blockchain services group; and Amy Steele, CPA, audit and insurance partner at Deloitte & Touche LLP, were the panelists. Ami Beers, CPA, CGMA, Senior Director of Insurance and Advisory Innovation at AICPA, moderated the panel. The following is an edited and condensed summary of the round table. The views expressed are the personal views of the panelists and not necessarily those of their employers or the boards of employers, management or staff.
***
Beers opened the panel by asking Steele, who is chair of the AICPA digital assets working group, to explain his mission. Steele said the group’s goal is to “create unauthorized accounting and auditing guidelines for digital assets, and then hopefully provide answers and a framework on how to deal with them one point.” accounting and audit “. To this end, the working group is divided into accounting and auditing sub-groups, the latter also being chaired by Steele.
“We are currently working on developing unauthorized counseling on these difficult subjects,” said Steele. “For each of our subjects, we will publish documents that run through a framework, starting first with the requirements of the American GAAS, the unique risks associated with digital assets, then, hopefully, the responses and procedures that an auditor could perform to address these risks. “
Steele then spoke on specific topics, which the subgroup split into two. The first batch contains the fundamental concepts that auditors should consider in order to engage in a commitment involving digital assets, such as the skills of the auditors and management, the potential risks of significant anomalies involved, the necessary processes and controls. to mitigate these. the specific risks and challenges posed by the pseudo-anonymity of digital asset transactions and the possibility of illegal acts on the part of counterparties to auditors’ responsibilities. The second, she said, contains audit claims, completeness, assessment, existence, rights and obligations, as well as IT risks.
Discussing the accounting subgroup, Steele said his guiding principles are “very similar”, but noted that his documents will take “more of a question and answer structure”. The first batch of subjects in the accounting subgroup includes non-specialized industry subjects, such as classification and valuation of digital assets, while the second batch focuses on more specialized advice for entities such as investment companies and brokers, and on topics such as hard forks, airdrops. and fair value considerations.
Steele again stressed that the guidelines will not be authoritative. “We work with the US GAAS and the US GAAP, but there are regulations outside the US GAAP and US GAAS that people will have to take into account,” she added.
Then Beers turned to Brown, who is part of the AICPA System and Organization Controls (SOC) working group for digital assets, to explain the mission of this group. Brown said that there are a growing number of companies that provide digital asset services to the entities that own these assets, and that his group’s mission is to provide advice to the auditors of these entities.
Accounting for digital assets
Beers then asked Solanki to expand on the topic of considerations when accounting for digital assets. “The biggest question,” said Solanki, “is what type of entity you are. Are you an exchange? Are you a custodian? Are you a payment processor?” Second, did she stated, the question is whether the entity is the custodian or owner of the digital assets. The definition of “control” of digital assets will be important here, as it will determine whether a corresponding liability for the asset should be recorded. Solanki cited subject 606 of the Accounting Standards Codification (ASC), “Product Recognition”, and subject 842, “ASC Leases”, as two standards that define control, stating that the question concerns ultimately the nature and purpose of the asset.
In the photo, from left to right: Ami Beers, Brandon Brown, Jeremy Goss, Jagruit Solanki, Amy Steele.
Solanki said the easiest digital assets to value will be cryptocurrencies like Bitcoin that have an active trading market. “It gets difficult when you talk about illiquid assets,” she said, giving an example of tokens distributed as a marketing incentive. “There could be a significant management judgment involved, roughly like level 2 or level 3 security, and there could be significant discounts attached.”
Solanki also said that one of the main challenges in accounting for digital assets is to adjust their cost base when entering the balance sheet as intangible assets with indefinite lives. “You have to define when the depreciation really goes off in this digital asset space, given the extreme volatility, and once you have defined that, you have to constantly monitor whether there is a depreciation trigger”, she said. “The biggest problem I have seen with our customers is tracking these assets. There is not much good software to automate this process, and it can be a nightmare of reconciliation. “
Considerations for auditors
Regarding audit engagements in this area, Goss said existing standards will be the foundation. “Many things are going to be very, very similar to what we are doing now in customer acceptance and continuity,” he said. “We’re going to look at management integrity. We’re going to do background checks, those kinds of things we would do with any client.” The unusual nature of digital assets will force listeners to understand the evolution of the business strategy of an entity. The skill sets will be “super important, just like in any space,” said Goss, noting that both audit teams and management will need cybersecurity experts.
The biggest challenge, said Goss, will be determining auditability. “If you have a mature market,” he explained, “auditing is usually not a big deal. However, in this space, we find ourselves in situations where the company has transactions that substantial procedures alone may not be sufficient to audit. He gave the hypothetical example of a company that created its own internal cryptocurrency exchange. Such a system would have no external records to verify. “In this kind of case, internal control becomes extremely important. This is one of the things we really want to understand before accepting this client. “
Steele warned against overconfidence about the valuation of this new asset class. “Can I get evidence to confirm that the business truly owns this digital asset and that they have the private key?” In these scenarios, we very much accept and continue to understand if this is a business with which we want to be engaged, ”she said. Brown added that entities may also be subject to the SEC’s interpretation that digital assets are securities.
As Beers turned the subject specifically in the direction of the skills of the listeners, Steele said that the listeners will need “a deep understanding of what is a” digital asset “.” She added that the task force had specifically chosen this term instead of “cryptoasset” to keep the definition broad. “As technology continues to evolve, any item can be scanned and traded on a particular blockchain,” said Steele. Transaction mechanics will also be important, she said: “To get sufficient and appropriate evidence, we need to understand the flow of transactions from point A to point B. What are the risks associated with this particular digital asset and to this particular blockchain? “
Solanki said the easiest digital assets to value will be cryptocurrencies like Bitcoin that have an active trading market. “It becomes difficult to speak of illiquid assets.”
Steele also reiterated that existing professional standards can provide a starting point, even if it presents its own challenges. She identified the five biggest challenges such as proving the existence of the digital asset, determining the client’s rights and obligations, valuation in the highly volatile digital space, internal controls and illegal acts by related parties.
SOC reports and commitments
Beers then turned to Brown to cover the impact of the blockchain on SOC commitments. Brown first cited a few hypothetical cases that might require SOC reports, such as custody arrangements and scenarios where companies use digital assets to manage their supply chains or to streamline currency settlement.
One challenge is that the SOC exam guidelines, according to Brown, “leave a lot of professional judgment to the service auditors”. Brown searches for areas of similarity, for example between being a custodian for a digital asset and one for more traditional assets, and “applying these same control objectives, as far as they are relevant.” In addition, he said, protecting the security of the private key of the blockchain is important. Insufficient understanding of cryptography, he said, poses a significant risk. “The risks of losing a private key can be catastrophic. These are the kinds of things that make the headlines too often. “
In response to Beers’ question about what user listeners are looking for in SOC reports, Goss said he was looking for exactly the things that Brown identified as challenges, as well as the five Steele listed as challenges for audit reports. Steele added that “it is important, whenever we audit an entity that uses a depositary, to understand that depositary, what their experience is and what the protections are, because the protections may be different from what we are used to for traditional asset classes with traditional custodians. Solanki noted that, in the audits of blockchain companies that Aprio manages, “the financial statement audit team is heavily involved in our IT insurance audits, working hand in hand from day one.”
Wider blockchain applications
Beers then questioned the panel on the implementation of the blockchain beyond digital currency. Steele said a recent Deloitte survey showed significant investment in blockchain, with “a lot of attention to use cases outside of bitcoin, such as supply chain, digital identity and traceability of food”. Technology has not yet been widely adopted to support internal controls, which Steele says will “really have an impact on us as listeners.”
Brown believes that wider use of the blockchain competes with traditional databases, which he says “have solved the problem fairly well”. Goss agreed, saying that while public blockchains excel at building trust between disparate parties and being resilient to cyber attacks, “if these two things, trust and resilience, are not the biggest problems, [a traditional database] can do a much better job in general. “
Asked about the implications for financial reporting and internal controls, Brown noted that the records on a public blockchain are not controlled by a specific party. “If you think about which service organization and what control to assess to understand this ledger, there really isn’t one.” Solanki added that because the data entered into a blockchain is permanent, the raw information entering the system is very important to listeners.
Steele raised the issue of private blockchains put in place for the parties to transact with each other, which she said “would have shared risks between the parties, and shared risk entails shared responsibility”. She also agreed with Solanki’s argument regarding inputs, saying, “We know that incoming garbage will be disposed of, but the blockchain puts even more power in it. I think it will have a profound impact on financial reporting. “
Steele then turned to internal controls, saying, “We usually think of internal controls as they exist within the particular entity, and perhaps a service organization, but with the blockchain, these internal controls are now shared between organizations, and it’s just breathtaking. “Asked about the role of the listener in this situation, Brown noted the blockchain” consensus mechanism “whereby all participants must reach consensus on the data before adding it to the blockchain.
“Understanding technology is essential,” said Steele. “Everyone is excited about blockchain … but really think about what makes sense and where it doesn’t.”
“Understanding technology is essential,” said Steele. “Everyone is excited about the blockchain … but really think about what makes sense and where it doesn’t,” she said. “There are situations where multiple parties write the same data, so it makes sense to enter a blockchain to be able to process it more effectively and efficiently. Have these discussions from the start. “
Questions and answers from the audience
As Beers opened the panel to the public, a question arose about the treatment of digital assets as financial instruments, in particular how the level 3 valuation would work with them and how the depreciation would be determined. Solanki responded that, although there are no authoritative guidelines on digital assets as financial instruments, existing asset definitions contain useful information. “At a high level,” she said, “the definition of a financial instrument includes questions such as:” Is there a contractual obligation? Is the digital asset supported by some sort of legal tender or governmental authority? “The answer to all of this today is no.” Regarding impairment, Solanki stated that this would be done in the same way as for an intangible asset, although this would require constant monitoring of the carrying value of the asset relative to fair value.
Asked to conclude, Steele said, “Blockchain is here to stay, so it’s important that everyone thinks about the unique aspects and risks and how we’re all going to respond to them as a profession.” Brown added, “Sometimes the understanding of technology does not exist in the parts of the organization that provide certification services, but they can exist elsewhere in the organization, so research and learn from it.” “