When a business decides to engage in a cryptocurrency exchange that lacks sufficient oversight over the activities; it performs or the cryptocurrency balances in its accounts. Consequently, any of the claims may be endangered. Businesses often utilize an online exchange to make bit currency transactions. there are some audit risks associated with cryptocurrency transactions such as inherent risk, control risk, and detection risk. inherent risk means the chance that a major misrepresentation may arise in the absence of internal measures.

in control risk there are chances that internal procedures and policies of the client may fail to detect or prevent material misstatement. the last one is detection risk which means material misstatements in accounts or amount of transaction occurs, but the auditor’s substantive procedure could not detect. In certain instances, the firm might even utilize an exchange-hosted bitcoin account. All the cryptocurrency fees may be influenced by the exchange's quality. There is a various factor that should be considered before deciding on an online exchange, such as: who manages and controls the exchange, as well as its public image (for example, some exchanges have supposedly been involved in "pump and dump" strategies (i.e., artificially inflate the value of an investment through bullshit claims, then dump/sell to stockholders) to manipulate cryptocurrency prices artificially).

  • The nation in which the exchange is located. Some examples of these include anti-money laundering requirements such as the "know your customer" criterion, as well as other laws and regulations to which the exchange is subjected.
  • Trades in crypto and fat currencies are accepted on the exchange.
  • The exchange's liquidity and trading volume
  • A performance auditor's report is provided to customers by the exchange to show how well its protections over cryptocurrency exchanges and balances work. On the other side, cryptocurrency exchanges and auditors are investigating the audibility of the service. Therefore, additional service auditor reports might become public in the future.
  • Internal Controls to Think About
  • The entity might delegate responsibility for deciding which cryptocurrency to buy and which exchange to utilize to experienced individuals who understand the risks and how to mitigate them.
  • Senior management has the authority to examine and, if necessary, approve the decisions taken.
  • To gain access to its account, the organization may choose to employ at least two-factor authentication. Breach to the exchange-hosted account of the company would be reduced because of this solution.
  • Developments in the industry (a potential related business risk might be, e.g., that the company does not have the personnel or expertise to deal with the changes in the industry.)
  • there is a risk in accepting cryptocurrency as a method of payment as a company started using this method on March 1, so the customer can argue or may not be accepted by customers who are not using cryptocurrency.
  • for accepting this new method of payment company must have a compatible system, so that can easily work with new technology.
  • because the cryptocurrency is not backed by the government it is risky, government is not liable for any default.

The entity owns an unaccounted-for cryptocurrency wallet. Assertions that are related: Completeness in both the recording and the storage of the cryptocurrency. Due to the nature of assets and the transactions associated with them (s), it is conceivable for an audited company to overlook one or more of its bitcoin investments. Purses (and holding a cryptocurrency that it owns). That entity's bitcoin holdings and transactions will remain unrecorded.

Estimating the risk of significant misrepresentation about bitcoin holdings and activities may be challenging. The public keys and associated addresses in a blockchain do not make the identities of the people engaged in transactions visible. Additionally, the entity may be unfamiliar with cryptocurrency transactions. Therefore, the auditor might face difficulty in locating pertinent evidence to support their opinion that large bitcoin transactions were not disclosed.

  • If the auditor finds the presence of a wallet that was previously unaccountable for during the audit; there is a possibility that it was concealed on purpose. This could impose a risk of fraud, such as the likelihood of management overriding bitcoin wallet security.

Internal Controls to Consider

It's possible that the entity's failure to identify a wallet it controls was inadvertent. Because a single entity can have a huge number of wallets, the rules governing wallet formation authorization and subsequent wallet tracking may have been ineffective. As a result, one or more wallets may have been misplaced by the entity. This risk can be mitigated by establishing specific responsibilities for wallet production and tracking.

The loss of a private key could result in significant deception if the consequence of the loss is not effectively accounted for. However, if the person in control of the encryption key is uninformed of its damage during the generation of financial statements because they have not tried any additional cryptocurrency activities, there is a possibility of significant falsification. Those who lose an entity's encryption key, for instance, may have a lot of motivation to hide or delay reporting the loss. Illegal access to the individual's unique key results in the theft of the entity's crypto money (John Thackeray, n.d.). Assertions that are related to each other: Asset rights (ownership) in cryptocurrency and the existence of the entity's assets.........................

This is just a sample partial case solution. Please place the order on the website to order your own originally done case solution.

Share This


Save Up To




Register now and save up to 30%.