Herbert M. Chain
Shareholder at CBIZ CPAs PC and director at CBIZ, New York,
Herbert M. Chain is a highly experienced auditor and a financial expert with over 45 years of experience in business, accounting, and audit, having served as a Senior Audit Partner at Deloitte. He holds certifications from the National Association of Corporate Directors and the Private Directors Association, with knowledge of private company governance and effective risk management. He has extensive expertise in the financial services sector, including asset management and insurance.
Auditing digital assets: how auditors can manage risk and compliance
April 23, 2025
Auditing digital assets is becoming an essential skill for assurance professionals as businesses increase their use of cryptocurrencies and blockchain-based technologies. These assets, such as bitcoin, ethereum and other tokens, create new considerations for financial reporting and audit procedures. Herbert M Chain, shareholder at CBIZ CPAs PC and director at CBIZ, New York, writes for AB Magazine.
Financial reporting considerations
Digital assets do not meet the definition of cash or financial assets under IFRS standards. Most should be classified as intangible assets under IAS 38. If held for sale in the ordinary course of business, they may be treated as inventory under IAS 2.
Key audit risks
Auditors must evaluate a number of risks specific to digital assets. These include client acceptance, use of third-party service organisations, and audit assertions related to existence, valuation and ownership.
Existence risk
Digital assets are virtual and decentralised, making it more difficult to confirm whether they exist as reported. Public blockchain transactions can be traced using blockchain explorers, which help verify balances. However, auditors must consider the relevance and reliability of the data source.
When assets are held in cold storage or secured wallets, physical inspection and access verification are often required. Multi-signature wallets, which require multiple authorisations, present additional audit complexity.
Valuation risk
The value of digital assets can change significantly over short periods. Auditors must assess whether the valuation method reflects fair value at the reporting date. This may involve checking several cryptocurrency exchanges to identify the principal market. If pricing aggregators are used, auditors need to confirm that these sources are appropriate, even though they do not operate as direct trading platforms.
When digital assets are held at cost, impairment testing is required. Auditors must judge whether any decline in market value is temporary or indicates a need for permanent write-down.
Ownership risk
Due to the anonymous or pseudonymous nature of blockchain transactions, establishing ownership can be challenging. Auditors should review legal agreements with custodians and service providers, and confirm whether the entity has control of the private keys linked to the reported assets. If a third party holds the keys, it may be more accurate to report a receivable instead of direct ownership.
Independent confirmation from service providers can strengthen audit evidence in these cases.
Evaluating internal controls
Strong internal controls are essential for managing digital asset risks. Auditors should assess the client’s governance framework and procedures for custody, transaction approval and key management.
Where digital assets are held by a custodian, auditors should request the latest SOC 1 or ISAE 3402 Type II report. This helps assess whether the service organisation’s controls are suitably designed and operating effectively, and whether the client is meeting the control requirements specific to their role.
Cybersecurity risk
Digital assets are often targeted by cyberattacks. Auditors should review the entity’s network security, incident response plans and any cybersecurity protocols used by external service providers. Controls should prevent unauthorised access and address threats such as malware, phishing and data loss.
Adapting audit practice to a changing landscape
Auditing digital assets involves new risks that affect traditional audit areas such as existence, valuation and ownership. Auditors must understand these risks, assess controls and apply updated procedures to provide reliable assurance. As the digital asset environment evolves, audit approaches must evolve with it.
