Asset tokenization, the creation of digital ownership representations for diverse assets on blockchain and distributed ledger technology platforms, is a transformative force in finance. 

This wave, projected to reach $4 trillion to $5 trillion by 2030, moves asset records onto immutable ledgers governed by code, introducing unprecedented audit challenges and demanding a fundamental shift in methodologies. This analysis outlines the essential knowledge audit firms need to navigate the complex risk landscape of auditing tokenized assets.

Tokenized assets require enhanced forensic procedures beyond traditional audit tools due to the limitations of conventional methods in decentralized, pseudonymous systems. Traditional sampling is challenged by the potential for 100% on-chain data testing, shifting focus to verifying dataset completeness and accuracy, and its link to off-chain reality. 

External confirmations are often inadequate for self-custody or Virtual Asset Service Provider-held crypto assets lacking standardized processes or SOC audits. Ownership verification moves from documentation review to confirming control over private cryptographic keys, requiring specialized on-chain procedures like cryptographic signing. The speed and 24/7 nature of blockchains challenge point-in-time snapshots, and immutability demands critical assessment of data source reliability. 

The audit shifts from transaction verification to validating system integrity: confirming dataset accuracy and completeness, verifying asset control via keys, assessing smart contract logic and security, evaluating off-chain processes, and scrutinizing internal controls over key management. 

This requires new competencies in system integrity, cybersecurity and smart contract functionality.

This calls for enhanced forensic procedures. Blockchain’s characteristics (pseudonymity, decentralization, complex transaction paths, privacy tech) render traditional forensic techniques inadequate. Specialized analysis is needed to trace funds, uncover relationships, identify fraud and secure digital evidence. 

Central to this is in-depth on-chain data analysis using techniques like transaction tracing across multiple addresses and chains, address clustering to link pseudonymous activity to entities, pattern recognition for suspicious activity (e.g., layering, rapid movements, structuring), and risk scoring based on exposure to known illicit sources (sanctioned entities, darknet markets and mixers).

Smart contract auditing as a key control

A critical component is smart contract auditing. Smart contracts govern token behavior and automate operations, acting as significant control points. Vulnerabilities pose risks of financial loss and misrepresentation. 

Auditors must understand the purpose and logic of smart contracts and evaluate technical smart contract audits conducted by security experts, covering automated and manual code reviews, functional testing and vulnerability reporting. 

The absence of a rigorous audit or unaddressed critical findings is a significant control deficiency. Smart contract audits are a specialized form of internal control testing, verifying code security and functionality, with high stakes due to direct asset control on immutable ledgers.

Recognizing red flags in crypto and DeFi

Auditors must recognize emerging red flags in crypto and DeFi. 

• Transaction-based red flags: Structuring transactions to avoid thresholds, obfuscating fund flows (layering, mixers, privacy coins), unusual activity inconsistent with business profile, and transactions linked to known illicit sources (sanctions checks). 
• DeFi-specific red flags: “Honeypot” tokens and “rug pulls” (developer liquidity withdrawal).
• Counterparty and Know Your Customer/Anti-Money Laundering red flags: Pseudonymous identifiers, inability to provide source-of-funds information, dealing with high-risk jurisdictions, links to sanctioned entities, and excessive account structures
• Platform and offering red flags: Unrealistic promises, pressure tactics, poor documentation, anonymous teams, unwillingness to disclose code, fake credentials, operational issues (withdrawal difficulty, lack of locked liquidity) and misleading regulatory claims.

Recognizing these signals underlying control, compliance or legitimacy issues, demanding increased skepticism and targeted procedures.

Blockchain analytics and forensic tracing tools

The growing role of blockchain analytics and forensic tracing is indispensable for auditing tokenized assets. These tools process vast on-chain data, automating tracing, clustering, risk assessment and visualization. Key providers offer transaction monitoring (Know Your Transaction), address screening, forensic investigation tools (cross-chain tracing, address clustering), VASP due diligence and compliance reporting features. 

Integrating analytics into the audit workflow supports risk assessment (identifying high-risk areas), substantive testing (verifying transactions, tracing assets), compliance testing (sanctions screening) and fraud detection (identifying anomalies). 

While powerful, their effectiveness depends on dataset accuracy and algorithm sophistication; auditors must use them diligently, understanding limitations, corroborating findings and applying professional skepticism.

Bridging the gap between real-world assets and on-chain tokens

How firms can bridge the gap between real-world assets and on-chain representations is a complex challenge for Real World Asset audits. The core objective is confirming the on-chain token represents a valid claim on the off-chain asset. This involves:

• Verifying the underlying asset through traditional procedures (legal documents for existence/ownership, valuation assessment, due diligence);
• Validating the on-chain representation by scrutinizing legal agreements linking token and RWA, assessing smart contract integrity (evaluating technical audits); 
• Evaluating custody controls for both the physical asset and digital tokens; and
• Assessing reliability of data integration mechanisms (oracles).

Proof of reserves and third-party risk

Proof of reserves is a key mechanism for asset-backed tokens, involving third-party verification of reserves against liabilities (often Agreed-Upon Procedures), but auditors must understand their limitations (point-in-time, scope, methodology dependence). Robust reconciliation processes between on-chain, off-chain and internal records are essential, often requiring specialized tools. Auditing tokenized RWAs elevates third-party risk, requiring rigorous evaluation of all parties in the chain of trust.

Staying compliant with evolving crypto regulations

Recommendations for audit teams to stay compliant with evolving crypto regulations are crucial. The landscape is complex and fragmented globally. Key pressure points include securities classification, AML/KYC, custody rules, market integrity and investor protection. 

In the U.S., SEC guidance impacts disclosures and custody, while the PCAOB emphasizes applying existing standards rigorously, highlighting deficiencies in inspections. The AICPA provides nonauthoritative guidance and reporting criteria, adapting to new accounting standards like ASU 2023-08. In the EU, Markets in Crypto Assets establishes a comprehensive framework for crypto-assets and service providers, imposing authorization, whitepaper, stablecoin, market abuse, transparency and consumer protection requirements.

Regulators increasingly demand assurance over underlying systems and controls, shifting audits to validate infrastructure integrity. Firms must actively monitor updates from organizations such as the Securities and Exchange Commission, Public Company Accounting Oversight Board, American Institute of CPAs, European Securities and Markets Authority, European Banking Authority, and Financial Action Task Force, promptly update methodologies and training, and engage with industry and regulators.

The tokenization of assets presents a significant, complex challenge for auditing, and staying vigilant on regulation is nonnegotiable. Firms integrating technological proficiency, sound judgment and robust controls will be best positioned to provide assurance in this evolving global economy.

President Donald Trump declared that Harvard University would lose its tax-exempt status, a designation that has allowed the school to avoid paying levies on its revenue under a classification for educational institutions.

Trump posted the announcement after weeks of threatening an Internal Revenue Service review of the Ivy League’s tax-free treatment. 

“We are going to be taking away Harvard’s Tax Exempt Status. It’s what they deserve!” Trump wrote early Friday morning.

Conservatives have targeted Harvard and other elite universities in recent years over accusations of ideological bias and allegations of a rise in antisemitism amid campus protests against the war in Gaza. Trump and other Republicans have accused the institutions of promoting liberal agendas and so-called “wokeness.”

“The next chapter of the American story will not be written by the Harvard Crimson,” Trump said during a Thursday night commencement address at the University of Alabama. “It will be written by you, the Crimson Tide.” 

The IRS code prevents presidents from interfering with the federal tax agency’s decisions. But the IRS commissioner reports to the Treasury Secretary and it was unclear if Trump’s announcement stemmed from his decision or that of the independent agency.

The White House, IRS and Treasury Department did not immediately respond to a request for comment. 

Trump’s fight with Harvard has escalated rapidly since the university rejected the administration’s demands to reform campus policies, arguing they went far beyond their stated efforts of combating antisemitism and threatened the school’s independence. The administration has frozen billions of dollars in funding that supported projects including ALS and tuberculosis research and Harvard has sued several U.S. agencies and top officials in response.

Harvard has warned of “grave consequences” should the Trump administration follow through on revoking its tax-exempt status. Democrats, including Senator Elizabeth Warren, have rallied around Harvard. The Massachusetts lawmaker said in an interview with Bloomberg News last month that it was “flatly illegal” for the U.S. president to direct the IRS to investigate or change status for a taxpayer.

Earlier this week, the university released long awaited reports on antisemitism and anti-Muslim bias that painted a scathing picture of how students treated each other in the wake of the Hamas attack against Israel on Oct. 7, 2023. 

“I’m sorry for the moments when we failed to meet the high expectations we rightfully set for our community,” Harvard President Alan Garber said in a letter accompanying the reports.

Garber has acknowledged the need to tackle antisemitism, noting that he’s experienced it directly while serving as the university’s leader, and said Harvard is committed to working with the administration. In recent weeks, the school placed the Harvard Undergraduate Palestine Solidarity Committee on probation and forced the faculty leaders of the Center for Middle Eastern Studies to leave their posts. Harvard also suspended a partnership with Birzeit University in the West Bank. Harvard has also renamed its diversity, equity and inclusion office as Community and Campus Life.

Business accounting platform Xero announced that, through a strategic partnership with billing solutions provider Bill, U.S. customers can now pay their bills from within Xero. Customers can pay multiple bills without leaving the platform; find vendors on Bill’s network; track the status of all bill payments made from Xero; get a digital record of which vendors have been paid and when; and pay their bills with two-step verification. A demo can be viewed here. Xero also announced the release of a new workpapers solution exclusively for accounting and bookkeeping partners, developed via a partnership with BGL Corporate Solutions, a compliance management and AI-powered software provider. The solution will allow the direct import of client bookkeeping data from Xero, reducing manual entry when preparing tax returns and financial statements. Xero accounting and bookkeeping partners in Australia will have the opportunity to gain early access to the new workpapers solution in the coming months for feedback.