The Canadian Public Accountability Board (CPAB) back in November 2019 published inspection insights on Auditing in the Crypto-Asset Sector. It highlighted 48 Canadian reporting issuers with activities in the crypto-asset sector, and noted auditors didn’t understand what the risks were, relied on information without understanding its reliability, and didn’t get sufficient audit evidence to support their conclusions. (1)

More recently, the US Public Company Accounting Oversight Board (PCAOB) issued a “Spotlight” with “timely and relevant observations for auditors and audit committees” on the topic of “Audits Involving Cryptoassets”. PCAOB staff has noticed an increasing number of financial statements with cryptoassets recorded and disclosed, as well as having performed inspections where transactions involving cryptoassets were material to the financial statements. It highlighted the need for auditors to understand, as part of the acceptance and continuation process, whether the auditor can even complete the engagement with professional competence, given the specialized skill and knowledge necessary, and called audit committees to ask their auditors (“at their discretion”, of course) about the Firm’s understanding and experience of the area. (2)

I am reminded of an inspection where an auditor was asked by the crusty older PCAOB inspector what “RPG” was. When the auditor responded, “Role-playing game?”, the jig was up; inventory, which was material to the inspection, was being tracked on a legacy IBM System/38, and RPG III was the programming/data environment. When PCAOB inspectors start asking auditors, “What is UTXO?” and the auditors respond, “Was that the robot voiced by Alan Tudyk in Rogue One?”, there may be problems.

(1) https://www.cpab-ccrc.ca/docs/default-source/inspections-reports/2019-crypto-inspections-insights-en.pdf?sfvrsn=9aa5c0d2_20

(2) https://pcaobus.org/Documents/Audits-Involving-Cryptoassets-Spotlight.pdf