It seems that if the audit were more detailed and technically formal, some countries might have done it. I'm not sure which ones. but if it is an audit to implement transparency and avoid various possible bad things like what happened to FTX, the state may be able to be the agent. and indeed this audit is meaningful for CEX, right?
Carrying out this audit also means that the exchange already has a license from a regulated and trusted institution. In this case, each country [asit has its own institutions. And like here, every exchange is required to carry out audits from several platforms, institutions and others which are of course trustworthy. such as: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), and various other audits that are possible and required. because, the audit system turns out not only on assets but also on the technique to guarantee that an exchange is still viable and provides security guarantees for its users.
However, when it comes to time, audits are usually carried out throughout the year, right> yearly? Or if necessary, maybe it will be 6 months later. because the audit system is not easy and requires various complex things and detailed data. But usually if exchange reporting is done, it can be done monthly, right?