.png)
Frameworks, core principles and top case studies for SaaS pricing, learnt and refined over 28+ years of SaaS-monetization experience.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
The cryptocurrency landscape has fundamentally shifted. What was once a Wild West of digital assets has matured into a regulated environment where compliance and transparency aren't optional—they're essential for survival. For SaaS companies holding crypto assets, accepting crypto payments, or building blockchain-based solutions, the audit process has become increasingly complex and scrutinized.
According to a 2024 PwC survey, 73% of financial executives report that crypto-related audit inquiries have doubled in complexity over the past two years. This isn't surprising. Between evolving accounting standards, regulatory enforcement actions, and high-profile collapses like FTX, auditors are approaching crypto with heightened skepticism and thoroughness.
Whether you're preparing for your first crypto-inclusive audit or navigating the post-reset regulatory landscape, understanding what your auditor will ask—and why—can mean the difference between a smooth process and a costly, time-consuming ordeal. Here are the 13 critical questions your auditor will ask, and more importantly, how to prepare answers that demonstrate control, compliance, and strategic thinking.
1. What is your company's actual exposure to crypto assets?
This foundational question goes beyond simply listing Bitcoin or Ethereum on your balance sheet. Your auditor wants a comprehensive inventory of all crypto-related activities, including:
- Direct holdings of cryptocurrencies
- Stablecoins used for treasury management or payments
- NFTs or other digital assets
- Crypto-denominated receivables
- Exposure through investment vehicles or funds
- Smart contracts with embedded value
How to prepare: Create a detailed crypto asset register that includes acquisition dates, cost basis, current valuations, custody arrangements, and intended use (investment, operational, transactional). According to Deloitte's 2024 blockchain survey, companies with comprehensive asset registers complete audits 40% faster than those compiling information reactively.
2. How do you determine the fair value of your crypto holdings?
Fair value measurement remains one of the most contentious areas in crypto accounting. Unlike publicly traded stocks, crypto assets can trade at different prices across exchanges, with varying liquidity and potential manipulation concerns.
How to prepare: Document your valuation methodology explicitly. Most companies reference pricing from established exchanges like Coinbase, Kraken, or Gemini at specific measurement times. The AICPA's guidance suggests using principal markets or, in their absence, the most advantageous market where you could reasonably transact. Include your process for assessing whether markets are orderly and liquid, especially for less-traded tokens.
3. Who has custody of your crypto assets, and what controls exist?
Custody is where theory meets reality. Your auditor needs to verify that the assets you claim to own actually exist and are under your control. The collapse of centralized exchanges has made this question even more critical.
How to prepare: If using third-party custodians, obtain SOC 2 Type II reports demonstrating their control environment. According to Fidelity Digital Assets, institutional-grade custody solutions should include multi-signature wallets, cold storage for at least 95% of assets, and insurance coverage. If self-custodying, document your key management practices, including hardware wallet usage, multi-signature requirements, and key recovery procedures. Be prepared to demonstrate actual control through signature verification or test transactions.
4. What accounting standard are you applying to crypto assets?
The accounting treatment for crypto assets has been evolving. As of 2024, the FASB's new standard requires fair value measurement for certain crypto assets, departing from the previous indefinite-lived intangible asset model that often resulted in impairment-only accounting.
How to prepare: Clearly document which accounting standard you're applying and why. For U.S. companies, this typically means ASU 2023-08 for crypto assets meeting specific criteria. International companies may follow different IFRS interpretations. Your documentation should explain how you determined which standard applies to each asset type and any judgments made in borderline cases.
5. How do you ensure completeness of crypto transactions?
Unlike traditional banking systems where transaction records come neatly packaged in statements, blockchain transactions require proactive monitoring and reconciliation across potentially dozens of addresses.
How to prepare: Implement blockchain analytics tools like Chainalysis, Elliptic, or TRM Labs that can track all wallet addresses associated with your company. According to Ernst & Young's 2024 crypto audit guide, the most audit-ready companies maintain real-time dashboards showing all on-chain activity reconciled to internal records. Export transaction histories in auditor-friendly formats and maintain documentation explaining any unusual or complex transactions.
6. What is your process for impairment testing?
Even under new fair value standards, understanding impairment indicators remains relevant for certain asset classifications and demonstrates financial stewardship.
How to prepare: Document your monitoring process for impairment indicators, including significant price declines, technological obsolescence, regulatory restrictions, or adverse changes to the underlying blockchain protocol. While FASB's new guidance reduces impairment-only scenarios, having a robust monitoring framework shows financial discipline and helps with assets that may still require impairment consideration.
7. How do you handle crypto received as revenue?
Revenue recognition with crypto introduces unique complexities around timing, measurement, and foreign currency considerations.
How to prepare: Document your policy for measuring revenue at the fair value of consideration received at the transaction date. Address how you handle price volatility between invoice and payment, your process for converting crypto to fiat (if applicable), and how you account for any processing fees. According to KPMG's guidance, companies should have clear policies about whether crypto payments are immediately converted to fiat or held, as this affects both revenue measurement and subsequent accounting.
8. What tax positions have you taken regarding crypto assets?
Tax treatment of crypto varies significantly by jurisdiction and transaction type, creating both compliance obligations and potential liabilities.
How to prepare: Maintain contemporaneous documentation of all taxable events, including asset sales, conversions between cryptocurrencies, crypto-funded expenses, and any staking or mining income. Work with tax specialists familiar with IRS Notice 2014-21 and subsequent guidance. According to a 2024 study by Vertex Inc., companies with dedicated crypto tax tracking systems identify an average of 23% more taxable events than those using manual processes, reducing audit risk.
9. How do you assess and manage counterparty risk in crypto transactions?
The interconnected nature of crypto markets means your exposure extends beyond your direct holdings to every exchange, DeFi protocol, and counterparty you interact with.
How to prepare: Develop a counterparty risk assessment framework that evaluates financial stability, regulatory compliance, insurance coverage, and historical security incidents. Document your due diligence process for selecting service providers. The Bank for International Settlements recommends ongoing monitoring of counterparty health indicators, particularly for entities holding your assets or providing liquidity.
10. What cybersecurity and fraud prevention controls exist around crypto operations?
Crypto transactions are irreversible, making preventive controls paramount. Your auditor will scrutinize whether your control environment matches the risk profile.
How to prepare: Document comprehensive controls including multi-party approval for transactions above thresholds, time-delayed withdrawals, whitelisted addresses for transfers, hardware key storage, and regular security assessments. According to Chainalysis's 2024 Crypto Crime Report, companies with mature security controls experience 97% fewer successful fraud attempts. Include evidence of penetration testing, employee training, and incident response procedures.
11. How do you evaluate regulatory compliance across jurisdictions?
Crypto regulation varies dramatically by geography, with new requirements emerging constantly. Demonstrating awareness and compliance is critical.
How to prepare: Maintain a compliance matrix mapping your activities against requirements in each jurisdiction where you operate. This includes securities laws, money transmission regulations, tax reporting, AML/KYC requirements, and data privacy. Consider engaging regulatory counsel for opinions on complex classifications. According to Thomson Reuters, companies that conduct quarterly regulatory scans catch compliance gaps 85% earlier than those conducting annual reviews.
12. What is your accounting for DeFi protocols, staking, or yield generation?
Decentralized finance introduces novel accounting questions that standard frameworks don't explicitly address.
How to prepare: Document the economic substance of each DeFi activity. For staking, address whether you're providing services (revenue) or earning investment returns. For liquidity provision, explain how you account for impermanent loss and fee income. For yield farming, clarify whether returns represent interest income, dividends, or other categories. The AICPA's Digital Assets Working Group recommends analogizing to the closest traditional financial instrument while acknowledging the unique characteristics of DeFi protocols.
13. How do you plan to adapt to evolving standards and regulations?
This forward-looking question assesses your governance maturity and strategic thinking around crypto assets.
How to prepare: Demonstrate that you have processes for monitoring regulatory developments, accounting standard changes, and industry best practices. Show evidence of regular training for relevant staff, engagement with industry working groups, and periodic reassessment of your crypto strategy. According to PwC, companies that articulate clear evolution roadmaps for their crypto accounting and compliance programs receive more favorable audit opinions and face less scope expansion during the audit process.
Building a Crypto-Ready Audit Culture
Preparing for these questions isn't just about satisfying your auditor—it's about building operational excellence and risk management into your crypto operations. The companies navigating the post-reset crypto landscape most successfully aren't those that view audits as compliance burdens, but rather as opportunities to validate and improve their systems.
Consider establishing a pre-audit readiness review 60-90 days before your formal audit begins. This allows time to identify and remediate control gaps, gather missing documentation, and refine your processes. According to Grant Thornton's 2024 audit readiness study, companies conducting pre-audit reviews reduce overall audit costs by an average of 31% and experience 68% fewer material findings.
The crypto reset has created a new baseline for what "audit-ready" means in the digital asset space. By proactively addressing these 13 questions, you're not just preparing for your auditor—you're building the infrastructure for sustainable growth in an increasingly regulated industry. The companies that will thrive aren't those that merely survive audits, but those that use the audit process as a catalyst for operational maturity and strategic confidence.