A Study of E-Commerce System Audit
|
|
- Loren Dalton
- 8 years ago
- Views:
Transcription
1 A Study of E-Commerce Audit 1 Hongming Chen, 2 Ke Zheng 1 College of Economics & Management, Changsha University of Science and Technology, Changsha, China, chmdsh@163.com 2 College of Economics & Management, Changsha University of Science and Technology, Changsha, China, Zhengke00000@126.com Abstract The changes of the environment of ing bring about the changes of content and forms. With the development of e-commerce, the of electronic commerce system is particularly important, and the target, content also has its characteristics. Previous literatures on the of electronic commerce system focus on data-based, mainly on the authenticity, legitimacy and validity of economic business, and those literatures are lack of the research of the of electronic commerce system itself. This paper based on information system carry out an comprehensive analysis of the electronic commerce system and its economic business, which will perfect our work under the electronic commerce environment. Referring to the relative research, on the basis of the goal of the electronic commerce system, this paper synthetically analyses the characteristics and content of E-Commerce. 1. Introduction Key words: E-commerce, Audit Characteristics, Audit Content Electronic business is business activity, based on computer technology, network technology and communication technology [1], to realize electronic, digital and network of the whole business process. As electronic business enterprise development, the changes of the mode of traditional enterprise management inevitably lead to the changes of patterns, as well as the ing environment, the risk, the content and the methods. Thus, ors may no longer only face the difficulties of about its accounting information system, which may bring the ors huge challenges. A number of techniques and practices are no longer ideal or applicable in an E-commence environment, such as traditional paper-based evidence and year-end approach [2] [3]. A lot of literatures [4] [5] suggest that the financial ors are often unable to use the key technologies for the new mode, real-time. At present, we do not take attention on training the ors with specialized IT skills [4] [6] [7]. Over the last decade, the use of information technology in accountancy [8] and the process [9] [10] has been steadily growing. Auditors have been adopted new techniques in order to accommodate the unique features of e-commerce. Some people have focused on the use of computer aided tools [11]. For example, E-commerce security has always been the core and key issue [12] [13], and a lot of modes are proposed to assist ors to assess e-commerce security, such as: AHP, an adaptive secure methodology [14], credit risk comprehensive evaluation method [15], public key encryption methods [16]. While there may be differences between the specific technologies, used by ors, there are sufficient commonalties to group them as Business Risk Audit methodologies [17].However, compared with these ing models based on data-based,the analysis of e-commerce system based on information system have been received very little attention. Literatures mainly concentrate on the framework, the control models and the goals of information system [18] [19] [20] [21], which result in the ors lack of a comprehensive understanding of the e-commerce system. This study set out to explore the of electronic commerce system based on information system, which maybe the most difficult part of e-business. Because the ors need to analyze the function and drawback of e-business system, which is originally the duty of system developers. In this paper,we only presented the goal, characteristics and content of the electronic commerce system. Advances in information Sciences and Service Sciences(AISS) Volume5, Number2, Jan 2013 doi: /AISS.vol5.issue
2 2. The target and characteristics of e-commerce system 2.1.The target of e-commerce system The objectives of E-commerce include two aspects: one is the ees' economic transaction and an operational matter, the other is the electronic commerce system. Of the two, the targets are not the same, both different and complement each other. The first one is to utilize information technology, to the ees' financial statements, relevant information and business activities, and to express an opinion on the financial statements of legality, fairness, consistency, which play a role in supervision and verification and service. The second one is to the ees' information system, including electronic commerce system, in protecting assets security, data integrity and system effectiveness and efficiency, and then to express an opinion. In essence, the economic business mainly uses the computer technology to auxiliary analysis, is closer to the traditional manual. And then the article does not give unnecessary descriptions. In this paper, we only discuss how to the electronic commerce system. 2.2.The characteristics of e-commerce system Electronic data The transaction data and program/system operating data of Electronic-commerce enterprise are stored in the database. To collect the data, the ors must adopt interface technology, and then obtain the analysis data through cleaning and converting the data into a data warehouse. The application of computer-aided technologies (CAATs) Because the e-commerce business and program/system operating data is fully electronic, ors must use computer-aided technologies, otherwise they are unable to get clues to carry out compliance test and substantive test, and also unable to draw any conclusion. At present, the computer-aided technologies can be divided into two classes: system-oriented CAATs and data-oriented CAATs. The former is used for verificating procedure and system, the latter is applied to the analysis of electronic data. The change of risk control People want to know more about what is going to happen tomorrow. The rules of business and the economy are changing [22].With the technological innovations being used as commercial weapons, the growth of risk in e-commerce has been more or less contemporaneous. Many changes tell the ors little about how to identify the new risks,assess them, control them and who is responsible for them. While the traditional is transaction based and the risk management goal is oriented towards compliance,the evolving used in e-commerce is risk based and its risk management goal is to establish a complete system of risk control to caution the risk effectively. At that time, risk control becomes a service and can create value. The key differences between traditional risk control and E-commerce risk control are shown as below: Table 1. Comparison of traditional and E-commerce Risk Control Traditional risk control E-commerce Risk control Risk assessment occurs periodically Risk assessment is a continuous process Accounting, treasury, and internal e-commerce risk identification and control responsible for identifying risks and managing controls management are the responsibility of all members of the organization Fragmentation every function behaves independently Connection Business risk assessment and control are focused and coordinated with senior level over Control is focused on financial risk avoidance Control is focused in the avoidance of unacceptable business risk, followed closely by management of other unavoidable business risks to reduce them to an acceptable level Business risk controls policies, if established, A formal risk controls policy is approved by 414
3 generally do not have the full support of upper management or are inadequately communicated throughout the company Inspected and detect business risk, then react at the source Ineffective people are the primary source of business risk management and board and communicated throughout the company Anticipate and prevent business risk, and monitor business risk controls continuously Ineffective processes are the primary source of business risk Source:KPMG: The innovation of the report content Besides the disclosure of traditional handicraft information, the report of E-commerce system also include: the security of economic transaction information and customer privacy information; ensuring customer private information will not be used for other irrelevant aspects; electronic clearing system and its security; Change especially in the highlight of ing its internal control. Real-time Real-time is an mode, which makes use of computer technology, network and communication technology, establishing real-time connection with the ees' information system, and then obtaining evidence, updating its content, and providing real-time report. In an e-commerce environment, economic transactions are measured and reported on a real-time basis without internal human intervention. And accordingly, the information produced by e-commerce system needs to be ed on a real-time basis. Along with the arrival of the era of e-commerce, the traditional mode having been inevitable changing into the real-time mode. 3. The content of e-commerce system We will divided it into seven aspects :the system development life cycle, system hardware and software resources, system security, system management, internal control ing, e-commerce business, disaster recovery and business continuity plan. Its content and target diagram is shown as below: The content of e-commerce system The system Internal Electronic Disaster developmen hardware security managem control commerce recovery t lifecycle and ent ing business and software business resources continuity plan Protecting Data integrity assets effectiveness efficiency Audit conclusion Figure 1. The content of e-commerce system 415
4 3.1. The system development life cycle The system life cycle is the process of setting up a computer system, which is built up by system analyst, software engineer, Programmer and users. The of the systems life cycle can be divided into five parts: 1 planning stage : whether to adopt reasonable system programming method (critical success factor method, strategy set transformation method, business system planning, etc.); whether or not take feasibility analysis; whether have enough fund, technician to support the development of information system. 2The system development phase : to make sure the development process is in compliance with the established policies and to get relevant examination and approval; to confirm the system development files is existed, accurate and complete; to confirm whether to implement total quality control during this time; 3 acceptance stage : whether to conduct a comprehensive test, and achieve system planning standards; system development or purchase cost is reasonable. 4 The system operation stage : determine the system function is perfect, effective; whether those systems receive timely maintenance. 5 maintenance phase : to affirm whether the enterprise exist and carry out the maintenance plan; whether the staff change system settings on key issues without permission during maintenance; whether to take some necessary protections and restoration measures, such as creating Protection point, data backups, etc.; to determine whether to take a full test to ensure the system function integrity and data accuracy after maintenance; whether there are system maintenance records, including maintenance scope, backup dates and the relevant responsible persons hardware and software resources The goal: to confirm the authenticity,integrity and legality of the ees software and hardware; whether the hardware and software resources can meet the needs of e-commerce business; whether those software and hardware resources be up to national laws and regulations, such as Financial information technology accounting software data interface drafted China Auditing Administration, organized and actualized by China National Standards Committee security 1Network data security Network data security consists of the network data security technology and its safety management. The or can usually it from the following several aspects: network anti-virus technology and its realization ways (antivirus technology, monitoring virus technology, network killing virus technique), firewall technology, data encryption technology, the authentication technology (digital signature technology, the identification technology, digital digest, digital certificate, etc.) and authorization and the implementation of those technologies; analyze the security log; review the implementation of relevant laws and regulations, such as the safety protection regulations of computer information system. 2Network access control The network access control consists of authority control and user authentication. Authority control check mainly on whether there are authority when customer access resources nodes and user nodes. Resource nodes provide service or data, user nodes access resources services provided by the resource nodes. For example, if the customers access to electronic business system, who can only check some resources data (products name, price, quantity) under authorization, but cannot visit the data(purchase price, inventories amount, pricing strategy, etc.) without authorization. The method of user authentication can be divided into general user/password authentication, token authentication, the biological characteristics of the authentication, etc., and the former two methods are widely used of. The content of user authentication: these kinds of the authentication method and their implementation. 416
5 3.4. management The electronic commerce system management can be divided into three aspects:system monitoring, system configuration and system operation management; event correlation and automation processing; business impact management. The goal is to guarantee the performance of the system and its usability; guarantee the integrity of data and other information resources; system security. The content is: 1The system monitoring, system configuration and system operation management; whether to register and update the hardware and software; whether to schedule and apply job sequencing and job plan, etc. 2The event correlation and automation processing: overall analysis different reasons leading to error report, these reasons may be from network, server system, database or application logic; find the root causes and do corresponding disposal, such as giving a alarm or starting a engine procedures, etc. 3Business impact management is a system management, which can guarantee the business service at a high level, and will connect the business system performance with all the possible influencing factors, which will help the user find the change of the performance and the reason of these changes. The contents of the business impact management in e-commerce system are as follows: the overall security customer privacy information, which means enterprises do not share customer information with a third party without authorization and protect customer information from leakage; whether there are security mechanism to ensure 24 x7 hour of continuous service; whether there is a control mechanism of maximum response time, such as no more than 3 seconds, etc Internal control Internal control ing includes two aspects: the of general control and the of application control. The of general control mainly concentrates on internal control environment, including the management concept of the e-commerce system, organizational culture and staff s loyalty and the sense of belonging, the information system structure and the rationality of the division of responsibilities, human resources policies. Application control focuses on effectiveness, legality and propriety of control activities, mainly including authorization, separation of incompatible duties, accounts being consistent with the fact, the necessary risk control activities and its countermeasures. Additionally, the or should check the risk of data processing in internal control activities. Namely, check the accuracy, integrity and security of the data, and goes as follows: 1 The system and program can t correctly deal with data, process the incorrect data or two circumstances coexist; 2 Whether there is unauthorized access to data, it may lead to modifying or even damaging the data. 3 Whether there is unauthorized access phenomenon, which may damage original labor division in the e-commerce system. 4 Without authorization, change the main document data. 5 Without authorization, the adaptation of system or program. 6Cannot do the necessary configuration or modify to programs. 7 Inappropriate human intervention. 8 May lost data or unable to access data E-commerce business At present, there are many types of e-commerce, but most of them can be classified by distribution channels into two kinds: online direct trading platform (such as JingDong mall) and online indirect trading platform (such as Alibaba). Although the business process is not the same, both of them include three core parts: emotion communication, capital delivery, commodity distribution. So, we don t distinguish commodities trading process in the e-commerce business. In order to ensure the authenticity, reliability and integrity of the trading information, ors have to the following information: 417
6 1 The basic information of commodities, including name, price, performance, etc. 2 The commodity trading information, such as the delivery time, distance, payment terms, the return policy, etc. 3 After-sales service and related technical support, such as warranty time, three packets of policy, etc. 4 The related process risk and processing procedures, such as delivery errors, lost and legal dispute processing scheme, etc. 5The customer rights and obligations. To ensure that the above information is, the or needs to make the following work: 1 The customer electronic contract situation test: check every transaction or service accuracy, integrity, authenticity, after the deal to reconfirm. 2 Payment system test: before the payment by electronic bill, review sales price and all related expenses; according to the electronic bill,carry out the liquidation; if the staff make mistakes in electronic bill, whether the man in charge inform the customer timely or not. 3 The goods distribution test: goods are distribution in the right place at the right time, with good quantity; whether the enterprise promptly notify the customer, and take remedial measures when they meet some special circumstances. 4 The client id information and transaction records test: confirm whether there are customer id information and transaction records preservation measures, including the integrity, accuracy and authenticity of those records; test the implementation and execution of those management. 5 Supervision test: trade authenticity is effectively monitoring; if the enterprise fails to carry out control measures, they shall promptly issue a public notice and take remedial measures Disaster recovery and business continuity plan Disaster recovery and business continuity plan is a plan, which can prevent business behavior from interruption in the case of natural or man-made disasters. The main content of the test is: whether this plan has feasibility and validity or not. Confirm the related resources (hardware and software) would have been backup and evaluate its safety; whether the test results meet the expected requirements or not. 4. Conclusion At present, the research on information system in our country is still in the primary stage, although our country issued a series of computer information system standards,such as in computer environment, risk assessment and internal control computer information system environment characteristics and consideration, computer information system environment database system, computer aided ing technique, those standards are lack of systematic,structural understanding and lack of necessary guide; information system in different industry also has its own characteristics. This paper uses systematic and structural method, analyses the content of electronic commerce system. This paper has certain limitation, such as no combined the content with specific technology to design the procedures. To improve the work of electronic commerce in China, on the one hand, we can draw lessons from the United States, Canada and other western developed countries to develop independent electronic business standards, continue to enrich ing standards of e-commerce system in China; On the one hand, we should culture ors with computer aided ing skills, and promote the application of corresponding computer aided ing techniques. 5. References [1] Kotb A, Roberts C, "The impact of e-business on the process: an investigation of the factors leading to change", International Journal of Auditing, Vol.15, pp ,
7 [2] Shaikh J. "E-commerce impact: emerging technology electronic ing", Managerial Auditing Journal,Vol.20, pp ,2005. [3] Chou C, Chang J, "Continuous ing for web-released financial information", Review of Accounting and Finance, Vol.9, pp.4 32, [4] Pathak J, Lind M, "Empirical assessment of effective e-commerce judgment", [accessed ], [5] Brazel J, "How do financial statement ors and IT ors work together? ", The CPA Journal, Vol.78, pp.38-41, [6] Bedard J, Chi M, "Expertise in ing. Auditing", A Journal of Practice & Theory, Vol.12, pp.21-45, [7] Coe M, "Integrating IT into the AIS course", Review of Business Information s, Vol.10, pp , [8] Caglio A, "Enterprise resource planning systems and accountants: towards hybridization?" European Accounting Review, Vol.12, pp , [9] Shaikh J., "E-commerce impact: emerging technology electronic ing", Managerial Auditing Journal,Vol.20,pp ,2005. [10] KPMG, "Continuous ing and monitoring: are promised benefits now being realised?" London:KPMG, [11] Bierstaker J, Burnaby P, Thibodeau J, "The impact of information technology on the process: an assessment of the state of the art and implications for the future", Managerial Auditing Journal, Vol.16, pp , [12] Gerber, M., Vonsolms, R.,"From risk analysis to security requirements, Computers and Security, Vol.20, pp ,2001. [13] Ngai, E., "Selection of web sites for online advertising using the AHP tools ", Information and Management, Vol.40, pp , [14] Tak, S. W., Park, E. K.,"A software framework for non-repudiation service based on adaptive secure methodology in electronic commerce, Information s Frontiers, Vol.6, pp.47-66, [15] Kun Fan, "Credit risk comprehensive method for online trading company", AISS: Advances in Information Sciences and Service Sciences, Vol.4, No.6, pp , [16] Ma Jun, "Research of electronic business security based on public key encryption methods", IJACT: international journal of advancements in computing technology, Vol.4, No.2, pp.50-57, [17] Winograd, B. N., Gerson, J. S., Berlin, B. L.,"Audit practices of Price waterhouse Coopers" Auditing,A Journal of Practice and Theory, Vol.19, No.3, pp , [18] He XiaoLing, "A study of information system and its control framework", Shanghai Management Science, Vol.4, No.12, pp.41-43, [19] Wang ZhenWu, Zhang ZiJin, "Information system theory structure research", Friends of Accounting, Vol.7, No21, pp.91-96,2011. [20] Wu QinHong, "The analysis of information system s content", Finance and Accounting Monthly, Vol.10, No.2, pp.62-63,2008. [21] Lai MingMin, YanShuJi,"Computer information system criterion comparative study", journal of accounting communications, Vol.4, No.6, pp.47-49, [22] Elliott, R. K., Rasmussen, T. A., Rucker, S. C., Strange, J. T., &Williamson, A. L., "The Wnancial statement : why a new age requires an evolving methodology" Assurance and Advisory Services USA:KPMG LLP,
Certified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationOn-line Payment and Security of E-commerce
ISBN 978-952-5726-00-8 (Print), 978-952-5726-01-5 (CD-ROM) Proceedings of the 2009 International Symposium on Web Information Systems and Applications (WISA 09) Nanchang, P. R. China, May 22-24, 2009,
More informationExploration on Security System Structure of Smart Campus Based on Cloud Computing. Wei Zhou
3rd International Conference on Science and Social Research (ICSSR 2014) Exploration on Security System Structure of Smart Campus Based on Cloud Computing Wei Zhou Information Center, Shanghai University
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationE-business Management System Based on Coordinated Center for Dealer
The Fourth International Conference on Electronic Business (ICEB2004) / Beijing 533 E-business Based on Coordinated Center for Dealer Ding Zhang 1, Jingwen An 1, Zhongqing Cheng 2 1 School of Management,
More informationInformation Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus
Information Technology Engineers Examination Information Security Specialist Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination
More informationResearch of Enterprise Accounting Information System Internal Control Based on ERP. Huiyin Zheng
International Conference on Management Science, Education Technology, Arts, Social Science and Economics (MSETASSE 2015) Research of Enterprise Accounting Information System Internal Control Based on ERP
More informationResearch on Operation Management under the Environment of Cloud Computing Data Center
, pp.185-192 http://dx.doi.org/10.14257/ijdta.2015.8.2.17 Research on Operation Management under the Environment of Cloud Computing Data Center Wei Bai and Wenli Geng Computer and information engineering
More informationAnalysis on the Electronic Business Enterprise Supply Chain Management Optimization. Ningning Pan
International Conference on Management Science, Education Technology, Arts, Social Science and Economics (MSETASSE 2015) Analysis on the Electronic Business Enterprise Supply Chain Management Optimization
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationGeneral Computer Controls
1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems
More information---Information Technology (IT) Specialist (GS-2210) IT Security Competency Model---
---Information Technology (IT) Specialist (GS-2210) IT Security Model--- TECHNICAL COMPETENCIES Computer Forensics Knowledge of tools and techniques pertaining to legal evidence used in the analysis of
More informationAn Introduction to HIPAA and how it relates to docstar
Disclaimer An Introduction to HIPAA and how it relates to docstar This document is provided by docstar to our partners and customers in an attempt to answer some of the questions and clear up some of the
More informationManagement Standards for Information Security Measures for the Central Government Computer Systems
Management Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 1.1 General...
More informationINFORMATION TECHNOLOGY MANAGEMENT CONTENTS. CHAPTER C RISKS 357-7 8. Risk Assessment 357-7
Information Technology Management Page 357-1 INFORMATION TECHNOLOGY MANAGEMENT CONTENTS CHAPTER A GENERAL 357-3 1. Introduction 357-3 2. Applicability 357-3 CHAPTER B SUPERVISION AND MANAGEMENT 357-4 3.
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationINFORMATION TECHNOLOGY CONTROLS
CHAPTER 14 INFORMATION TECHNOLOGY CONTROLS SCOPE This chapter addresses requirements common to all financial accounting systems and is not limited to the statewide financial accounting system, ENCOMPASS,
More informationChapter 7 Information System Security and Control
Chapter 7 Information System Security and Control Essay Questions: 1. Hackers and their companion viruses are an increasing problem, especially on the Internet. What can a digital company do to protect
More informationRemote Deposit Terms of Use and Procedures
Remote Deposit Terms of Use and Procedures Use of American National Bank Fox Cities (Bank) Remote Deposit service is subject to the following Terms of Use and Procedures. Bank reserves the right to update
More informationDecision on adequate information system management. (Official Gazette 37/2010)
Decision on adequate information system management (Official Gazette 37/2010) Pursuant to Article 161, paragraph (1), item (3) of the Credit Institutions Act (Official Gazette 117/2008, 74/2009 and 153/2009)
More informationChapter 8: Security Measures Test your knowledge
Security Equipment Chapter 8: Security Measures Test your knowledge 1. How does biometric security differ from using password security? Biometric security is the use of human physical characteristics (such
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationManagement Standards for Information Security Measures for the Central Government Computer Systems
Management Standards for Information Security Measures for the Central Government Computer Systems April 26, 2012 Established by the Information Security Policy Council Table of Contents Chapter 1.1 General...
More informationChallenges of Integrating Data. Driving Factors A Systems Development Lifecycle Primer Data Security Considerations Integration Approach Questions
Challenges of Integrating Data Driving Factors A Systems Development Lifecycle Primer Data Security Considerations Integration Approach Questions Page 1 Driving Factors Integration of significant disparate
More informationInformation Technology Engineers Examination. Systems Auditor Examination. (Level 4) Syllabus
Information Technology Engineers Examination Systems Auditor Examination (Level 4) Syllabus Details of Knowledge and Skills Required for the Information Technology Engineers Examination Version 2.0 May
More informationOracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0
Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies
More informationPATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationDevelopment of a Kind of Mine Staff Management System
Advanced Engineering Forum Online: 2011-12-22 ISSN: 2234-991X, Vols. 2-3, pp 779-784 doi:10.4028/www.scientific.net/aef.2-3.779 2012 Trans Tech Publications, Switzerland Development of a Kind of Mine Staff
More informationSRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective for all the audits commencing on or after 01 April 2010) CONTENTS
More informationINTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge
More informationDesign and Implementation of Production Management Information System for Jiujiang Railway Track Depot
Management Information System for Jiujiang Railway Track Depot 1 Information Technology Center Jiujiang University Jiujiang, Jiangxi, 332005, China E-mail: rcl@jju.edu.cn Upon analyzing the actual situation
More informationIT - General Controls Questionnaire
IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow
More informationby: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy
Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy June 10, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationModern Accounting Information System Security (AISS) Research Based on IT Technology
, pp.163-170 http://dx.doi.org/10.14257/astl.2016. Modern Accounting Information System Security (AISS) Research Based on IT Technology Jiamin Fang and Liqing Shu Accounting Branch, Jilin Business and
More informationPRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationKnowledge Management Series. Internal Audit in ERP Environment
Knowledge Management Series Internal Audit in ERP Environment G BALU ASSOCIATES Knowledge Management Series ISSUE-5 ; VOL 1 Internal Audit in ERP Environment APRIL/2012 Editorial Greetings..!!! Raja Gopalan.B
More informationPREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD
SERVICE SUMMARY ITonDemand provides four levels of service to choose from to meet our clients range of needs. Plans can also be customized according to more specific environment needs. PREMIER SUPPORT
More informationSecurity from a customer s perspective. Halogen s approach to security
September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving
More informationOffice of the State Controller. Self-Assessment of Internal Controls. Computer Security Cycle. Objectives and Risks
Office of the State Controller Self-Assessment of Internal Controls Computer Security Cycle Objectives and Risks Agency Year-End Objectives Risks Definition and communication of organizational structure,
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationCHIS, Inc. Privacy General Guidelines
CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationWHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery
WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights
More informationSecure System Solution and Security Technology
Secure System Solution and Security Technology Hitachi Review Vol. 47 (1998), No. 6 245 Chisato Konno, D.Sc. Mitsuhiro Tsunoda Yasushi Kuba Satoru Tezuka OVERVIEW: The and intranet systems are rapidly
More informationDAIDS Appendix 2 No.: DWD-POL-DM-01.00A2. Data Management Requirements for Central Data Management Facilities
DAIDS Appendix 2 No.: DWD-POL-DM-01.00A2 Data Management Requirements for Central Data Management Facilities The following clinical trial data management requirements must be met in order to ensure the
More informationJournal of Chemical and Pharmaceutical Research, 2015, 7(3):1388-1392. Research Article. E-commerce recommendation system on cloud computing
Available online www.jocpr.com Journal of Chemical and Pharmaceutical Research, 2015, 7(3):1388-1392 Research Article ISSN : 0975-7384 CODEN(USA) : JCPRC5 E-commerce recommendation system on cloud computing
More informationPDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]
PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name] [Date] [Location] 1 Prepared by: [Author] [Title] Date Approved by: [Name] [Title] Date 2
More informationA Study on the Internal Control of Accounting Information Processing System under the Computer Environment
A Study on the Internal Control of Accounting Information Processing System under the Computer Environment 1 Hongxia Zhang, 2 Changqing Guo, 3 Qian Sun 1 Jilin University of Finance and Economics, Changchun,
More informationEVALUATION REPORT. Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review. March 13, 2015 REPORT NUMBER 15-07
EVALUATION REPORT Weaknesses Identified During the FY 2014 Federal Information Security Management Act Review March 13, 2015 REPORT NUMBER 15-07 EXECUTIVE SUMMARY Weaknesses Identified During the FY 2014
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationWHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery
WHITE PAPER HIPPA Compliance and Secure Online Data Backup and Disaster Recovery January 2006 HIPAA Compliance and the IT Portfolio Online Backup Service Introduction October 2004 In 1996, Congress passed
More informationWEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY
WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY DATA LABEL: PUBLIC INFORMATION SECURITY POLICY CONTENTS 1. INTRODUCTION... 3 2. MAIN OBJECTIVES... 3 3. LEGISLATION... 4 4. SCOPE... 4 5. STANDARDS... 4
More informationStandards for Information Security Measures for the Central Government Computer Systems (Fourth Edition)
Standards for Information Security Measures for the Central Government Computer Systems (Fourth Edition) February 3, 2009 Established by the Information Security Policy Council Table of Contents Standards
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationTable of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.
Table of Contents PART I. IS Audit Process. CHAPTER 1. Technology and Audit. Technology and Audit. Batch and On-Line Systems. CHAPTER 2. IS Audit Function Knowledge. Information Systems Auditing. What
More informationSmart Meters Programme Schedule 8.6. (Business Continuity and Disaster Recovery Plan) (CSP North version)
Smart Meters Programme Schedule 8.6 (Business Continuity and Disaster Recovery Plan) (CSP North version) Schedule 8.6 (Business Continuity and Disaster Recovery Plan) (CSP North version) Amendment History
More informationAnalysis of Small and Medium-Sized Enterprises E-Commerce Development Status in China in the New Economy Era
Cross-Cultural Communication Vol. 11, No. 2, 2015, pp. 97-101 DOI: 10.3968/6559 ISSN 1712-8358[Print] ISSN 1923-6700[Online] www.cscanada.net www.cscanada.org Analysis of Small and Medium-Sized Enterprises
More informationVA Office of Inspector General
VA Office of Inspector General OFFICE OF AUDITS & EVALUATIONS Department of Veterans Affairs Federal Information Security Management Act Audit for Fiscal Year 2013 May 29, 2014 13-01391-72 ACRONYMS AND
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationAn Oracle White Paper December 2010. Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance
An Oracle White Paper December 2010 Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance Executive Overview... 1 Health Information Portability and Accountability Act Security
More informationSERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less
SERVICE SUMMARY ITonDemand provides four levels of service to choose from to meet our clients range of needs. Plans can also be customized according to more specific environment needs. SERVICES BRONZE
More informationSpecific observations and recommendations that were discussed with campus management are presented in detail below.
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY California State University, San Bernardino Audit Report 14-55 March 18, 2015 EXECUTIVE SUMMARY OBJECTIVE
More informationAdvisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management
Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management
More informationSupplier Information Security Addendum for GE Restricted Data
Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,
More informationSUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)
UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This
More informationThe first step in protecting Critical Cyber Assets is identifying them. CIP-002 focuses on this identification process.
CIPS Overview Introduction The reliability of the energy grid depends not only on physical assets, but cyber assets. The North American Electric Reliability Corporation (NERC) realized that, along with
More informationSample Career Ladder/Lattice for Information Technology
Click on a job title to see examples of descriptive information about the job. Click on a link between job titles to see the critical development experiences needed to move to that job on the pathway.
More informationA Technical Template for HIPAA Security Compliance
A Technical Template for HIPAA Security Compliance Peter J. Haigh, FHIMSS peter.haigh@verizon.com Thomas Welch, CISSP, CPP twelch@sendsecure.com Reproduction of this material is permitted, with attribution,
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationRAYSAFE S1 SECURITY WHITEPAPER VERSION B. RaySafe S1 SECURITY WHITEPAPER
RaySafe S1 SECURITY WHITEPAPER Contents 1. INTRODUCTION 2 ARCHITECTURE OVERVIEW 2.1 Structure 3 SECURITY ASPECTS 3.1 Security Aspects for RaySafe S1 Data Collector 3.2 Security Aspects for RaySafe S1 cloud-based
More informationLifecycle Solutions & Services. Managed Industrial Cyber Security Services
Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements
More informationINTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS
Issues Paper INTERNATIONAL ASSOCIATION OF INSURANCE SUPERVISORS RISKS TO INSURERS POSED BY ELECTRONIC COMMERCE OCTOBER 2002 Risks to Insurers posed by Electronic Commerce The expansion of electronic commerce,
More informationSupplier IT Security Guide
Revision Date: 28 November 2012 TABLE OF CONTENT 1. INTRODUCTION... 3 2. PURPOSE... 3 3. GENERAL ACCESS REQUIREMENTS... 3 4. SECURITY RULES FOR SUPPLIER WORKPLACES AT AN INFINEON LOCATION... 3 5. DATA
More informationGOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS
GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS A White Paper by i2c, Inc. 1300 Island Drive Suite 105 Redwood City, CA 94065 USA +1 650-593-5400 sales@i2cinc.com www.i2cinc.com Table of
More informationDraft ETSI EN 319 401 V1.1.1 (2012-03)
Draft EN 319 401 V1.1.1 (2012-03) European Standard Electronic Signatures and Infrastructures (ESI); General Policy Requirements for Trust Service Providers supporting Electronic Signatures 2 Draft EN
More informationEHRs and Information Availability: Are You At Risk?
May 2006 Issue EHRs and Information Availability: Are You At Risk? The EHR initiative is changing the face of disaster and the nature of prevention planning. By Jim Grogan On April 27, 2004, the age of
More informationOfficial Journal of RS, No. 86/2006 of 11. 08. 2006 REGULATION
Official Journal of RS, No. 86/2006 of 11. 08. 2006 Pursuant to Articles 10, 23, 36, 40, 43, 47, 53, 54, 63, 71, 72, 73, 74, 88 and 91 of the Protection of Documents and Archives and Archival Institutions
More informationINTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT CONTENTS
INTERNATIONAL STANDARD ON AUDITING 401 AUDITING IN A COMPUTER INFORMATION SYSTEMS ENVIRONMENT (This Standard is effective, but will be withdrawn when ISA 315 and 330 become effective) * CONTENTS Paragraph
More information3.11 System Administration
3.11 The functional area is intended to contribute to the overall flexibility, efficiency, and security required for operating and maintaining the system. Depending on the architecture of the system, system
More informationUnified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES
Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance
More informationNationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011
Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8
More informationInformation Technology General Controls (ITGCs) 101
Information Technology General Controls (ITGCs) 101 Presented by Sugako Amasaki (Principal Auditor) University of California, San Francisco December 3, 2015 Internal Audit Webinar Series Webinar Agenda
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More informationE-commerce for accounting professionals Part 3: Opportunity knocks
E-commerce for accounting professionals Part 3: Opportunity knocks By ROBIN DAY, CGA Opportunity knocks E-business transformations Risk management Assurance services New competencies Summary This document
More informationBKDconnect Security Overview
BKDconnect Security Overview 1 Introduction 1.1 What is BKDconnect 1.2 Site Creation 1.3 Client Authentication and Access 2 Security Design 2.1 Confidentiality 2.1.1 Least Privilege and Role Based Security
More informationPolish Financial Supervision Authority. Guidelines
Polish Financial Supervision Authority Guidelines on the Management of Information Technology and ICT Environment Security for Insurance and Reinsurance Undertakings Warsaw, 16 December 2014 Table of Contents
More informationInformation Systems and Tech (IST)
California State University, San Bernardino 1 Information Systems and Tech (IST) Courses IST 101. Introduction to Information Technology. 4 Introduction to information technology concepts and skills. Survey
More informationOne Continuous Auditing Practice in China: Data-oriented Online Auditing(DOOA)
One Continuous Auditing Practice in China: Data-oriented Online Auditing(DOOA) Wei Chen, Jin-cheng Zhang, and Yu-quan Jiang Nanjing Audit University, Nanjing, Jiangsu 210029, China chenweich@nau.edu.cn
More informationWhat s happening in the area of E-security for the Financial Transactions in China
What s happening in the area of E-security for the Financial Transactions in China Dr. Wang Jun Head of E-banking Division, Bank of China Sep. 26, 2002 A Tremendous Potential E-financing Market is is coming
More informationSCADA Compliance Tools For NERC-CIP. The Right Tools for Bringing Your Organization in Line with the Latest Standards
SCADA Compliance Tools For NERC-CIP The Right Tools for Bringing Your Organization in Line with the Latest Standards OVERVIEW Electrical utilities are responsible for defining critical cyber assets which
More informationE-Business, E-Commerce
E-Business, E-Commerce Lecture Outline 11 Instructor: Kevin Robertson Introduction to Information Systems Explain the differences between extranets and intranets as well as show how organizations utilize
More informationBSM for IT Governance, Risk and Compliance: NERC CIP
BSM for IT Governance, Risk and Compliance: NERC CIP Addressing NERC CIP Security Program Requirements SOLUTION WHITE PAPER Table of Contents INTRODUCTION...................................................
More informationCHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS
11-1 CHAPTER 11 COMPUTER SYSTEMS INFORMATION TECHNOLOGY SERVICES CONTROLS INTRODUCTION The State Board of Accounts, in accordance with State statutes and the Statements on Auditing Standards Numbers 78
More informationDraft Information Technology Policy
Draft Information Technology Policy Version 3.0 Draft Date June 2014 Status Draft Approved By: Table of Contents 1.0 Introduction... 6 Background... 6 Purpose... 6 Scope... 6 Legal Framework... 6 2.0 Software
More informationResearch on Latecomer Strategy of Internet Business Model Innovation
Research on Latecomer Strategy of Internet Business Model Innovation Jiao Gao, Zhaoyang Sun, Xiaofei Zhang, Jinxing Liu 1 1 Introduction Business mode innovation is the foundation of enterprises survival
More information