Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 8 Auditing in an E-commerce Environment

Published byBeverly Collins Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 8 Auditing in an E-commerce Environment"— Presentation transcript:

1 Chapter 8 Auditing in an E-commerce Environment

2 Electronic Commerce Electronic commerce includes activities of promoting and selling a product or service and obtaining payment for the same.

3 Objectives of IS Audit of E-commerce
To gain an understanding of the E-commerce product line, transaction flow, and settlement processes. To ensure that adequate internal controls are in place along with audit trails necessary to recreate a transaction. To determine whether the top management recognizes additional business and control risks adopts specific policies for e-commerce.

4 Objectives of IS Audit of E-banking
To determine if contingency and disaster plans are adequate. To determine if legal compliance is being ensured. To determine whether implemented controls are appropriate to the type and level of risks arising from e-commerce activities.

5 General Overview Obtain the following documentation:
List of personnel and their duties. Flow chart of the e-commerce system. Summaries of strategic plans. Independent reviews, assessments, or system certifications performed by consultants or experts Details of E-commerce activities conducted. Details regarding complaints specific to E-commerce External audit reports and related materials. Relevant operating policies and procedures.

6 General Overview Determine extent of dependence on external vendors and their role Review documentation and conduct discussions to determine: How security for E-commerce is addressed. How management supervises E-commerce functions, including outsourced functions. Any significant changes in policies, personnel, or control systems. Any internal or external factors that could affect e-commerce.

7 Auditing E-commerce Functions
Overview the hardware, software, connectivity, and remote access points, delivery flow. Implementation Approval from Board/ Committee Control systems Training Accuracy and content of interface programmes Policies and procedures Programming policies viz. hyper-linking Customer confidential information Usage of system resources

8 Auditing E-commerce Functions
Administration E-commerce security officer Unique customer-id for customers Employee access to E-commerce forms Process of generating exception reports E-commerce Security program Accounting and processing Reconciliation to cover all transactions Identify duplicate transactions Determine if appropriate audit trails are generated Review of financial statement of major vendors

9 Auditing E-commerce Functions
Legal & Regulatory Matters Accuracy of information on website Compliance with relevant act Awareness of cyber crimes Internet Security Administration Password administration Internal connection to external service Physical security issues Contract with vendors

10 E-commerce Policies and Procedures
Clear allocation of responsibility for system security. Control over network and data access E-commerce firewall policies to include access rules and responsibility for maintenance and monitoring. Encryption technique used Identify whether security policies are periodically reviewed and updated.

11 Impact of E-commerce on Internal Control
Security Transaction Integrity Process alignment International Laws Audit Evidence

Download ppt "Chapter 8 Auditing in an E-commerce Environment"

Similar presentations

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna 412-396-4419.

Managing Access to Student Health Information per Federal HIPAA Guidelines Joan M. Kiel, Ph.D., CHPS Duquesne University Pittsburgh, Penna
HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.

HIPAA Security Rule Overview and Compliance Program Presented by: Lennox Ramkissoon, CISSP The People’s Hospital HIPAA Security Manager The Hospital June.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
The Islamic University of Gaza

The Islamic University of Gaza
OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.

OMB Circular A-123 – Management’s Responsibility for Internal Control Policy Applicability Sources of Information Assessment, Documentation and Reporting.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
The Information Systems Audit Process

The Information Systems Audit Process
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Lecture 8 Understanding entity and its environment

Lecture 8 Understanding entity and its environment
1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.

1 Performance Auditing  In IT Environment  Evidence Gathering & Analysis Techniques  Computer Assisted Techniques  Use of IDEA.
Network security policy: best practices

Network security policy: best practices
Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Similar presentations

Ads by Google