Many fintechs choose at some point to go through an audit. The audit of crypto fintechs aims to analyze the credibility, reliability and efficiency of the service. However, it is necessary to get prepared, since most of the work is done by the fintech itself. So, check here some tips prepared by Competitive Compliance for the process to succeed.
- Set aside a significant time to define the scope and methodology of auditing with the auditor. It is also important to evaluate what will be the size of the samples and other parameters before signing any letter of intent. Also, be sure to clearly determine which specific processes will be audited, which policies will be revised and what will be the period to be covered.
- The instructions given to the team should not be made during the auditing. The correct thing is that this is accomplished before the beginning of the process. The guidelines should also not be counted as hours to be charged. Therefore, instead of having a discussion about the nature of the business and risks during the audit, it should be sent to the auditors in advance the last risk assessment. The ideal is to maintain communication with the auditors in writing.
- Understand clearly who will be involved in the audit team and how many hours these people will work. If you realize that your company’s senior manager will spend 50 hours analyzing field work, ask him to designate a junior staff member to perform these tasks. This may be less costly and more efficient.
Fintech Crypto Audit: Don’t be afraid to question
- Do not be afraid to present doubts and ask questions during the process. For example, if you sent the audit team a set of documents in advance and they didn’t read any of them, make them come back another time more prepared.
- Prepare all samples, reports, observations, evidence, copies and explanations about possible deviations or missing elements in advance. In this way, the audit team does not need to think or be creative. The goal is to make them copy and paste all your information.
- Finally, do not be afraid to postpone the first report of an audit, if you deem it is necessary. It is also recommended to always question this first version. For example, it is very common that auditors, when they really did not find deficiencies, present generic ideas of improvement. In this way, these recommendations do not reflect the nature and level of complexity of your business. In addition, they suggest actions that may be subjective and that do not represent real deficiencies or legal requirements. Therefore, it is important to request that this type of evaluation be removed from the report.