For Auditors & Accountants

Auditor Hub

Audit-grade digital asset verification your workpapers can rely on. Understand how DACS works, what assertions we cover, and how to access the platform — free.

Access the Platform How It Works
5-Step
Attestation Protocol
ASA 500
Standards Compliant
Free
Auditor Access
BGL & Class
Native Integration

The Verification Problem

Digital assets present a unique audit challenge: traditional procedures cannot confirm ownership or value. DACS was built specifically to close that gap.

✗ Without DACS

  • Screenshots and CSV exports — easily fabricated
  • Exchange confirmations with no cryptographic proof
  • No independent valuation — client-supplied figures only
  • Completeness unverifiable — undisclosed wallets possible
  • Counterparty risk invisible in exchange-held claims

✓ With DACS DAAP

  • Cryptographic proof of private key control (The Handshake)
  • Read-only API from within the client's live authenticated session
  • DAVO™ independent VWAP valuation across tier-one exchanges
  • Discovery Layer scans all derived addresses for completeness
  • Custody model and risk clearly disclosed in every report

The DAAP Protocol

The Digital Asset Attestation Platform (DAAP) follows five sequential steps to produce an audit-grade attestation report.

1 Identity

KYB Verification

The trustee entity is verified via Know Your Business (KYB). SMSF registration, trustee identity and beneficial ownership are confirmed before attestation proceeds.

The Foundation
2 Verification

The Handshake

Self-custody: cryptographic challenge-response via Ledger Live — private key never leaves the device. Exchange-held: authenticated read-only API from within the trustee's live session.

Ownership Proof
3 Discovery

The Scanner

The Discovery Layer derives all addresses from the xPub key and scans on-chain balances — every derived address is checked, supporting the completeness assertion.

Completeness
4 Valuation

DAVO™ Oracle

Independent valuation using VWAP aggregated across multiple tier-one exchanges. Co-developed with RMIT/La Trobe. Free auditor access at portal.dacs.io.

VWAP Pricing
5 Reporting

Audit Database

All findings are immutably recorded in the DACS Audit Database. The completed attestation report is accessible to the appointed auditor via the portal.

Your Workpapers
Aligned Standards & Regulations
ASA 500 — Audit Evidence ASAE 3502 — Assurance Engagements Corporations Amendment (Digital Assets Framework) Bill 2025 ATO SMSF Compliance APESB Independence Standards

Custody Models

DACS covers both exchange-held and self-custody assets. The custody model determines which verification method applies and shapes the appropriate audit caveats.

Exchange-Held Assets

Beneficial Claim — Counterparty Risk
OwnershipBeneficial claim only — assets held in omnibus exchange wallet
VerificationAuthenticated read-only API from within the trustee's live, authenticated exchange session
RiskExchange insolvency or failure may result in loss; no direct on-chain title
Report titleDigital Asset Beneficial Claim Attestation Report
AssertionsExistence (amber) Rights & Obligations (limited)

Self-Custody Assets

Direct Ownership — Cryptographic Proof
OwnershipOn-chain — trustee controls private key directly via hardware wallet
VerificationCryptographic Handshake via Ledger Live App — private key never leaves the device
RiskLower counterparty risk; hardware wallet protocol mitigates loss-of-key risk
Report titleDigital Asset Proof of Holdings Attestation Report
AssertionsExistence (strong) Rights & Obligations (full)

⚠ Documentary Verification Fallback

Where The Handshake cannot be completed, DACS may accept an extended public key (xPub) combined with a Statutory Declaration from the trustee. This is clearly disclosed in the attestation report as a weaker form of verification. Auditors should treat such reports as providing reduced evidential weight for the Existence and Rights & Obligations assertions, and should consider supplementary procedures including direct confirmation with custodians.

Assertion Coverage

How DACS DAAP addresses each standard audit assertion across both custody models.

Audit Assertion Exchange-Held Self-Custody How DACS Addresses It
Existence Amber ✓ Strong Handshake + API session confirmation; on-chain balance verification via Discovery Layer
Completeness Amber — API scope ✓ Strong Discovery Layer scans all addresses derived from xPub; exchange API covers reported balances
Rights & Obligations Limited ✓ Full Private key control confirmed cryptographically for self-custody; beneficial claim only for exchange-held
Valuation ✓ DAVO™ ✓ DAVO™ VWAP across tier-one exchanges via the DAVO™ oracle — independent of client-supplied data
Presentation & Disclosure ✓ Full ✓ Full Custody model, counterparty risk, verification method and limitations all disclosed in the report
Cut-off ✓ Timestamped ✓ Timestamped All balances and valuations captured at a specific date and time, recorded in the Audit Database
Transaction Completeness Not in scope Amber DACS attests to holdings at a point in time; transaction history requires supplementary procedures
Strong coverage
Partial / conditional
Limited or not in scope

Using DACS in Your Audit

Six steps to integrating DACS DAAP attestation reports into your audit file and financial statement sign-off.

1

Access the portal

Register for free auditor access at portal.dacs.io. Auditor accounts are provided at no charge. Once registered, you can view any attestation report linked to your clients.

2

Verify the attestation report

Confirm the report date, entity name, ABN/ACN, and custody model match the client entity and reporting period. Check that txe verification method (Handshake or Documentary) is clearly disclosed.

3

Confirm the DAVO™ valuation

Cross-reference the DAVO™ spot rate used in the attestation against the report date. Auditors can independently query the DAVO™ oracle at portal.dacs.io for any date and time.

4

Assess custody model risk

For exchange-held assets, document counterparty risk in your working papers. Consider exchange financial health for going concern and asset recoverability. For self-custody, document the cryptographic verification method applied.

5

Consider supplementary procedures

For transaction completeness and rights & obligations (exchange-held), supplement DACS evidence with exchange statements, tax reports, or on-chain explorer confirmation appropriate to materiality and your risk assessment.

6

File and reference

Retain the DACS attestation report as primary audit evidence. Reference the report number, date, and verification method in your working paper index. Reports are retrievable from the portal at any time for future review.

Verify Valuation

Query the DAVO™ oracle independently for any asset at any date and time at portal.dacs.io — no login required.

Confirm On-Chain

For self-custody, use any public block explorer to confirm reported address balances match the attestation findings.

Free Auditor Access

Auditor portal accounts are provided at no charge. Register at portal.dacs.io or contact [email protected].

ASAE 3502 Control Framework

DACS operates under the ASAE 3502 assurance framework. Controls in place as at the date of this publication.

Control Area Description Status
Identity Verification KYB/KYC process for all trustee entities before attestation is issued, using a third-party identity verification provider. ✓ Operational
Cryptographic Verification Ledger Live Handshake protocol — challenge-response signed with device private key. Private key never transmitted. ✓ Operational
API Session Security Exchange-held verification uses a read-only API scoped to a single authenticated session. No persistent API credentials are stored. ✓ Operational
Valuation Independence DAVO™ oracle aggregates VWAP from multiple tier-one exchanges, independent of client-supplied data. ✓ Operational
Audit Database Integrity All attestation records are immutably stored with timestamped entries, accessible via portal to appointed auditors. ✓ Operational
Access Controls Role-based access: clients, auditors, and DACS staff have separately scoped portal permissions. Auditor access is read-only. ✓ Operational
Incident Management / SIEM Automated security incident and event monitoring planned. Interim manual incident review procedures are in place. ⌛ Planned Q2 2026

Known Limitations

DACS discloses all limitations transparently. Auditors should consider these when designing supplementary procedures.

Exchange-Held: Beneficial Claim Only

Assets held on exchanges are in omnibus wallets. DACS can confirm the client's reported balance, not direct on-chain title. Exchange insolvency may affect recoverability.

Supplementary: Consider exchange financial health; document counterparty risk. Obtain exchange statements for the period.

Transaction History Not Attested

DACS attests to balances at a point in time. Transaction completeness — movements during the period — is outside the attestation scope for all custody models.

Supplementary: Obtain exchange transaction reports or on-chain explorer exports for the full period.

Documentary Verification (Fallback)

Where the Handshake cannot be completed, xPub + Statutory Declaration provides a lower standard of verification. Clearly disclosed in the report.

Supplementary: Treat as reduced evidential weight. Seek direct confirmation from custodian where material.

Completeness (Exchange-Held)

The API session covers the balance reported by the exchange at the moment of verification. Holdings on other exchanges or in other account names are outside scope.

Supplementary: Inquire of trustee regarding all exchange accounts. Obtain written representation on completeness.

Valuation Timing

DAVO™ pricing is captured at the verification timestamp, which may differ from the financial statement balance date if attestation is performed on a different day.

Supplementary: Confirm valuation date aligns with balance date. If not, obtain a DAVO™ query for the correct reporting date.

SIEM / Security Monitoring

Automated SIEM is planned for Q2 2026. Manual incident review procedures are in place in the interim. Proactively disclosed by DACS.

Note for workpapers: Assess whether this gap is relevant to your ASAE 3502 reliance conclusion.

Frequently Asked Questions

Common questions from auditors and accountants about DACS DAAP.

Yes. ASA 500 requires that audit evidence be sufficient and appropriate. The DACS DAAP report provides independently obtained, cryptographically verifiable evidence of digital asset holdings — meeting the reliability criteria for externally obtained evidence. The DAVO™ valuation provides independent pricing evidence. Auditors should still assess relevance, completeness, and the need for supplementary procedures based on their own risk assessment.
The Handshake is a cryptographic challenge-response executed via Ledger Live. DACS sends a unique challenge; the device signs it with the private key; DACS verifies the signature against the known public key — proving the trustee controls the device without the key ever leaving it. Documentary Verification (xPub + Statutory Declaration) is a fallback where the trustee provides their extended public key and a statutory declaration of ownership. It is disclosed in the report as providing reduced evidential weight.
Yes. Auditor portal access is provided at no charge. You can view attestation reports for any client who has engaged DACS, independently query the DAVO™ valuation oracle, and access the DACS Audit Database — all without cost. Register at portal.dacs.io or contact [email protected].
Yes. The DAVO™ oracle is accessible at portal.dacs.io without login. You can query the VWAP for any supported asset at any historical date and time to independently confirm the rate used in the attestation report. DAVO™ was co-developed with RMIT and La Trobe University and aggregates pricing across multiple tier-one exchanges.
Each exchange account requires a separate attestation. The DACS report specifies the exchange and account to which it relates. If a trustee holds assets on multiple exchanges, a separate attestation is required for each. Auditors should inquire of the trustee regarding all exchange accounts and wallets to ensure completeness across the portfolio.
DACS operates under ASAE 3502 (Assurance Engagements on Controls at a Service Organisation) for its control framework, and its reports are designed to provide evidence meeting ASA 500 (Audit Evidence). The DAAP protocol is aligned with the Corporations Amendment (Digital Assets Framework) Bill 2025 and ATO SMSF compliance requirements.
Yes. DACS has native integration with BGL Simple Fund 360 and Class — the two leading SMSF administration platforms. Attestation data can be imported directly, reducing manual data entry and reconciliation effort for the trustee and their administrator.
DACS attestations are point-in-time reports. If the attestation date differs from the balance sheet date, obtain a DAVO™ query for the correct balance date and consider whether the period difference introduces risk. For material balances, request that the trustee obtain a DACS attestation as at the balance sheet date. Transaction history for the intervening period should be obtained from exchange records.

Ready to verify your client's digital assets?

Free auditor access. Cryptographic proof. Audit-grade evidence your workpapers can rely on.

Access the Platform Free