What’s The Difference Between an Audit and an Attestation?

Reading Time: 3 minutes
  • The Paxos/BUSD drama has thrown up the attestation vs audit issue again
  • Some say BUSD is an audited stablecoin while others say it only has attestations
  • There is a big difference between the two terms when it comes to trusting a stablecoin issuer

When it comes to ensuring that a stablecoin is backed, many issuers are turning to ‘attestations’ from respected law firms, which they say are the best proof they can offer that they have what they say they have backing their coins. This has come to light recently with the Paxos/BUSD drama, with some saying BUSD is audited and some saying they only have attestations. It’s important then to know the difference between the two and see if it really is that wide.

Audits > Attestations

Let’s start with definitions. According to the website wikiaccounting, this is how the two terms break down:

  • Attestation: A legal acknowledgment to verify the authenticity of any document. It also includes verification that proper procedures and processes have been followed to get the document.
  • Audit: An objective examination and evaluation of a company’s financial statements to ensure that the information presented in financial records is an accurate and fair representation of all economic affairs and transactions claimed by the entity.

As we can see from these basic definitions, there are some clear and important differences between an audit and an attestation. An audit is an “objective examination” of a company’s books whereas an attestation is a “legal acknowledgment” of a claim made by a company. This isn’t to say that attestations aren’t conducted by external companies, which they are, but it is far less stringent and covers a specific thing a company has said.

For example, if Tether says that it has $70 billion in assets backing it, it will get an accounting firm to look at the records it uses to make the claim. The accounting firm will tot up the records and say that, yes, Tether appears to be backed to $70 billion, but this is only going on the records it hands over. This is like you giving your accountant your crypto trading record and then working out your tax from this – they are only going on the records you hand over, and you could be lying. In both cases the accounting firm bears no responsibility.

These companies can put out as many attestations as they like, but even the most respected law firm in the world has a low level of responsibility when it comes to an attestation – if they’re fed incorrect data they would never know.

With an audit, the accounting firm is actually checking the figures that Tether, or you, is handing over to make sure they’re accurate. This involves actually looking into the digital vaults and combing through records to make sure that everything tallies up. This is why everyone is clamouring for the likes of Tether and Binance to undergo full audits of their stablecoins, because anything less than that simply can’t be trusted 100%.

Full Audits Needed for 100% Trust

The BUSD stablecoin is (for the next few weeks) issued by Paxos, which says on its website that its records are attested by WithumSmith+Brown, PC, an independent third-party accounting firm. Note, attested, not audited. The reason for confusion is clear. In a Binance-sponsored piece from September 2021, Cointelegraph wrote that “BUSD continues to be one of the few stablecoins that provide a monthly audited report of their reserves. Therefore, any BUSD holder can verify at any point in time that the supply of BUSD tokens is consistent with the USD being held and managed by Paxos.” This, however, is untrue. No company undergoes a monthly audit for a number of reasons, and these were mere attestations going from Paxos’ records.

To add weight to this, Binance’s head of Asia-Pacific Leon Foong told Bloomberg last week this year that a full independent audit of the company is going to “take a longer time” due to the fact that recognized accounting firms are still wary of the crypto sector. This shows the stark difference between a comprehensive audit and an attestation.

Don’t be fooled into thinking that the latter is as strong as the former.