Pages:
Author

Topic: Full Blown MtGox Audit - Get Ready To participate. Starting Sept 25th (Read 4376 times)

legendary
Activity: 1428
Merit: 1000

 I think MTGox should get a SAS 70 Type II audit, it would do wonders for their business and to boost the legitimacy of Bitcoin to the world.

thank you for that.


+1
hero member
Activity: 896
Merit: 1000
Buy this account on March-2019. New Owner here!!
An audit is not that unreasonable... I write payroll processing software for a living, and my customers demand audits.

This sort of audit is something I have to pay for.  But of course it makes my services more attractive, so it's a worthwhile investment.

Generally the way it works is an auditor flies in and does his thing, asks for records, asks to inspect certain things, and asks for statements on what controls are in place.  His product is a written opinion as to whether or not we're properly implementing the controls we say we're implementing, as well as a description of what those controls are.  Ours comes out to like 50 pages.  His product is called a "SAS 70 Type II audit".  The auditor has to be a CPA.

Want to put a burr under MtGox?  Persuade his competition to get and publish a SAS 70 type II or equivalent.  They cost maybe $10-$25k to get.  I can offer referrals.

That is the most logical and by far the most effective proposition I have yet to hear on dealing with the latest MTGox accusations.

To respond to the OP, it is preposterous to think that every single person who has money in MTGox is going to withdraw it for 2 weeks. It makes zero sense and it would never happen.

 I think MTGox should get a SAS 70 Type II audit, it would do wonders for their business and to boost the legitimacy of Bitcoin to the world.

thank you for that.
full member
Activity: 154
Merit: 100
I have been mentioning SAS 70 to Mark as of several months ago.  No interest was displayed.  Besides asking in numbers, the best way to persuade him to do it, in my opinion, is to go get TradeHill and Camp BX to get one done, so he'll be left out.



Oh wow.  That looks kinda shady. 

If an audit would increase confidence among a few and demonstrate good housekeeping, I don't see why not.  If they resist that's a red flag for me.

I hope TH and CampBX step up.
vip
Activity: 1386
Merit: 1136
The Casascius 1oz 10BTC Silver Round (w/ Gold B)
"SAS 70 Type II or equivalent" is the magic thing to ask for if you want any meaningful results!

Not an accountant, but wouldn´t you need a SAS 55 too, to be sure? Also, from what I remember, isn´t this standard geared towards nonfinancial companies rather than financial organizations? In how far does this apply to MtGox, given that they are based in Japan, given that it is a US standard? What would be the japanese equivalent to ask for?

It only applies to the extent we as his customer base demand it of him.  For him to get a SAS 70 he wouldn't be doing it to comply with any law, he would be doing it to fufill our demand for an independent report detailing his controls and an opinion on their effectiveness as practiced, all signed by somebody with their credentials on the line.  There might be a Japanese equivalent, but personally I'd rather read a SAS 70 from a US-based auditor, possibly because I don't speak any Japanese.

And SAS 70 already has a recipe for things to look for in an "application service provider"... for example, the scope of such an audit is already documented and known to cover procedures such as backups, who has access to modify data, who has access to modify source code, security solutions being used, etc.

I have been mentioning SAS 70 to Mark as of several months ago.  No interest was displayed.  Besides asking in numbers, the best way to persuade him to do it, in my opinion, is to go get TradeHill and Camp BX to get one done, so he'll be left out.



newbie
Activity: 14
Merit: 0
Thanks many for your comments and suggestions on my OP.
After getting a taste of your comments. The proposed audit appears to be a no go.
It really seemed like a good idea to me, and maybe it still is, but If the BTC community
cannot be convinced then, yes please, let's discuss other options.
I hear of third party audits that have already taken place.
Where can I find the details of those audits?
Are they published on MTgox's web site?

Due to the sensitive nature of the information you're asking about, no it has not been posted anywhere. But I'm sure our coins and money are well looked after and accounted for! (As long as you don't get hacked!)
sr. member
Activity: 455
Merit: 250
You Don't Bitcoin 'till You Mint Coin
Thanks many for your comments and suggestions on my OP.
After getting a taste of your comments. The proposed audit appears to be a no go.
It really seemed like a good idea to me, and maybe it still is, but If the BTC community
cannot be convinced then, yes please, let's discuss other options.
I hear of third party audits that have already taken place.
Where can I find the details of those audits?
Are they published on MTgox's web site?
newbie
Activity: 59
Merit: 0

its not b/c i have any special privileges at all.  its b/c i take an active interest in my investments and want to know the people i'm trusting as much as possible in this type of environment.  all it takes is for you to go on IRC, PM him, email him, etc. and you will get answers to all your questions.

and i will mention that he publish a third party audit.  you should too.

Great, we´re finally getting somewhere! You promised to get in touch with Mark to impress the need for an external audit on him, I will do so too and if I got you right, you would encourage all the others reading and posting on this thread to do likewise. This might actually get things moving, thanks.

Really looking forward to seeing the outcome.
legendary
Activity: 1764
Merit: 1002
i wouldn't mind an audit either.  my whole argument is how you're going about it.  the way you propose will damage mtgox and i can't understand how you can't see that.  or maybe you do.

Great to hear that you agree that an audit makes sense. Given that you seem to be in close contact with the former as well as the current owner:

because Jed has told me it was his acct that got hacked after the SQL injection.

still doesn't absolve Mark.

maybe you can pass along the common sentiment of this thread to Mark.

its not b/c i have any special privileges at all.  its b/c i take an active interest in my investments and want to know the people i'm trusting as much as possible in this type of environment.  all it takes is for you to go on IRC, PM him, email him, etc. and you will get answers to all your questions.

and i will mention that he publish a third party audit.  you should too.
hero member
Activity: 868
Merit: 1000
whats wrong with this idea? i think its a good idea, mtgox should not be doing FRB, but i think 2 weeks if a bit much, maby 3 days?

It takes time to get funds into and out of the exchanges, so if people did withdraw their funds and waited three days to see whether they received them (I think some methods take even longer than this to process), they'd then have to wait for those funds to hit their MtGox account when they redeposited them before they could trade again.  I suspect that many people would find this unacceptable, especially as some forms of deposit and withdrawal cost money.

Audits are a good idea but you need access to the financial records of the company in order for them to establish anything.  

That said, it would be nice to know whether it's one of the exchanges which is currently moving large amounts of coins around from blocks 144916 and 144917. 
newbie
Activity: 59
Merit: 0
i wouldn't mind an audit either.  my whole argument is how you're going about it.  the way you propose will damage mtgox and i can't understand how you can't see that.  or maybe you do.

Great to hear that you agree that an audit makes sense. Given that you seem to be in close contact with the former as well as the current owner:

because Jed has told me it was his acct that got hacked after the SQL injection.

still doesn't absolve Mark.

maybe you can pass along the common sentiment of this thread to Mark.
legendary
Activity: 1386
Merit: 1003
MTGOX is making a good deal of money/coin.  Just take the volume and multiply by the fee charged.  I have confidence that mtgox has my money and extra to spare.  With the money they are taking in they have the resources to secure their servers against attacks that have already happened.  They have served the community and helped out many times when they had no responsibility to do so. 

I have coin in other exchanges as well, and use which gives me the best execution at the moment I need it done. 
legendary
Activity: 1764
Merit: 1002
i wouldn't mind an audit either.  my whole argument is how you're going about it.  the way you propose will damage mtgox and i can't understand how you can't see that.  or maybe you do.
sr. member
Activity: 455
Merit: 250
You Don't Bitcoin 'till You Mint Coin
I will not be removing my coin from mtgox, and I am sure many others will not as well.  



If many choose not to then yes it would render this audit uneffective.
what proposals do you have for a full transparant audit?
I do hope you see the need.
sr. member
Activity: 455
Merit: 250
You Don't Bitcoin 'till You Mint Coin
All of the exchanges should be audited by an independent third party on a regular basis.  What the OP has proposed could create a false sense of security given the likelihood that many people won't try to withdraw their money/BTC - it's not going to conclusively prove than the exchange has enough on hand in segregated funds to cover 100% of user deposits.

That's a good point.
Thanks.

I still hope people consider the proposed audit. If not, please provide a better solution.
A full transparant audit is neccessary and I would at least hope that everyong agrees with that.
sr. member
Activity: 350
Merit: 251
whats wrong with this idea? i think its a good idea, mtgox should not be doing FRB, but i think 2 weeks if a bit much, maby 3 days?
full member
Activity: 154
Merit: 100
I'm okay with an audit.

However, convincing everyone to remove their money on X day for Y period is the most inefficient way I can think of doing it.
legendary
Activity: 1764
Merit: 1002
how would this boycott prove anything? removing your funds won't prove anything. it would not make sense for mt gox or any other large exchange to leave all funds online and accessible all the time. I don't get it.

you're not supposed to "get it".  he expects you to mindlessly go along with his hair brained proposal.
legendary
Activity: 1386
Merit: 1003
I will not be removing my coin from mtgox, and I am sure many others will not as well.  

newbie
Activity: 59
Merit: 0
"SAS 70 Type II or equivalent" is the magic thing to ask for if you want any meaningful results!

Not an accountant, but wouldn´t you need a SAS 55 too, to be sure? Also, from what I remember, isn´t this standard geared towards nonfinancial companies rather than financial organizations? In how far does this apply to MtGox, given that they are based in Japan, given that it is a US standard? What would be the japanese equivalent to ask for?
full member
Activity: 196
Merit: 101
how would this boycott prove anything? removing your funds won't prove anything. it would not make sense for mt gox or any other large exchange to leave all funds online and accessible all the time. I don't get it.
Pages:
Jump to: