What the AICPA Digital Assets Practice Aid update means for year-end audits

Why this matters right now

The AICPA and CIMA posted an updated version of their “Accounting for and auditing of digital assets” practice aid on Dec 16, 2025. 

For year-end audits, the practical impact is simple: audit teams will keep tightening expectations around (1) evidence, (2) repeatability, and (3) documented methodology. This practice aid is explicitly nonauthoritative, but it is the kind of document that shapes what audit teams ask for and how they structure testing. 

If you are an institutional validator, an ETF issuer, a treasury company, or an accounting firm supporting any of the above, this is a good moment to make sure your digital asset reporting is not just “correct,” but also defensible.

What the practice aid is and what it is not

The practice aid’s objective is to provide nonauthoritative guidance on accounting for digital assets under US GAAP and auditing them under GAAS. It also emphasizes that accounting conclusions depend on the specific terms, rights, and obligations of the asset. 

Two timing notes worth keeping straight:

• The AICPA page shows the updated PDF was posted Dec 16, 2025. 
• The document itself is labeled updated “as of Sept. 30, 2025.” 

That gap is normal for practice aids, but it matters. Teams should treat the practice aid as a guide, then confirm whether anything effective after Sept 30 affects their engagement planning.

Three places year-end audits get stuck

Based on what we see across institutional workflows, year-end pain usually clusters in three areas. The updated practice aid reinforces all three.

1) Existence, rights, and obligations: proving control, not just balances

A recurring audit challenge is proving that the entity actually controls what it claims to own, especially when assets sit with third parties, in commingled addresses, or within hosted wallet interfaces.

The practice aid highlights control considerations like private key management, segregation of assets, and reconciliation between blockchain records and internal books. 

It also flags the practical problem of commingling: if assets are held in a commingled public address, the blockchain does not represent the entity’s holdings alone, which can impair direct tracing and pushes more reliance onto service organization controls. 

Year-end implication: expect more explicit requests for a clear custody narrative, a control story, and reconciliations that tie to the blockchain or to a qualified custodian.

2) Valuation: principal market, cut-off time, and data lineage

Valuation is often where teams lose the most time, especially when:

• the “principal market” is not obvious,
• exchanges show inconsistent pricing,
• markets run 24-7 so “market close” is not a thing,
• data sources do not retain granular history long enough.

The practice aid calls out controls auditors may test around valuation, including how an entity determines principal market, the valuation methodology and assumptions, and general IT controls associated with tools like blockchain explorers. 

It also points to the importance of the correct time in accordance with management’s accounting policy, and the need for historical data at sufficient granularity. It explicitly notes that some data sources sunset historical data, which can force audit testing closer to the reporting period. 

Year-end implication: if your pricing source, timestamp policy, or historical pricing retention is fuzzy, it will become an audit bottleneck.

3) Gains and losses: unit of account and repeatable lot logic

Even when valuation is solid, gains and losses still get messy when lot selection, unit of account, and measurement mechanics are not consistently applied.

One clear example from the practice aid’s fair value discussion: it notes that entities typically determine the unit of account for a crypto intangible asset as the individual unit (or divisible fraction) and that the portfolio exception is not applicable, making “blockage style” adjustments inappropriate. 

Year-end implication: if realized gain and loss reporting is not deterministic and replayable, audit time goes up, and confidence goes down.

What this means for each NODE40 segment

Institutional validators

Validator organizations are often dealing with staking rewards, commissions, tips, and operational flows that require careful classification and reconciliation. This update is another signal that stakeholders will expect:

• clear attribution of rewards and fees,
• evidence trails that connect on-chain activity to internal reporting,
• consistent methodologies that can be re-performed.

Accounting firms

This is a practical tool for engagement teams. Even though it is nonauthoritative, it helps standardize how teams think about:

• risk assessment,
• controls reliance,
• substantive procedures for existence, rights, valuation, and presentation. 

ETF issuers

ETF ops and finance teams need clean month-end and year-end packages. The themes reinforced here map directly to issuer pain:

• reproducible NAV support,
• evidence-ready reconciliations,
• documented valuation policy and cut-off conventions. 

Treasury companies

Treasury companies are increasingly expected to operate with institutional controls: policy, evidence, and process. The practice aid’s emphasis on rights, controls, valuation methodology, and service org considerations aligns with what audit committees want to see. 

A year-end checklist you can actually use

If you do one thing this week, make sure you can answer these questions cleanly:

1. Custody and control: Who holds keys, who can move assets, and how is that evidenced?
   
2. Commingling: Are any assets in commingled addresses, and if so, what controls support allocation?
   
3. Reconciliation: Can you reconcile blockchain activity, custodian statements, and your internal records without manual patchwork?
   
4. Valuation policy: What is your principal market, what time is your cut-off, and what price source do you use?
   
5. Historical data retention: Can your data sources reproduce the same answer later, with sufficient granularity?
   
6. Deterministic gains and losses: Is your unit-of-account and gain or loss logic consistent and replayable?

How NODE40 helps

NODE40 focuses on producing reporting that is designed to stand up to scrutiny: consistent classification, traceable audit trails, and reproducible outputs that reduce the back-and-forth that eats audit timelines. The themes reinforced in the updated practice aid align with the kinds of evidence packs institutional teams increasingly need for year-end.