110 likes | 194 Views
Chapter 8 Auditing in an E-commerce Environment. Electronic Commerce. Electronic commerce includes activities of promoting and selling a product or service and obtaining payment for the same. Objectives of IS Audit of E-commerce.
E N D
Electronic Commerce • Electronic commerce includes activities of promoting and selling a product or service and obtaining payment for the same.
Objectives of IS Audit of E-commerce • To gain an understanding of the E-commerce product line, transaction flow, and settlement processes. • To ensure that adequate internal controls are in place along with audit trails necessary to recreate a transaction. • To determine whether the top management • recognizes additional business and control risks • adopts specific policies for e-commerce.
Objectives of IS Audit of E-banking • To determine if contingency and disaster plans are adequate. • To determine if legal compliance is being ensured. • To determine whether implemented controls are appropriate to the type and level of risks arising from e-commerce activities.
General Overview • Obtain the following documentation: • List of personnel and their duties. • Flow chart of the e-commerce system. • Summaries of strategic plans. • Independent reviews, assessments, or system certifications performed by consultants or experts • Details of E-commerce activities conducted. • Details regarding complaints specific to E-commerce • External audit reports and related materials. • Relevant operating policies and procedures.
General Overview • Determine extent of dependence on external vendors and their role • Review documentation and conduct discussions to determine: • How security for E-commerce is addressed. • How management supervises E-commerce functions, including outsourced functions. • Any significant changes in policies, personnel, or control systems. • Any internal or external factors that could affect e-commerce.
Auditing E-commerce Functions • Overview the hardware, software, connectivity, and remote access points, delivery flow. • Implementation • Approval from Board/ Committee • Control systems • Training • Accuracy and content of interface programmes • Policies and procedures • Programming policies viz. hyper-linking • Customer confidential information • Usage of system resources
Auditing E-commerce Functions • Administration • E-commerce security officer • Unique customer-id for customers • Employee access to E-commerce forms • Process of generating exception reports • E-commerce Security program • Accounting and processing • Reconciliation to cover all transactions • Identify duplicate transactions • Determine if appropriate audit trails are generated • Review of financial statement of major vendors
Auditing E-commerce Functions • Legal & Regulatory Matters • Accuracy of information on website • Compliance with relevant act • Awareness of cyber crimes • Internet Security Administration • Password administration • Internal connection to external service • Physical security issues • Contract with vendors
E-commerce Policies and Procedures • Clear allocation of responsibility for system security. • Control over network and data access • E-commerce firewall policies to include • access rules and • responsibility for maintenance and monitoring. • Encryption technique used • Identify whether security policies are periodically reviewed and updated.
Impact of E-commerce on Internal Control • Security • Transaction Integrity • Process alignment • International Laws • Audit Evidence