Chapter 8 Auditing in an E-commerce Environment

Slides:

Advertisements

Similar presentations

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

Advertisements

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

Information Technology Control Day IV Afternoon Sessions.

The Islamic University of Gaza

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

Security Controls – What Works

Information Security Policies and Standards

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Managing the Information Technology Resource Jerry N. Luftman

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

First Practice - Information Security Management System Implementation and ISO Certification.

The Information Systems Audit Process

SAFA- IFAC Regional SMP Forum

Lecture 8 Understanding entity and its environment

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

Network security policy: best practices

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Internal Auditing and Outsourcing

Overview of Systems Audit

Copyright 2005 Welcome to The Great Lakes TL 9000 SIG TL 9000 Requirements Release 3.0 to Release 4.0 Differences Bob Clancy Vice President, BIZPHYX,

Chapter 3 Internal Controls.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Presented to President’s Cabinet. INTERNAL CONTROLS are the integration of the activities, plans, attitudes, policies and efforts of the people of an.

Chapter 07 Internal Control McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

IT Auditing & Assurance, 2e, Hall & Singleton C hapter 12: Fraud Schemes & Fraud Detection.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Internal Control in a Financial Statement Audit

The University of California UC Financial Management Jim Corkill Controller, Accounting Services & Controls University of California, Santa Barbara November,

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Agency Risk Management & Internal Control Standards (ARMICS)

IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee

Corporate Governance at CDS Ian A. Gilhooley President and CEO.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.

Auditing Information Systems (AIS)

PwC 21 CFR Part 11 – A Risk Management Perspective Patrick D. Roche 07 March 2003, Washington D.C.

LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.

Audit Planning Process

The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

Strategic Approaches to Improving Ethical Behavior

Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.

[Hayes, Dassen, Schilder and Wallage, Principles of Auditing An Introduction to ISAs, edition 2.1] © Pearson Education Limited 2007 Slide 7.1 Internal.

McGraw-Hill/Irwin © 2003 The McGraw-Hill Companies, Inc., All Rights Reserved. 6-1 Chapter 6 CHAPTER 6 INTERNAL CONTROL IN A FINANCIAL STATEMENT AUDIT.

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

AUDIT OF INTERNAL CONTROL Day V Sessions I & II. Session Overview Periodical audit of existence of internal control in order to examine its effectiveness.

HIPAA Security John Parmigiani Director HIPAA Compliance Services CTG HealthCare Solutions, Inc.

Copyright © 2007 Pearson Education Canada 9-1 Chapter 9: Internal Controls and Control Risk.

Chapter 5 Evaluating the Integrity and Effectiveness of the Client’s Control Systems.

Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Deck 5 Accounting Information Systems Romney and Steinbart Linda Batch February 2012.

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

1 Vereniging van Compliance Officers The Compliance Function in Banks Amsterdam, 10 June 2004 Marc Pickeur CBFA CBFA.

BTEC NAT Unit 15 - Organisational Systems Security ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 7 EMPLOYMENT CONTRACTS & CODES OF CONDUCT.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.

SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.

Modern Auditing: Assurance Services and the Integrity of Financial Reporting, 8th Edition William C. Boynton California Polytechnic State University at.

Internal and external control in an automated environment

Internal Control Principles

Cybersecurity Special Public Meeting/Commission Workshop for Natural Gas Utilities September 27, 2018.

Chapter 8 Developing an Effective Ethics Program

Internal controls 01-Nov-2017.

HIPAA Security Standards Final Rule

Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.

Presentation transcript:

Chapter 8 Auditing in an E-commerce Environment

Electronic Commerce Electronic commerce includes activities of promoting and selling a product or service and obtaining payment for the same.

Objectives of IS Audit of E-commerce To gain an understanding of the E-commerce product line, transaction flow, and settlement processes. To ensure that adequate internal controls are in place along with audit trails necessary to recreate a transaction. To determine whether the top management recognizes additional business and control risks adopts specific policies for e-commerce.

Objectives of IS Audit of E-banking To determine if contingency and disaster plans are adequate. To determine if legal compliance is being ensured. To determine whether implemented controls are appropriate to the type and level of risks arising from e-commerce activities.

General Overview Obtain the following documentation: List of personnel and their duties. Flow chart of the e-commerce system. Summaries of strategic plans. Independent reviews, assessments, or system certifications performed by consultants or experts Details of E-commerce activities conducted. Details regarding complaints specific to E-commerce External audit reports and related materials. Relevant operating policies and procedures.

General Overview Determine extent of dependence on external vendors and their role Review documentation and conduct discussions to determine: How security for E-commerce is addressed. How management supervises E-commerce functions, including outsourced functions. Any significant changes in policies, personnel, or control systems. Any internal or external factors that could affect e-commerce.

Auditing E-commerce Functions Overview the hardware, software, connectivity, and remote access points, delivery flow. Implementation Approval from Board/ Committee Control systems Training Accuracy and content of interface programmes Policies and procedures Programming policies viz. hyper-linking Customer confidential information Usage of system resources

Auditing E-commerce Functions Administration E-commerce security officer Unique customer-id for customers Employee access to E-commerce forms Process of generating exception reports E-commerce Security program Accounting and processing Reconciliation to cover all transactions Identify duplicate transactions Determine if appropriate audit trails are generated Review of financial statement of major vendors

Auditing E-commerce Functions Legal & Regulatory Matters Accuracy of information on website Compliance with relevant act Awareness of cyber crimes Internet Security Administration Password administration Internal connection to external service Physical security issues Contract with vendors

E-commerce Policies and Procedures Clear allocation of responsibility for system security. Control over network and data access E-commerce firewall policies to include access rules and responsibility for maintenance and monitoring. Encryption technique used Identify whether security policies are periodically reviewed and updated.

Impact of E-commerce on Internal Control Security Transaction Integrity Process alignment International Laws Audit Evidence