Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure e-Business Chartered Accountants of Canada Comptables agréés du Canada Overview of WebTrust TM.

Published byDerick Parker Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure e-Business Chartered Accountants of Canada Comptables agréés du Canada Overview of WebTrust TM."— Presentation transcript:

1 Secure e-Business Chartered Accountants of Canada Comptables agréés du Canada Overview of WebTrust TM

2 Secure e-Business  What are this site’s e-Commerce practices?  I am worried about security  I would like to maintain anonymity  I do not like trace ability  What are they going to do with my information?  Who am I really doing business with?  I am afraid I will get scammed, will I get my stuff?  What is the recourse if something goes wrong? Concerns About e-Business

3 Secure e-Business People who have access to the Internet but who have not purchased a good or service through the Internet, state that the following were factors in their decision: 52 % Concern over privacy of personal information 56 % Concern over unauthorized use of credit card information 36 % Concern over not receiving product or service ordered Source: Canadian Institute of Chartered Accountants Electronic Commerce Survey August 1997 Barriers to Acceptance

4 Secure e-Business  The visual aspect of online shopping is key  There is a strong commitment to purchasing at Canadian sites.  Online purchasing is considered to be convenient and saves time.  Considerable concern still exists about the privacy of personal information related to online purchasing.  A third party security endorsement can help build the trust of site visitors.  Book marking of favorite sites has the potential to build loyalty  The power of “word of mouth” should not be underestimated. D&T & Retail Council of Canada’s Most Recent Study Consumers are saying…

5 Secure e-Business  Provides assurance that a web site meets AICPA/CICA defined criteria for business practices and transaction integrity, security and privacy, and related disclosures.  Is designed to build consumer confidence in electronic commerce.  Is the only service combining privacy, security, and transactional integrity with up-front and ongoing independent third party verification.  Will be able to demonstrate a web site’s compliance with the privacy laws of major industrial countries.  Is a global seal that can be provided by qualified and licensed CPAs and CAs around the world. The WebTrust TM Response A Unique Seal of Assurance WebTrust TM

6 Secure e-Business WebTrust TM Global Availability

7 Secure e-Business Planning:  New Zealand Researching:  Belgium  Malaysia  Japan  Italy  Argentina Currently:  Canada  United States  England and Wales  Denmark  France  Germany  Ireland  Netherlands  Spain  Australia  Hong Kong Global Offering of WebTrust TM

8 Secure e-Business WebTrust TM Sample Site

9 Secure e-Business

10 Web consumer would see the seal on a Web page Would then click on it to access additional information WebTrust TM Seal

11 Secure e-Business WebTrust TM Certification Process

12 Secure e-Business  Definition of scope  Web sites & services included  Geographical scope  Self-assessment questionnaire  Understand outsourced activities  Initial period at least 60 days  Unqualified audit report  At least semi-annual updates  Independence  Appropriate team with required expertise WebTrust TM Certification Process

13 Secure e-Business  Perform a Self-evaluation.  Understand and document the electronic commerce business and systems processes, procedures and controls.  Map existing processes and controls against WebTrust™ Principles and Criteria.  Build a WebTrust™ Preview Site Overview of the WebTrust TM Process Phase I – Understanding the Methodology and Process Phase I – Understanding the Methodology & Process Self Evaluation Understand & Document Process, Procedures & Controls Map Processes & Controls Build WebTrust TM Preview Site

14 Secure e-Business Overview of the WebTrust TM Process Phase II – Testing of the Processes & Controls Test and Evaluate  Test and evaluate the Business Practices Disclosures, Transaction Integrity, Security and Privacy Controls.

15 Secure e-Business Overview of the WebTrust TM Process Phase III – Reporting Complete and Certify  Complete the final report and certify the Web Site.

16 Secure e-Business  Update our review and tests of the Business Practice Disclosure, Transaction Integrity and Information Protection on a semi- annual basis.  Update for any major system changes and service offerings. Overview of the WebTrust TM Process Phase IV – Minimum Semi-Annual Updates (Version 3.0) Phase IV – Minimum Semi-Annual Updates Update & Review our Tests Semi-Annually Update for any Major System Changes & Service Offerings

17 Secure e-Business  WebTrust™ Security Seal  WebTrust™ Transactional Integrity Seal  WebTrust™ Privacy Seal  or WebTrust™ Consumer Protection Seal including all three of the above  Additional principles for B2B & ISP/ASPs include:  availability  confidentiality  non-repudiation  customized disclosures The New Version 3.0 WebTrust TM Version 3.0 includes any of the following WebTrust TM Seals:

18 Secure e-Business The enterprise discloses key security policies, complies with such security policies, and maintains effective controls to provide reasonable assurance that access to electronic commerce system and data is restricted only to authorized individuals in conformity with its disclosed security policies. WebTrust TM 3.0 Principles: Security Security

19 Secure e-Business Transaction Integrity The enterprise discloses its business practices for electronic commerce, executes transactions in conformity with such practices, and maintains effective controls to provide reasonable assurance that e-Commerce transactions are processed completely, accurately and conformity with its disclosed business practices. WebTrust TM 3.0 Principles: Transaction Integrity

20 Secure e-Business WebTrust TM 3.0 Principles: Privacy The enterprise discloses its privacy policies, complies with such privacy practices, and maintains effective controls to provide reasonable assurance that personally identifiable information obtained as a result of electronic commerce is protected in conformity with its disclosed privacy practices. Privacy

21 Secure e-Business WebTrust TM 3.0 Principles: Availability The enterprise discloses its practices for availability, complies with such availability disclosures, and maintains effective controls to provide reasonable assurance that e-commerce systems and data are available as disclosed. Availability

22 Secure e-Business WebTrust TM 3.0 Principles: Non-repudiation The enterprise discloses it practices for non-repudiation, complies with such practices, and maintains effective controls and appropriate records to provide reasonable assurance that the authentication and integrity of transactions and messages received electronically are provable to third parties in conformity with its disclosed non- repudiation practices. Non-repudiation

23 Secure e-Business WebTrust TM 3.0 Principles: Confidentiality The enterprise discloses its confidentiality practices, complies with such confidentiality practices and maintains effective controls to provide reasonable assurance that access to information obtained as a result of electronic commerce and designated as confidential is restricted to authorized individuals in conformity with its disclosed confidentiality practices. Confidentiality

24 Secure e-Business WebTrust TM 3.0 Principles: Customized Disclosures The enterprise’s specified disclosures are consistent with professional standards for suitable criteria and relevant to its electronic controls over the processes supporting such disclosures to provide reasonable assurance that such disclosures are reliable. Customized Disclosures

25 Secure e-Business Frequently Asked Questions

26 Secure e-Business What happens if a company does not meet the audit requirements? How long do we have to fix any inconsistencies? The company needs to demonstrate that it has been in compliance with the WebTrust™ criteria for at least 60 days before it can receive the WebTrust™ seal. Then it needs to remain in compliance with the criteria to continue to display the seal. As part of their work, practitioners may identify weaknesses which need to be addressed. This may be included as part of the services based on the extent of the weaknesses identified. However, if the practitioner and the management determine that the weaknesses are extensive, then we will have to address those issues and help you improve the controls and practices separately. In such cases, the seal will be awarded 60 days after the implementation of the new controls, to ensure their effectiveness.

27 Secure e-Business What does WebTrust™ membership provide other than quarterly (semi-annual) audits? As is the case with a financial statement audit, there is no membership structure. The AICPA/CICA task force would be willing to consider such a program if there was sufficient interest among organizations with the WebTrust™ seal. However, as a certified WebTrust™ web-site, you will be listed at the WebTrust™ home page under a listing of all WebTrust™ certified companies. This provides customers a “Yellow Pages” of WebTrust™ web-sites. Additionally, the members will have access to “Best Practices” for Internet electronic commerce.

28 Secure e-Business How is a WebTrust™ audit different from a regular accounting and/ or system audit and what extra value does it provide? The purpose of a WebTrust™ audit differs significantly from those of a financial statement audit. The focus of WebTrust™ is on the business practices disclosures for electronic commerce transactions and the related controls over transaction integrity and information protection. The WebTrust™ view is ensuring that business-to-consumer electronic commerce transactions are appropriately handled and that related concerns of typical consumers are addressed by the business. By contrast, the financial statement audit focuses on the reliability and fair presentation of financial statements and the related footnotes and disclosures. The audit work performed on accounting systems is an intermediate step in formulating the auditor's opinion on the financial statements.

29 Secure e-Business By representing WebTrust™, does the CA or CPA issuing the WebTrust seal ensure security of the company’s processes and systems to customers? The responsibility for ensuring security of a company’s processes and systems is that of the company’s management. The practitioner is providing an independent and objective assessment of how management is discharging that responsibility.

30 Secure e-Business What are the key customer benefits? Key customer benefits are increased trust and confidence in doing business electronically on the Internet. This should ultimately result in more efficient markets and lower cost benefits to both the company and its customers. Customers will have access to a “Yellow Pages” listing of your web-site as a WebTrust™ certified business. WebTrust™ is a recognized seal of assurance on the Internet. The true advantage will be for those companies who get the early edge through strategic marketing of their electronic commerce practices and their WebTrust™ certification.

Download ppt "Secure e-Business Chartered Accountants of Canada Comptables agréés du Canada Overview of WebTrust TM."

Similar presentations

Assurance Services Independent professional services that “improve the quality of information, or its context, for decision makers” Assurance service encompass.

Assurance Services Independent professional services that “improve the quality of information, or its context, for decision makers” Assurance service encompass.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Additional Assurance Services: Other Information

Additional Assurance Services: Other Information
[Organisation’s Title] Environmental Management System

[Organisation’s Title] Environmental Management System
Understanding Audit Reports

Understanding Audit Reports
IT Assurance A fantastic career choice! Presented by the PICPA’s IT Assurance Committee.

IT Assurance A fantastic career choice! Presented by the PICPA’s IT Assurance Committee.
Audit and Assurance services

Audit and Assurance services
Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.

Dr. Mohamed A. Hamada Lecturer of Accounting Information Systems Advanced Auditing Lecture 1 Assurance and Attestation Services.
March 6, 2012 SOC Reporting: What is New in the Audit Guides?

March 6, 2012 SOC Reporting: What is New in the Audit Guides?
1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.

1 WebTrust for Certification Authorities (CAs) Overview October 2011 WebTrust for Certification Authorities (CAs) Overview October 2011 Presentation based.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
Discussion on SA-500 – AUDIT EVIDENCE

Discussion on SA-500 – AUDIT EVIDENCE
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Chapter 20 Additional Assurance Services: Other Information

Chapter 20 Additional Assurance Services: Other Information
National Institute of Advanced Industrial Science and Technology Proposals for auditing Yoshio Tanaka Grid Technology Research.

National Institute of Advanced Industrial Science and Technology Proposals for auditing Yoshio Tanaka Grid Technology Research.
Other Assurance & Attestation Services By David N. Ricchiute

Other Assurance & Attestation Services By David N. Ricchiute
Assurance, Attestation, and Internal Auditing Services

Assurance, Attestation, and Internal Auditing Services
BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.

BA 427 – Assurance and Attestation Services Lecture 18 The Types of Services Offered by Public Accounting Firms.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1 - 1 The Demand for Audit and Other Assurance Services Chapter 1.

©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Demand for Audit and Other Assurance Services Chapter 1.
National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

Similar presentations

Ads by Google