1 / 11

Chapter 8 Auditing in an E-commerce Environment

Chapter 8 Auditing in an E-commerce Environment. Electronic Commerce. Electronic commerce includes activities of promoting and selling a product or service and obtaining payment for the same. Objectives of IS Audit of E-commerce.

cmcelwain
Download Presentation

Chapter 8 Auditing in an E-commerce Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 8Auditing in an E-commerce Environment

  2. Electronic Commerce • Electronic commerce includes activities of promoting and selling a product or service and obtaining payment for the same.

  3. Objectives of IS Audit of E-commerce • To gain an understanding of the E-commerce product line, transaction flow, and settlement processes. • To ensure that adequate internal controls are in place along with audit trails necessary to recreate a transaction. • To determine whether the top management • recognizes additional business and control risks • adopts specific policies for e-commerce.

  4. Objectives of IS Audit of E-banking • To determine if contingency and disaster plans are adequate. • To determine if legal compliance is being ensured. • To determine whether implemented controls are appropriate to the type and level of risks arising from e-commerce activities.

  5. General Overview • Obtain the following documentation: • List of personnel and their duties. • Flow chart of the e-commerce system. • Summaries of strategic plans. • Independent reviews, assessments, or system certifications performed by consultants or experts • Details of E-commerce activities conducted. • Details regarding complaints specific to E-commerce • External audit reports and related materials. • Relevant operating policies and procedures.

  6. General Overview • Determine extent of dependence on external vendors and their role • Review documentation and conduct discussions to determine: • How security for E-commerce is addressed. • How management supervises E-commerce functions, including outsourced functions. • Any significant changes in policies, personnel, or control systems. • Any internal or external factors that could affect e-commerce.

  7. Auditing E-commerce Functions • Overview the hardware, software, connectivity, and remote access points, delivery flow. • Implementation • Approval from Board/ Committee • Control systems • Training • Accuracy and content of interface programmes • Policies and procedures • Programming policies viz. hyper-linking • Customer confidential information • Usage of system resources

  8. Auditing E-commerce Functions • Administration • E-commerce security officer • Unique customer-id for customers • Employee access to E-commerce forms • Process of generating exception reports • E-commerce Security program • Accounting and processing • Reconciliation to cover all transactions • Identify duplicate transactions • Determine if appropriate audit trails are generated • Review of financial statement of major vendors

  9. Auditing E-commerce Functions • Legal & Regulatory Matters • Accuracy of information on website • Compliance with relevant act • Awareness of cyber crimes • Internet Security Administration • Password administration • Internal connection to external service • Physical security issues • Contract with vendors

  10. E-commerce Policies and Procedures • Clear allocation of responsibility for system security. • Control over network and data access • E-commerce firewall policies to include • access rules and • responsibility for maintenance and monitoring. • Encryption technique used • Identify whether security policies are periodically reviewed and updated.

  11. Impact of E-commerce on Internal Control • Security • Transaction Integrity • Process alignment • International Laws • Audit Evidence

More Related