[graeme]

Thanks! How would an attestation work with a fraud. For example, suppose a company simply produced a false bank statement.

Would an attestation have no ability to verify that the statement was fraudulent? In other words we must trust the entity undergoing attestation in order to rely on the attestation, and the attestation merely certifies there is no error of math or logic in what was presented.

[rojeee]

Good question.

With an audit, the auditors get a representation from management that they will provide the truth etc. The auditors would also get third party evidence eg. from the bank providing the audit client's account. For important things you would always get third party evidence from banks, custodians, etc or even just go and check to see if physical things exist!

With an attestation or limited/negative assurance engagement, there's no third party evidence. Instead, the auditors just rely on what they are given and whether it looks reasonable. The auditors would state in their "report" that only limited evidence was gathered and not enough to form the basis of an opinion.

Basically, limited / negative assurance is not really that useful in most circumstances.

Regarding fraud - auditors are not expected to find/uncover fraud under any type of engagement, which is a common misconception.

The biggest audit firms won't go any where near tether, and this alone, tells you quite a bit :)

[graeme]

Thanks, that’s what I figured. And that’s very interesting about not even audit or assurance finding fraud.

> Basically, limited / negative assurance is not really that useful in most circumstances.

So what exactly can we glean from USDC having attestations? It’s certainly a step up from Tether in that respect but I’m also not sure it tells us all that much.

Or maybe a better way of asking is: how exactly would you prove that a stablecoin was backed?

[rojeee]

To prove a stablecoin was backed you'd probably do the following:

1) review the processes and controls which operate the business to check they were operating correctly for the period under review

2) interview the various key stakeholders to assess competence and get representations

3) perform substantive testing over the collateral balance for the whole period. Eg daily bank reconciliations. Get third party confirmations for EVERYTHING.

4) perform a contingent liabilities review and a legal review.

5) see if there are any related party transactions

6) do a going concern assessment

The key thing would be to check existence, completeness and valuation of collateral and existence and completeness of liabilities (issued tokens).

Depending on what the assets are that would entail different procedures. For tether I would want to see their whole CP portfolio to perform a thorough credit risk and systemic risk assessment. Do some modelling to understand valuation implications under various scenarios.

Is worth noting that it's not feasible to do this on a monthly basis because it's so onerous. Hence why probably they just do monthly attestations. I would expect that the legal entity which issues the tokens and holds the collateral is audited at least once a year.

Never knew my audit knowledge would ever be useful/interesting :)

Cheers