Bitcoin: Risks and Controls

• Published date: 01 July 2015
• Date: 01 July 2015
• Author: Robert Hogan,Gerry Grant
• DOI: http://doi.org/10.1002/jcaf.22060

29

© 2015 Wiley Periodicals, Inc.

Published online in Wiley Online Library (wileyonlinelibrary.com).

DOI 10.1002/jcaf.22060

f

e

a

t

u

r

e

a

r

t

i

c

l

e

Bitcoin: Risks and Controls

Gerry Grant and Robert Hogan

INTRODUCTION

Bitcoin1 is a vir-

tual currency that

began as a white

paper in November

2008 and transitioned

from an idea to real-

ity in 2009 with the

mining of the first

bitcoin. While not the

first virtual currency,

Bitcoin has solved

the fundamental

problems that plagued earlier

attempts at virtual currency.

Through the use of cryptogra-

phy and the combination

of a public and private key,

Bitcoin had made its use

almost completely anonymous

and has eliminated the need

for a central authority that can

see the details of every transac-

tion. Additionally, the creation

of bitcoins through the mining

process provides a mechanism

that generates a stable sup-

ply of the currency without

the intervention of a central

regulatory body that might be

tempted to devalue the cur-

rency through arbitrary cur-

rency creation.

The total number of bit-

coins that can be mined is

about 21 million, with about

12million created so far

(Brito& Castillo, 2013; Tucker,

2013). Even though the total

number of bitcoins that can be

mined is capped, Bitcoin is a

fractional currency, meaning

that a portion of a bitcoin can

be used to complete a transac-

tion (Fowler, 2014). The small-

est denomination of a bitcoin,

called a “satoshi,” is 0.00000001

of a bitcoin. Based on current

estimates, the last satoshi is

expected to be mined in the year

2140 (Brito & Castillo, 2013;

Tucker, 2013).

The advantages and grow-

ing acceptance of Bitcoin

suggest that the integration of

virtual currency may be rap-

idly approaching. The use of

Bitcoin introduces a variety of

risk and internal control mat-

ters that must be understood

and addressed before a firm

integrates bitcoins

into the firm’s opera-

tional model. In this

article, we discuss the

risks associated with

Bitcoin and related

internal controls.

AUDITOR CONCERNS

Management

is responsible for

designing and imple-

menting a system

of internal controls that will

safeguard the firm’s assets.

Thischallenge is never simple,

and adding or including bit-

coins into the firm’s opera-

tional processes exposes the

firm to additional risks that

potentially were previously

beyond the concern of the firm.

Addressing these types of con-

cerns is often delegated to the

internal audit department, as

they tend to serve as internal

consultants as well as process

and control advisors to man-

agement concerning system

and data processing. Regarding

Bitcoin specifically, the audit‐

related concerns include:

• Assessing data security and

risk vulnerabilities,

• Performing regular security

audits,

Proponents hype the benefits of Bitcoin transac-

tions as being faster and cheaper than traditional

methods; however, concerns around the lack of

a central governing agency, lack of controls over

Bitcoin exchanges, and the volatility of the virtual

currency persist. Therefore, a company’s use of

Bitcoin, as a medium of exchange or as an invest-

ment, involves risks and internal control concerns

that merit careful consideration.

© 2015 Wiley Periodicals, Inc.