Download presentation
Presentation is loading. Please wait.
Published byBeverly Collins Modified over 9 years ago
1
Chapter 8 Auditing in an E-commerce Environment
2
Electronic Commerce Electronic commerce includes activities of promoting and selling a product or service and obtaining payment for the same.
3
Objectives of IS Audit of E-commerce
To gain an understanding of the E-commerce product line, transaction flow, and settlement processes. To ensure that adequate internal controls are in place along with audit trails necessary to recreate a transaction. To determine whether the top management recognizes additional business and control risks adopts specific policies for e-commerce.
4
Objectives of IS Audit of E-banking
To determine if contingency and disaster plans are adequate. To determine if legal compliance is being ensured. To determine whether implemented controls are appropriate to the type and level of risks arising from e-commerce activities.
5
General Overview Obtain the following documentation:
List of personnel and their duties. Flow chart of the e-commerce system. Summaries of strategic plans. Independent reviews, assessments, or system certifications performed by consultants or experts Details of E-commerce activities conducted. Details regarding complaints specific to E-commerce External audit reports and related materials. Relevant operating policies and procedures.
6
General Overview Determine extent of dependence on external vendors and their role Review documentation and conduct discussions to determine: How security for E-commerce is addressed. How management supervises E-commerce functions, including outsourced functions. Any significant changes in policies, personnel, or control systems. Any internal or external factors that could affect e-commerce.
7
Auditing E-commerce Functions
Overview the hardware, software, connectivity, and remote access points, delivery flow. Implementation Approval from Board/ Committee Control systems Training Accuracy and content of interface programmes Policies and procedures Programming policies viz. hyper-linking Customer confidential information Usage of system resources
8
Auditing E-commerce Functions
Administration E-commerce security officer Unique customer-id for customers Employee access to E-commerce forms Process of generating exception reports E-commerce Security program Accounting and processing Reconciliation to cover all transactions Identify duplicate transactions Determine if appropriate audit trails are generated Review of financial statement of major vendors
9
Auditing E-commerce Functions
Legal & Regulatory Matters Accuracy of information on website Compliance with relevant act Awareness of cyber crimes Internet Security Administration Password administration Internal connection to external service Physical security issues Contract with vendors
10
E-commerce Policies and Procedures
Clear allocation of responsibility for system security. Control over network and data access E-commerce firewall policies to include access rules and responsibility for maintenance and monitoring. Encryption technique used Identify whether security policies are periodically reviewed and updated.
11
Impact of E-commerce on Internal Control
Security Transaction Integrity Process alignment International Laws Audit Evidence
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.