Blockchain technology enables near real-time settlement of transactions on a digital ledger that are encrypted, timestamped and irrevocable. With more than 21,000 different crypto-assets in circulation, each relying on its own blockchain, the number of transactions occurring daily is astounding. Have you wondered how crypto-asset transactions are validated before being permanently recorded on a blockchain? This is where crypto-asset mining comes in.\n \nRead this blog to learn about:\n\n the basics of crypto-asset mining \n considerations for auditing a crypto-asset mining entity (miner) \n third-party service provider considerations \n CPA Canada’s Crypto-Asset Auditing Discussion Group\n\nWhat is crypto-asset mining?\nMining is the process that Bitcoin and several other cryptocurrencies use to generate new coins and verify new transactions. Focusing on the original "proof of work" consensus mechanism, it involves vast, decentralized networks of computers around the world that verify and secure blockchains – the virtual ledgers that document cryptocurrency transactions. Proof of work blockchains, such as the Bitcoin blockchain, require a huge amount of processing power, with virtual miners around the world racing to be the first to solve a complex math puzzle. \n \nTo incentivize these miners to compete in processing the transactions for the next block, the winning miner is entitled to a “reward” in the form of transaction fees, a block reward or both. Transaction fees are paid by the participant who requested the transaction and block rewards are newly created crypto-asset units granted to the winning miner by the blockchain network. \n \nMany miners pool their computing power in mining pools with other miners. These pools are managed using programmed protocols or are administered by third-party companies or individuals. When the mining pool adds a block to a blockchain and earns the associated reward, each miner participant receives its share of the reward based on one of several allocation methods.\n \nWith that said, each blockchain is unique and is governed by its own set of rules. Not all use proof of work blockchains. Some blockchains, such as Ethereum 2.0 and Solana, use “proof of stake” – the other major (and newer) consensus mechanism – to validate transactions. A notable difference with staking is that it requires far less computer power (and energy costs). There are trade-offs with both proof of work and proof of stake, and we will continue to monitor the direction the crypto-asset sector takes in Canada.\n \nCheck out our suite of blockchain and crypto-asset resources if you need a refresher or are new to this space.\n\n\n\nHaven't signed up yet? Subscribe now to join our growing audience of over 10,000 professionals who receive updates on the latest audit quality blogs as well as resources and professional development opportunities.SIGN ME UP\n\nAuditing a crypto-asset miner \nAs the crypto-asset market continues to expand, it has highlighted challenges for auditors in obtaining assurance over this complex asset class. Auditors are exploring different ways to respond to the risks associated with crypto-assets, including when it comes to auditing crypto-asset mining revenue. One challenge in the market today is the gap between what crypto-asset miners expect when they undergo a financial statement audit and the auditors’ responsibilities in order to comply with Canadian Auditing Standards. For this reason, and to drive increased consistency in practice, we recently published a Viewpoints paper, Auditing Mining Revenue of Entities Engaged in Crypto-Asset Mining, specifically related to proof of work mining. \n \nThe paper includes: \n\n frequently asked questions – This section aims to answer some key questions specific to auditing mining revenue at a crypto-asset mining entity and can be applied to companies running their own mining operations, or to miners participating in a pool.\n illustrative examples – The appendix includes two illustrative examples of substantive analytical procedures that an auditor may prepare when auditing mining revenue and illustrates varying levels of complexity and types of inputs that may be required. \n\n The following highlights just some of the unique considerations for auditors when dealing with entities engaged in crypto-asset mining.\nClient acceptance \n \nBefore accepting or continuing an audit engagement with a crypto-asset miner, you may need to perform additional procedures to satisfy firm requirements. The purpose of these procedures is to assess the current control environment and structure to identify if the entity has put in place the appropriate processes, systems and controls to report its mining operating results. This information can help determine if it is likely that you will be able to obtain sufficient appropriate audit evidence over the financial statements as a whole. For example, you might consider:\n\n inquiring about controls in areas such as: revenue recognition, completeness of revenue including considerations over the reliability of the underlying data, mining assets, anti-money laundering and Know Your Customer and related parties\n inquiring about service providers involved with the entity’s crypto-assets and obtaining and analyzing the relevant contracts \n performing initial tests of controls to assess their design and operating effectiveness\n assessing whether the use of information technology, blockchain, or other specialists may be required \n\nThese procedures take additional time as compared to the client acceptance procedures in other, and potentially less complex, industries.\nAuditing mining revenue\n \nSince mining transactions are recorded on the blockchain, a common question is whether the auditor can simply place reliance on the blockchain itself to support the recognition of revenue by the crypto-asset miner. The answer is that, unfortunately, it’s not quite that straightforward. \n \nWhile tracing to the blockchain may demonstrate that the crypto-asset exists, it does not demonstrate that the crypto-asset miner has satisfied their performance obligations. The crypto-asset miner needs to demonstrate that they have performed a service and have been compensated accordingly (as required by the accounting revenue recognition standards). This means that it may not be sufficient for the entity to use crypto-assets received as the trigger for recognizing revenue. \n \nThe blockchain also cannot demonstrate the completeness of revenue, as it will not disclose how much revenue the crypto-asset miner was actually entitled to; it only shows a transfer of a crypto-asset to the entity. The blockchain itself cannot demonstrate ownership either; therefore, it is up to the entity to demonstrate that the crypto-asset on the blockchain actually belongs to the entity. Access alone to a crypto-asset wallet does not demonstrate ownership. Further guidance on ownership is available in a CPA Canada Viewpoints publication titled Are Tests of Controls Needed Regarding the Ownership Assertion?\n \nAuditors are reminded that evidence obtained from the blockchain will need to be combined with other audit procedures to provide sufficient appropriate audit evidence over the completeness and occurrence of revenue. Go here if you want to learn more about the other factors an auditor may consider regarding the relevance and reliability of information obtained from a blockchain to be used as audit evidence.\n \nWe encourage you to share our newly published paper with (prospective) clients that operate as crypto-asset miners. The paper also aims to assist mining entities in understanding auditor responsibilities and requirements in facilitating the execution of the audit. \nThird-party service providers\nMining entities, as well as others in the crypto-asset mining industry often rely on third-party service providers, such as mining pool operators, trading platforms, custodians, or wallet providers. \nAuditor considerations\n \nIt is important as the auditor to understand that, given the nature of the technology, the services performed by third parties in the crypto-asset sector may not be as simple as those performed by a traditional third-party service provider such as a payroll service provider or traditional asset custodian. Further, the third-party service providers may not be as sophisticated; their control environments may be less mature, including the design of appropriate controls. This creates unique challenges for auditors when auditing the financial statements of entities that engage with third-party providers, some of which you can read about in this article. If you are looking to dive a little deeper on this topic, our Viewpoints paper, Third-party Service Provider Considerations, addresses each of the following: \n\n understanding the crypto-asset ecosystem\n understanding the nature of the third-party services provided, including assessing whether a third party is a service organization\n approaches to obtaining an understanding and evaluating the relevant controls at a service organization\n identifying risks and relevant controls at a service organization\n\nExistence of crypto-assets \n \nIt is important for auditors to recognize that outsourcing custody of crypto-assets to custodians does not necessarily mean those assets will be safe. The nature of crypto-assets makes them more vulnerable than traditional assets to theft or loss. Just this past month, Blockchain analysis firm Chainalysis reported record-breaking hacking activity in the cryptocurrency sector. Hackers are grossing over $3 billion dollars this year so far! \n \nFurther to this, in the Canadian Public Accountability Board's (CPAB) latest report, they expressed concern about the quality of evidence that some auditors are obtaining when auditing the existence of crypto-assets in custody by third parties. A recurring theme in their significant inspecting findings is that auditors did not obtain a sufficient understanding of the risks associated with custody outsourcing arrangements, leading to insufficient responses to the risks. CPAB reminds auditors that relying on representations from custodians (e.g., audit confirmations and client account statements) as the only source of audit evidence is not an adequate response to elevated risks associated with the existence assertion. \nCPA Canada’s Crypto-Asset Auditing Discussion Group\nTo create an opportunity for dialogue and the issuance of non-authoritative guidance on audit issues arising from the crypto-asset ecosystem, CPA Canada and the Auditing and Assurance Standards Board’s (AASB) joint Crypto-Asset Auditing Discussion Group (the Group) meets approximately four times a year. Along with representatives from CPA Canada and the AASB, the Group also includes members from CPAB, provincial practice inspection, academia, and CPA firms in Canada. Potential topics for discussion in 2023 include:\n\n proof of stake \n crypto-asset lending and borrowing \n\nKeep the conversation going\nIf you have ideas about the topics of interest to our discussion group or non-authoritative guidance needed for the assurance profession in respect to the crypto-asset ecosystem, email me directly. \nDisclaimer\nThe views and opinions expressed in this article are those of the author and do not necessarily reflect that of CPA Canada.