Full Blown MtGox Audit - Get Ready To participate. Starting Sept 25th

[Littleshop]

MTGOX is making a good deal of money/coin.  Just take the volume and multiply by the fee charged.  I have confidence that mtgox has my money and extra to spare.  With the money they are taking in they have the resources to secure their servers against attacks that have already happened.  They have served the community and helped out many times when they had no responsibility to do so. 

I have coin in other exchanges as well, and use which gives me the best execution at the moment I need it done. 

[Gandlaf]

i wouldn't mind an audit either.  my whole argument is how you're going about it.  the way you propose will damage mtgox and i can't understand how you can't see that.  or maybe you do.

Great to hear that you agree that an audit makes sense. Given that you seem to be in close contact with the former as well as the current owner:

because Jed has told me it was his acct that got hacked after the SQL injection.

still doesn't absolve Mark.

maybe you can pass along the common sentiment of this thread to Mark.

[repentance]

whats wrong with this idea? i think its a good idea, mtgox should not be doing FRB, but i think 2 weeks if a bit much, maby 3 days?

It takes time to get funds into and out of the exchanges, so if people did withdraw their funds and waited three days to see whether they received them (I think some methods take even longer than this to process), they'd then have to wait for those funds to hit their MtGox account when they redeposited them before they could trade again.  I suspect that many people would find this unacceptable, especially as some forms of deposit and withdrawal cost money.

Audits are a good idea but you need access to the financial records of the company in order for them to establish anything.  

That said, it would be nice to know whether it's one of the exchanges which is currently moving large amounts of coins around from blocks 144916 and 144917. 

[cypherdoc]

i wouldn't mind an audit either.  my whole argument is how you're going about it.  the way you propose will damage mtgox and i can't understand how you can't see that.  or maybe you do.

Great to hear that you agree that an audit makes sense. Given that you seem to be in close contact with the former as well as the current owner:

because Jed has told me it was his acct that got hacked after the SQL injection.

still doesn't absolve Mark.

maybe you can pass along the common sentiment of this thread to Mark.

its not b/c i have any special privileges at all.  its b/c i take an active interest in my investments and want to know the people i'm trusting as much as possible in this type of environment.  all it takes is for you to go on IRC, PM him, email him, etc. and you will get answers to all your questions.

and i will mention that he publish a third party audit.  you should too.

[Gandlaf]

its not b/c i have any special privileges at all.  its b/c i take an active interest in my investments and want to know the people i'm trusting as much as possible in this type of environment.  all it takes is for you to go on IRC, PM him, email him, etc. and you will get answers to all your questions.

and i will mention that he publish a third party audit.  you should too.

Great, we´re finally getting somewhere! You promised to get in touch with Mark to impress the need for an external audit on him, I will do so too and if I got you right, you would encourage all the others reading and posting on this thread to do likewise. This might actually get things moving, thanks.

Really looking forward to seeing the outcome.

[allten]

Thanks many for your comments and suggestions on my OP.
After getting a taste of your comments. The proposed audit appears to be a no go.
It really seemed like a good idea to me, and maybe it still is, but If the BTC community
cannot be convinced then, yes please, let's discuss other options.
I hear of third party audits that have already taken place.
Where can I find the details of those audits?
Are they published on MTgox's web site?

[FreeMonies]

Thanks many for your comments and suggestions on my OP.
After getting a taste of your comments. The proposed audit appears to be a no go.
It really seemed like a good idea to me, and maybe it still is, but If the BTC community
cannot be convinced then, yes please, let's discuss other options.
I hear of third party audits that have already taken place.
Where can I find the details of those audits?
Are they published on MTgox's web site?

Due to the sensitive nature of the information you're asking about, no it has not been posted anywhere. But I'm sure our coins and money are well looked after and accounted for! (As long as you don't get hacked!)

[casascius]

"SAS 70 Type II or equivalent" is the magic thing to ask for if you want any meaningful results!

Not an accountant, but wouldn´t you need a SAS 55 too, to be sure? Also, from what I remember, isn´t this standard geared towards nonfinancial companies rather than financial organizations? In how far does this apply to MtGox, given that they are based in Japan, given that it is a US standard? What would be the japanese equivalent to ask for?

It only applies to the extent we as his customer base demand it of him.  For him to get a SAS 70 he wouldn't be doing it to comply with any law, he would be doing it to fufill our demand for an independent report detailing his controls and an opinion on their effectiveness as practiced, all signed by somebody with their credentials on the line.  There might be a Japanese equivalent, but personally I'd rather read a SAS 70 from a US-based auditor, possibly because I don't speak any Japanese.

And SAS 70 already has a recipe for things to look for in an "application service provider"... for example, the scope of such an audit is already documented and known to cover procedures such as backups, who has access to modify data, who has access to modify source code, security solutions being used, etc.

I have been mentioning SAS 70 to Mark as of several months ago.  No interest was displayed.  Besides asking in numbers, the best way to persuade him to do it, in my opinion, is to go get TradeHill and Camp BX to get one done, so he'll be left out.

[johnj]

I have been mentioning SAS 70 to Mark as of several months ago.  No interest was displayed.  Besides asking in numbers, the best way to persuade him to do it, in my opinion, is to go get TradeHill and Camp BX to get one done, so he'll be left out.

Oh wow.  That looks kinda shady. 

If an audit would increase confidence among a few and demonstrate good housekeeping, I don't see why not.  If they resist that's a red flag for me.

I hope TH and CampBX step up.

[cablepair]

An audit is not that unreasonable... I write payroll processing software for a living, and my customers demand audits.

This sort of audit is something I have to pay for.  But of course it makes my services more attractive, so it's a worthwhile investment.

Generally the way it works is an auditor flies in and does his thing, asks for records, asks to inspect certain things, and asks for statements on what controls are in place.  His product is a written opinion as to whether or not we're properly implementing the controls we say we're implementing, as well as a description of what those controls are.  Ours comes out to like 50 pages.  His product is called a "SAS 70 Type II audit".  The auditor has to be a CPA.

Want to put a burr under MtGox?  Persuade his competition to get and publish a SAS 70 type II or equivalent.  They cost maybe $10-$25k to get.  I can offer referrals.

That is the most logical and by far the most effective proposition I have yet to hear on dealing with the latest MTGox accusations.

To respond to the OP, it is preposterous to think that every single person who has money in MTGox is going to withdraw it for 2 weeks. It makes zero sense and it would never happen.

 I think MTGox should get a SAS 70 Type II audit, it would do wonders for their business and to boost the legitimacy of Bitcoin to the world.

thank you for that.

[flower1024]

 I think MTGox should get a SAS 70 Type II audit, it would do wonders for their business and to boost the legitimacy of Bitcoin to the world.

thank you for that.

+1