Thirteen accounting firms have united to form Sorren, a national firm backed by private equity firm DFW Capital Partners that will have over a thousand employees and 20 offices across the country.

Operating in an alternative practice structure as Sorren CPAs PC for attest services and Sorren Inc. for business advisory and non-attest services, the combined firms have 85 partners and approximately $170 million in revenue, with plans to add more firms going forwards.

Many of the founding firms met as members of the BDO Alliance, and their leaders had gotten to know one another as attendees at alliance meetings and managing partner roundtables, according to Josh Tyree, the president of Sorren, who was previously president of Harris CPAs, an Idaho-based firm that was the first of the group to go the PE route, signing up with DFW in January 2024.

“Harris had started looking at that process with DFW for a good chunk of 2023,” Tyree recalled, “and I remember we were having a managing partner roundtable meeting in Nashville that year in the fall, and they were all there and I raised my hand after two hours of talking about PE and I said, ‘Hey guys, I think I’m going to jump in feet first and you guys should all come and join us.'”

And they did — with individual firms joining up with DFW over the course of 2024, and a large group in January 2025.

“There was a level of comfort,” he explained. “We knew all of our firms and our people and what we do and how we do it because we’d shared so much information over the years.”

Apart from Harris, the other firms currently comprising Sorren are:

• Acuity (Georgia);
• Aycock & Co. (Texas);
• Capital Nomics Valuations (California);
• Chigbrow Ryan Murata (Idaho);
• Hoerber Tillman & Co. (Florida);
• JRJBF (Illinois);
• KDP Advisors (Oregon);
• KMA Advisors (Wisconsin);
• Pisenti & Brinker (California);
• Roeser Accountancy (California).
• SBF Advisors (Florida);
• Stockman Kast Ryan & Co. (Colorado).

Allan Koltin, CEO of Koltin Consulting Group, said in a statement, “What makes Sorren stand out is the way these firms came together — with intention, shared values, and a commitment to staying deeply connected to their local markets. This group didn’t just merge for size; they united around a common purpose. It’s a blueprint for how innovative firms can grow, while staying true to who they are.”

The firms all have a strong focus on small and middle-market businesses and nonprofits that want a local firm feel and relationship, even if they need services across the country. As it adds new firms, Sorren will prioritizing those that are a fit with their current culture.

“If we go into another region, we want to start with leadership and good people; we’re not just randomly going out to try and find any firm that meets [a client need],” Tyree explained. “It really has to fit our culture and it has to have a leader in that area for us to go into that services.”

He also made the point that Sorren is still very much a work in progress — relying on current firm expertise to build national practices in tax, assurance, CAS and advisory.

“One goal when we originally started was we wanted to get to enough mass size that we could really start to build this by using leadership from and talent from all the firms that came on board,” Tyree said.

“It’s going to be super fun, but it’s a lot of work,” he added. “If all you’re looking to do is do a rollup or something like that, that’s probably not our style. We’re trying to create this for our type of client and our type of cultures. And we think there’s a little void there where we can do it.”

Donald Trump’s promise to strip Harvard University of its tax-exempt status prompted criticism Friday from a former Internal Revenue Service commissioner in the president’s first term, who said the process would take years and need a judge’s approval. 

“The IRS will not allow itself to be weaponized,” former IRS Commissioner Charles Rettig said in an emailed statement to Bloomberg News. Rettig, who oversaw the agency from 2018 to 2022, was asked to respond to Trump’s social media post early Friday that said: “We are going to be taking away Harvard’s Tax Exempt Status. It’s what they deserve!” 

Trump made the announcement after weeks of threatening a change to the school’s tax-exempt treatment, stepping up his attack on the Ivy League school.

Federal criminal law bars President Trump or the vice president from ordering the IRS to punish his political opponents or reward his allies. Rettig said the Treasury Department’s Inspector General for Tax Administration “closely monitors and investigates efforts to possibly influence IRS operations.”

The IRS cannot take any action on an organization’s tax-exempt status “without conducting an appropriate examination that would provide relevant information objectively supporting such an action,” Rettig said. “The IRS does not and should not conduct a ‘fishing expedition’ designed to hopefully uncover a relevant issue.” 

Organizations also have administrative and judicial appeal rights that can take years to resolve before a federal judge approves a change in tax-exempt status, he said. “Throughout that process, there are many opportunities for resolution that would not result in the removal of the tax-exempt status of an organization,” he wrote. 

Trump’s fight with Harvard escalated after it rejected his administration’s demands to reform campus policies to combat antisemitism and promote viewpoint diversity. The administration has frozen $2.2 billion in funding that supported projects including ALS and tuberculosis research. 

On April 21, Harvard sued the U.S., claiming the funding freeze violated its free speech rights, and the government cannot dictate what it teaches, who it hires, and which students it admits. 

In Trump’s second term, four people have held the IRS commissioner’s job on an acting basis.

Asset tokenization, the creation of digital ownership representations for diverse assets on blockchain and distributed ledger technology platforms, is a transformative force in finance. 

This wave, projected to reach $4 trillion to $5 trillion by 2030, moves asset records onto immutable ledgers governed by code, introducing unprecedented audit challenges and demanding a fundamental shift in methodologies. This analysis outlines the essential knowledge audit firms need to navigate the complex risk landscape of auditing tokenized assets.

Tokenized assets require enhanced forensic procedures beyond traditional audit tools due to the limitations of conventional methods in decentralized, pseudonymous systems. Traditional sampling is challenged by the potential for 100% on-chain data testing, shifting focus to verifying dataset completeness and accuracy, and its link to off-chain reality. 

External confirmations are often inadequate for self-custody or Virtual Asset Service Provider-held crypto assets lacking standardized processes or SOC audits. Ownership verification moves from documentation review to confirming control over private cryptographic keys, requiring specialized on-chain procedures like cryptographic signing. The speed and 24/7 nature of blockchains challenge point-in-time snapshots, and immutability demands critical assessment of data source reliability. 

The audit shifts from transaction verification to validating system integrity: confirming dataset accuracy and completeness, verifying asset control via keys, assessing smart contract logic and security, evaluating off-chain processes, and scrutinizing internal controls over key management. 

This requires new competencies in system integrity, cybersecurity and smart contract functionality.

This calls for enhanced forensic procedures. Blockchain’s characteristics (pseudonymity, decentralization, complex transaction paths, privacy tech) render traditional forensic techniques inadequate. Specialized analysis is needed to trace funds, uncover relationships, identify fraud and secure digital evidence. 

Central to this is in-depth on-chain data analysis using techniques like transaction tracing across multiple addresses and chains, address clustering to link pseudonymous activity to entities, pattern recognition for suspicious activity (e.g., layering, rapid movements, structuring), and risk scoring based on exposure to known illicit sources (sanctioned entities, darknet markets and mixers).

Smart contract auditing as a key control

A critical component is smart contract auditing. Smart contracts govern token behavior and automate operations, acting as significant control points. Vulnerabilities pose risks of financial loss and misrepresentation. 

Auditors must understand the purpose and logic of smart contracts and evaluate technical smart contract audits conducted by security experts, covering automated and manual code reviews, functional testing and vulnerability reporting. 

The absence of a rigorous audit or unaddressed critical findings is a significant control deficiency. Smart contract audits are a specialized form of internal control testing, verifying code security and functionality, with high stakes due to direct asset control on immutable ledgers.

Recognizing red flags in crypto and DeFi

Auditors must recognize emerging red flags in crypto and DeFi. 

• Transaction-based red flags: Structuring transactions to avoid thresholds, obfuscating fund flows (layering, mixers, privacy coins), unusual activity inconsistent with business profile, and transactions linked to known illicit sources (sanctions checks). 
• DeFi-specific red flags: “Honeypot” tokens and “rug pulls” (developer liquidity withdrawal).
• Counterparty and Know Your Customer/Anti-Money Laundering red flags: Pseudonymous identifiers, inability to provide source-of-funds information, dealing with high-risk jurisdictions, links to sanctioned entities, and excessive account structures
• Platform and offering red flags: Unrealistic promises, pressure tactics, poor documentation, anonymous teams, unwillingness to disclose code, fake credentials, operational issues (withdrawal difficulty, lack of locked liquidity) and misleading regulatory claims.

Recognizing these signals underlying control, compliance or legitimacy issues, demanding increased skepticism and targeted procedures.

Blockchain analytics and forensic tracing tools

The growing role of blockchain analytics and forensic tracing is indispensable for auditing tokenized assets. These tools process vast on-chain data, automating tracing, clustering, risk assessment and visualization. Key providers offer transaction monitoring (Know Your Transaction), address screening, forensic investigation tools (cross-chain tracing, address clustering), VASP due diligence and compliance reporting features. 

Integrating analytics into the audit workflow supports risk assessment (identifying high-risk areas), substantive testing (verifying transactions, tracing assets), compliance testing (sanctions screening) and fraud detection (identifying anomalies). 

While powerful, their effectiveness depends on dataset accuracy and algorithm sophistication; auditors must use them diligently, understanding limitations, corroborating findings and applying professional skepticism.

Bridging the gap between real-world assets and on-chain tokens

How firms can bridge the gap between real-world assets and on-chain representations is a complex challenge for Real World Asset audits. The core objective is confirming the on-chain token represents a valid claim on the off-chain asset. This involves:

• Verifying the underlying asset through traditional procedures (legal documents for existence/ownership, valuation assessment, due diligence);
• Validating the on-chain representation by scrutinizing legal agreements linking token and RWA, assessing smart contract integrity (evaluating technical audits); 
• Evaluating custody controls for both the physical asset and digital tokens; and
• Assessing reliability of data integration mechanisms (oracles).

Proof of reserves and third-party risk

Proof of reserves is a key mechanism for asset-backed tokens, involving third-party verification of reserves against liabilities (often Agreed-Upon Procedures), but auditors must understand their limitations (point-in-time, scope, methodology dependence). Robust reconciliation processes between on-chain, off-chain and internal records are essential, often requiring specialized tools. Auditing tokenized RWAs elevates third-party risk, requiring rigorous evaluation of all parties in the chain of trust.

Staying compliant with evolving crypto regulations

Recommendations for audit teams to stay compliant with evolving crypto regulations are crucial. The landscape is complex and fragmented globally. Key pressure points include securities classification, AML/KYC, custody rules, market integrity and investor protection. 

In the U.S., SEC guidance impacts disclosures and custody, while the PCAOB emphasizes applying existing standards rigorously, highlighting deficiencies in inspections. The AICPA provides nonauthoritative guidance and reporting criteria, adapting to new accounting standards like ASU 2023-08. In the EU, Markets in Crypto Assets establishes a comprehensive framework for crypto-assets and service providers, imposing authorization, whitepaper, stablecoin, market abuse, transparency and consumer protection requirements.

Regulators increasingly demand assurance over underlying systems and controls, shifting audits to validate infrastructure integrity. Firms must actively monitor updates from organizations such as the Securities and Exchange Commission, Public Company Accounting Oversight Board, American Institute of CPAs, European Securities and Markets Authority, European Banking Authority, and Financial Action Task Force, promptly update methodologies and training, and engage with industry and regulators.

The tokenization of assets presents a significant, complex challenge for auditing, and staying vigilant on regulation is nonnegotiable. Firms integrating technological proficiency, sound judgment and robust controls will be best positioned to provide assurance in this evolving global economy.