Our four experts, David Byrd (EY), Steven Baum (Marcum), Alexis Tandéo (PwC) and Nicholas Newman (Harris & Trotter LLP) provide insights into how to structure your team to ensure a smooth audit process.
Your people are the bedrock of your success in audits. Having an experienced and knowledgeable team to lead your company through a financial audit is key to attaining audit readiness. This team should understand the key challenges faced by crypto companies in the audit process and be able to implement internal controls that can mitigate the risks of non-compliance and fraud.
We interviewed four experts at leading audit firms EY, Marcum, PwC, and Harris & Trotter LLP to create a guide on how to structure your team to ensure audit success. Their insights will help any crypto CFO or financial controller understand the risks associated with your company’s personnel and the internal controls you need to put in place to mitigate them.
Before committing to an audit for a crypto client, auditors seek to understand the structure of personnel within your organization.
Alexis Tandéo, Director - Digital Assets Trusts Services, PwC tells us that the audit firm clarifies two fundamental questions concerning the organization’s personnel whenever they are approached by a potential client:
With these questions suitably addressed, auditors can begin the assessment of inherent risks and challenges they might face during the audit. If the auditor identifies an excessive number of risks, they might opt not to conduct an audit for your organization.
Auditors need to feel confident that they can work with the individuals who they are collaborating with during the audit process. This can be difficult when dealing with inexperienced finance teams. Lacking people who understand the challenges and risks your business faces is a key hurdle in attaining audit readiness.
However, Harris & Trotter’s Nicholas Newman identifies a skills gap in many crypto organizations:
“Many crypto companies approach us thinking they are audit-ready. As soon as we start examining their records and documents, it becomes clear that they aren’t handling crypto transactions adequately in their financial records. A lot of finance professionals just don’t know how to manage them and don’t adequately record these on-chain transactions. In some instances, they just ignore them. In either case, the financial records aren’t accurate.”
Audits for companies that lack this depth of experience in their finance team are considered higher-risk and auditors might decline to take them on as a client.
In addition to the finance and accounting team, auditors require active engagement and supervision from a board of directors entrusted with maintaining sound governance practices.
Discrepancies and unpreparedness for audits often arise due to a potential disconnect between founders and finance teams. Here, the board can play a crucial role in supervising financial decisions and ensuring the existence of well-documented policies and procedures. They can often bridge the divide between founders and finance teams, ensuring that financial activity is disclosed correctly and financial risks are managed appropriately.
However, documentation of policies and procedures is not enough. Auditors need to see that you adhere to these policies. Companies that cannot show evidence of good governance with proper policies and processes in place are also considered to be higher-risk audits.
Maintaining effective internal controls is essential to mitigating the risks associated with the people working at your company. Our four experts suggest the most important
internal controls you should implement to combat risks including manipulation of financial records, non-compliance, data breaches, and fraud.
Access controls
Ensuring that the correct people have access to your company’s systems and cryptoassets is a necessary step in attaining audit readiness. Companies have to comply with regulations around maintaining the confidentiality and integrity of data. Implementing IT General Controls (ITGC) like access controls mitigates the risks of non-compliance and manipulation of financial records.
For crypto companies, the primary access controls associated with digital asset custody are around company wallets. David Byrd from EY recommends having:
Disclosure of related party transactions
Auditors scrutinize the transactions between related entities, especially in the crypto space, since on-chain transactions have a higher degree of anonymity, which companies like FTX have exploited in recent times.
Auditors first want to see a clearly defined policy around related party transactions. All related party transactions should be disclosed in financial statements, whether they are considered income, expenses, or incoming loans (from directors or investors). Then auditors need to see authorization of these transactions, with clear segregation of duties between people involved in the approval process.
Authorization and approvals process
To mitigate the risk of accounting fraud, related party transactions should be approved by your company’s board, which follows a well-defined policy that outlines the approvals process. Auditors need to see evidence of your authorization and approvals process in work.
Steven Baum from Marcum provides the following blueprint:
Segregation of duties
Segregation of duties during the authorization and approvals process is an important control to mitigate the risk of fraud and manipulation of financial records. This control ensures that team members who have access to company wallets cannot both initiate and approve transactions. It is crucial to have this internal control in place for wallet management and financial reporting.
Alexis Tandéo from PwC, says “To design effective internal controls, it is essential to establish an appropriate division of responsibilities between those who perform accounting or control procedures and those who supervise these activities. Ideally, transaction processing and related tasks should be organized in such a way that the work of one person is independent of that of another, or serves as a dual control.”
Preparing for a crypto audit requires you to assess every aspect of your business for risks and evaluate the most effective ways of mitigating them. Ensuring that you have the requisite skills and knowledge within your team to go through an audit successfully is key. The team involved in the audit process must understand the challenges and risks and be able to proactively implement the necessary internal controls.
The journey to audit readiness also relies on the involvement of a board that can provide good governance practices. The board can oversee the process of implementing and testing your controls which help to maintain the confidentiality, integrity of data, and transparency in financial activities, reducing the risk of non-compliance and fraud.
About David Byrd, Partner, EY
David is a Partner at EY and the firm’s Blockchain Strategy Leader for Assurance. His role involves guiding asset managers, banks, exchanges, and custodians in achieving their goals within the blockchain and digital asset landscape. Leading EY's Digital Asset Research Center, he oversees teams dedicated to supporting Assurance, Tax, and Consulting initiatives. With an in-depth technical grasp of blockchain technology and custody solutions, David actively contributes to the development of digital asset tools used by EY for audit and audit readiness engagements. Additionally, he communicates with regulators worldwide and prominent industry associations to exchange insights and foster best practices in the realms of accounting, auditing, compliance, and digital asset valuation.
About Steven Baum, Partner, Marcum
Steven is a Certified Public Accountant, Partner at Marcum LLP and serves as the Digital Asset and Blockchain Industry Co-Leader. Steven has close to 15 years of experience working with a wide range of industries, most notably digital assets and technology. Steve is known for his expertise in assisting businesses with transactional engagements, including IPO's, Token Launches, reverse mergers, Private Placement Offerings, and mergers/acquisitions, but also for his charismatic business acumen. You can find Steve at many industry conferences, speaking and connecting with industry leaders. During Steve’s free time, he loves to travel abroad, hike and enjoys boating. When at home in Hoboken, NJ, Steve enjoys dining and exploring all that the New York City area has to offer with his wife, Kristyn. Steve holds a BS in Accounting from Hofstra University and a Master's in Accountancy from Rutgers University.
About Alexis Tandéo, Director - Digital Assets Trust Services, PwC France
Alexis is a Director at PwC in its Digital Assets Trust Services practice. He provides various services to institutional clients, corporate and startups to help them navigate the challenges of digital asset management. He supports some of the industry’s largest players to implement internal controls that address the risks inherent in crypto businesses. Additionally, he consults on financial reporting compliance requirements for companies in the crypto realm and provides accounting and regulatory reviews.
About Nicolas Newman, Partner & Head of Digital Assets, Harris & Trotter LLP
Nicholas is a Partner & Head of Digital Assets at Harris & Trotter LLP, leading the firm’s digital assets practice. He works with some of the most prominent entities in the crypto industry including 1inch, Wintermute, and Blockchain.com, supporting them with audit, advisory, accounting, bookkeeping, compliance, and taxation services. With expertise in crypto and audit, he is able to support companies with diverse cases, shape regulatory frameworks and collaborate globally as an independent member of BKR and community-led interest groups like Web3CFO. Nicholas championed Harris & Trotter LLP's innovative Proof of Reserve service powered by Chainlink, ensuring transparency in clients' on-chain and off-chain reserves, bolstering their financial credibility.