I would think there would be a less risky way for a company to do an audit. Any time you send a TX there is a small risk that you send the bitcoin to an incorrect address, that the private key of the receiving address gets destroyed or corrupted.

I would argue a better way to audit holdings a company has would be to sign messages with all the addresses under their control and use an API to check the "balance" of each of the addresses