Audit Readiness Checklist for Web3 Startups
Checklist for web3 finance leaders who is preparing for financial statement audits
Executive Summary
Many Web3 startups underestimate how complex a financial statement audit can become.
Missing documentation, unclear accounting policies, and weak internal controls can quickly increase audit costs and delay issuance of the financial statements.
Common audit pitfalls include:
• Incomplete revenue recognition documentation
• Lack of digital asset roll-forward reconciliation
• Insufficient segregation of duties in payment processes
• Unclear accounting treatment for token issuer lifecycle
• Missing adequate support for the fair value measurements
Addressing these issues early can reduce delays, lower audit friction, and improve readiness.
We put together a checklist covering the key areas finance teams should review before the audit begins.
Download the checklist here:
Below, I share a few selected sections.
USEFUL DEFINITIONS
Audit Overages: Additional fees charged when the audit firm discovers issues requiring work beyond the original scope.
Opinion Shopping: Choosing audit firms based on the likelihood of a favorable opinion rather than merit.
Reaudit Engagements: Occur when a new auditor cannot rely on a predecessor’s work, requiring re-audit of the same period.
Process: A defined series of actions designed to produce a specific result.
“What Could Go Wrong”: A risk point in processes that can lead to material misstatements.
Controls: Activities that mitigate risks of financial misstatement or ensure data integrity.
Management Review Controls: Reviews performed by management to validate financial information.
Complementary User Entity Controls: Controls required at client entities to ensure the effectiveness of service provider systems.
REMINDERS
UNDERSTAND RESPONSIBILITIES
Management must understand that the responsibility for the financial statements ultimately lies with them. They must ensure accuracy and completeness.
CONSIDER ALTERNATIVE SERVICES
Consider whether an audit is necessary at your current stage. Alternatives such as reviews, compilations, or agreed-upon procedures may satisfy investor or regulatory needs with less complexity and cost.
IMPORTANCE OF CULTURE
Avoid “opinion shopping” (i.e., selecting an auditor that would agree with your preferred accounting treatment). Maintain a culture of integrity, transparency, and realistic expectations. Demonstrate ethical behavior and avoid the “Fake it till you make it” culture.
AUDITOR SELECTION
Consider engaging audit firms with a proven track record at the next echelon. Beware of firms whose past clients were later required to undergo re-audits. Ask prospective auditors how they ensure audit quality and avoid such issues.
PROCESSES
Have your key processes clearly defined, including procedures for identifying and addressing fraud risk. Your team should have sufficient knowledge of accounting frameworks to effectively oversee service providers’ work.
INTERNAL CONTROLS
You should have an established monthly process for Budget vs. Actual analysis and reporting reviews. Evaluate service organizations and ensure your team understands complementary user entity controls. Ensure the ability to implement and monitor them effectively.
TEAM SIZE
A dedicated accounting team is essential. Ideally, at least three individuals should be involved in payment processes to enable proper segregation of duties. Different individuals should record and post journal entries.
REVENUE RECOGNITION
Does the company have documentation of its accounting treatment of all significant revenue streams, including how the 5-step ASC 606 model applies in each case?
Does the company use separate accounts to hold and operate assets custodied on behalf of third parties?
Does the company appropriately classify funding received from community grants as revenue, liabilities, or debt instruments as applicable?
Does the company have a memo explaining the accounting treatment of revenue amounts paid to other parties? For example, for staking revenue:
amounts withheld as community taxes,
validator commission (for delegators), or
delegator rewards (for validators)
Does the company accrue its staking rewards earned but unpaid at month-end? If not, does the company have a memo explaining how this accounting treatment is consistent with US GAAP?
Does the company consider whether any amounts paid to customers are properly classified as expenses or a reduction in revenues?
If the company follows US GAAP, has management appropriately determined the fair value measurement date for noncash consideration received? This should be the contract inception date, not the asset receipt date.
Does the company have a process for accounting for revenue from milestone-based arrangements?
Does the company have a process in place for prospective and cumulative catch-up adjustments posting to account for contract modifications?
Does the entity maintain supporting documentation for customer incentives and rebate payments?
CAPITALISED COSTS
Does the organization capitalize software development costs when required by US GAAP?
Does the organization appropriately consider the guidance on recognition of research & development (R&D) costs when applicable?
Does the organization have a monthly process for calculating and recording the periodic amortization expense?
Does the organization perform a review of impairment indicators for long-lived assets, goodwill, and intangibles (including capitalized software costs, etc.)?
Does the organization prepare monthly schedules of additions & disposals of assets created through capitalization of costs for each month in which the activity occurred?
ACCOUNTS PAYABLE
Does the organization have a process for identifying and measuring expenses as incurred (rather than as billed or paid), and recognition of unbilled amounts as accrued expenses?
Does the organization have a process for cut-off analysis of expenses and revenue recognized near the period-end to ensure that all such income and expenses are recorded in the appropriate reporting periods?
PREPAID EXPENSES
Does your organization have a process to ensure prepaid expenses are appropriately deferred?
Do you have a process in place to ensure that the deferred prepaid expenses are amortized appropriately?
Do you have a process in place to ensure that deferred prepaid expenses are removed from the prepaid expense schedule in a timely manner once fully expensed?
COMPENSATION
Does the organization have a process in place to recognize the costs of accrued time-off (vacation) in accordance with the company’s policy?
If the organization had introduced an unlimited vacation policy in the past, did it appropriately consider the effects of state and foreign law provisions? For example, any accrued time off earned by employees in California cannot be forfeited and must be included in the company’s liabilities until it is paid or otherwise extinguished.
Does the company appropriately account for stock-based compensation?
Does the company allocate the costs of stock-based compensation by business departments and other features used to classify the cash portion of compensation for the same employees?
Do you review secondary market transactions with the company’s stock to ensure that the excess of consideration paid over the fair value of stock transferred is accounted for as compensation cost unless clearly related to purposes other than compensation for services rendered?
Does the organization appropriately record stock awards on its books? Are withholdings of income taxes being made as required by applicable law?
Does the company account for stock award forfeitures as they occur or use estimates of forfeitures as allowed by ASC 718-10-35-3?
If the awards were modified, did the entity account for the modification by appropriately accelerating expense recognition for the previous award when such acceleration is required?
Does the company have a documented position on the establishment of award dates for financial reporting purposes?
Does the company recognize the full amount of the expense for all vested awards when the vesting date precedes the end date for the tranche amortization?
Does the company use the appropriate valuation methodology to measure stock awards?
Did the company develop the volatility assumption using the appropriate peer group and time horizon?
Does the company appropriately account for token compensation?
Does the company appropriately measure the fair value of token compensation liabilities, taking into account the legal and technological restrictions in effect on the measurement date, but only to the extent that these restrictions characterize the unit of account rather than contractual restrictions specific to the entity?
Does the company recognize the embedded derivatives on token compensation liabilities?
Does the company recognize expenses related to each tranche of the award in appropriate time periods?
Does the company have a process to withhold and remit to tax authorities amounts of taxes due on payments made to employees under token compensation plans?
INTERNAL CONTROLS
Does your organization have a budgeting process in place, including:
Cash-flow forecasts
Annual budgets (1 year)
Medium-term budgets (2-3 years)
Budget vs. actual variance analysis
Going concern evaluations
Does the company update its valuation at least annually?
Does your organization have a periodic risk assessment process with formal documentation of identified risks and their responses?
Does your team understand that materiality may change in each reporting period?
Does the organization have a list of standard monitoring activities consistently executed in each period?
Does the organization have the appropriate segregation of duties in place and effective mitigating controls that address those situations where a sufficient level of segregation of duties does not exist?
How do you ensure that the information produced by the entity used in control operations is complete and accurate?
Does your organization have a process and controls in place to support the completeness and accuracy of blockchain data used for accounting purposes?
Are the accounting policies in place for all relevant process areas?
Does your team consistently account for similar accounting events and objects? For example, does your team have a reference list of pricing data sources for the assets you routinely operate?
Does the organization maintain a list of peer companies and periodically evaluate its performance against them?
Does your team have a formal list of non-GAAP accounting policy (or accounting policy conventions)? Do you perform an annual assessment of each item on this list?
Has the company created formal process documentation, including narratives and risk control matrices, for all processes relevant to financial reporting?
Does the company have a centralized library and unified document retrieval system that includes all accounting-related documentation?
Does the company’s personnel follow the “document everything” mindset?
Does the entity have a transaction value threshold that requires management to obtain the Board’s pre-approval?
Do the entity’s policies require the Board to authorize significant related party transactions?
Does the organization have a conflicts-of-interest policy?
Has your executive team entered into indemnification agreements with the company without board approval?
Have you had any known corrected or uncorrected material misstatements in your financials that the board is not aware of?
Have you incurred losses from a cybersecurity incident that were not disclosed to the board and investors?
Can your CEO or CFO unilaterally authorize and approve payments that exceed 5% of the company’s assets?
Can the CEO or CFO independently prepare and send a payment to an external party without a second-person approval?
Has the organization granted mid-term salary increases that are not tied to company performance?
Have you ever made one-time payments to executive team members holding more than 1% of company stock without formal board review and approval?
Have you made distributions or compensatory payments to only a portion of investors within the same class?
Does the entity invest its funds directly in equity of other startups without a professional asset manager?
Do you distribute tokens to external addresses without KYC documentation?
Do you hold custody of funds belonging to customers or other third parties, including initial token allocations for the ecosystem?
Do you have advisory arrangements involving significant equity or cash payments for which you do not receive verifiable documentation detailing the scope and extent of work performed?
Does the organization have independent directors on the Board?
Were payments to terminated employees documented and consistent with market norms? Is your capitalization table complete, accurate, and up to date?
Do you have a process to ensure payments match contracted terms and do not exceed agreed amounts?
Do you maintain a single register of all approved wallets to which funds may be transferred?
Do you have a process for withholding taxes on token-based compensation distributed to employees?
Do you have controls over marketing spending that ensure only agreed charges and justifiable expenses are paid?
Are there formal communication channels established within the company for communication to the responsible individuals (and, where relevant, to the persons preparing financial statements) of the following matters:
Litigation, claims, and assessments
Known or alleged instances of financial reporting fraud and/or asset misappropriations
Suspected noncompliance with laws and regulations
Does the organization have a process (ceremony) for generating private keys and controls that provide reasonable assurance that the keys were not revealed to unauthorized parties?
Does the organization have controls to prevent keys from being lost or erased?
Learn more
This checklist is also available as a Notion template.
If your company is looking for assistance with preparing for a future audit or managing your ongoing audit, reach out.
CONTACT
Email: info@techaccountingpro.com
Link: https://cal.com/andrew-belonogov/30min
Site: https://techaccountingpro.com