Unit 2

1
Unit 2

• Role of Third Parties

2
AICPA Principles of the Code of Professional
Conduct

• American Institute of Certified Public
  Accountants requires
• Integrity
• Due care, objectivity and independence so that
  the public derives trust from their opinions
• Objectivity
• Impartial, intelligent, honest, free of
  conflict-to-interests state of mind that lends
  value
• Independence
• No interest in the clients firm

3
What are Accountants Competitive Advantages

• Access to existing client relationships
• Reputation for independence and objectivity
• Familiarity with controls for the financial
  reporting system
• Extensive experience in
• Evaluation Evidence
• Planning statistically sound validation processes
  as function of the effectiveness of the systems
  of internal controls
• Reporting to Third Parties

4
CPA Vision Project

• CPA Vision Project Core Services
• Assurance and Information Integrity
• AICPA Top Technologies
• Security and Encryption
• XML
• Communications Technologies
• Mobile, wireless and remote connectivity
• Electronic authentication and authorization
• Database

5
Major concerns of consumers and business partners

• See Figure 4-12

6
Assurance Services

• Business Policies
• Shipping
• Billing
• Payment Handling
• Returns
• Integrity Assurance
• Transaction Elements
• Processing and Storage Elements
• Orders are processed according to stated policy
• No Lost Orders
• Accurate and timely transaction and account
  information

7
Assurance Services

• Security Assurance
• Authentication
• Protection
• Privacy of Data
• What is collected?
• How will it be used?
• Do customers have access?
• Is the privacy policy followed?
• Systems Reliability
• Server Reliability
• Information Reliability

8
Web Site Assurance Seal Options
9
Better Business Bureau Online

• Private Non-Profit with a focus on voluntary
  self-regulation with regards to business
  policies, practices advertising ethics, etc
• Membership f(low customer complaints)
• Three Seals Reliability, Privacy, and Kids
  Privacy

10
Better Business Bureau Online

• Privacy Seal involves verification that Website
  posts explanation of and protects information
  collection, uses, and choices available to the
  customer agrees to an independent audit, and
  participation in the dispute resolution service
• Kids Privacy Seal involves verification of
  parental consent, warnings and explanation, and
  restrictions on data collection, hyper-linking
  and sending email
• Reliability Seal requires
• a commitment to high levels of ethical business
  practices.
• In business for more than a year.
• Satisfactory record with the BBB.
• Commits to dispute resolution

11
Web Site Assurance Seal Options

• Private Non-Profit (Electronic Frontier
  Foundation)
• Focus on Privacy Policies
• (what, why, when, and choices available to
  customers, security utilized, etc.)
• Membership involves posting and easily available
  privacy policy, minimizing customer complaints,
  and agreeing to compliance reviews
• Different rules for children under 13 years

12
Web Site Assurance Seal Options

• Private For-Profit
• Security focus utilizing digital certificates
• Transmitting with encryption, and
• Authenticating message source/destinations.
• Three Classes of Certificates
• Class 3 confirms business name, address,
  telephone numbers, domain name, and any other
  industry-deemed information

13
Web Site Assurance Seal Options

• Private For-Profit
• Weekly ratings of e-business on 10 dimensions
• Monitors at point of sale and after delivery date
• Ease of ordering, product selection and
  information, price, website navigation and looks,
  shipping and handling, on-time delivery, product
  representation, level and quality of customer
  support, and privacy policy
• Provides company profiles
• Ordering, delivery and payments methods, special
  features, and whether/not Veri-Sign is utilized

14
Web Site Assurance Seal Options

• On-line privacy
• Confidentiality Principles
• Security
• Business Practices / Transaction Integrity
• Availability
• Non-repudiation
• Webtrust for Certification Authorities
• Webtrust for Third Party Service Providers

15
Web Site Assurance Seal Options

• On-Line Privacy The enterprise ensure that
  personally identifiable information obtained as a
  result of electronic commerce is protected as
  stated in its on-line privacy statement.
• Information on the sources of private information
  being collected
• How that information will be used and
  distributed, as well as corrected when necessary
• How cookies are used
• How customers can opt out of transactions

16
Web Site Assurance Seal Options

• Confidentiality Appropriate controls to assure
• The security surrounding transmission, collection
  and distribution of confidential information is
  adequate
• Proper procedures for confidentiality breaches
• Choices provided to customers, including opting
  out
• Safeguards on transmission to unintended
  recipients and against unauthorized access
• Secure storage of back-up mediums

17
Web Site Assurance Seal Options

• Security The enterprise ensures that access to
  the electronic commerce system and data is
  restricted only to authorized individuals in
  conformity with its disclosed security policies.
• The existence of a functioning disaster recovery
  plan
• Procedures to handle security breaches
• Use of proper encryption technology
• The use of routine system backups

18
Web Site Assurance Seal Options

• Business Practices and Transaction Integrity The
  enterprises electronic commerce transactions are
  processed completely, accurately, and in
  conformity with its disclosed business practices
• Assurance that services are provided to customers
  as requested
• Timeframe for transaction, payment and delivery
  terms
• How to cancel orders or receive customer service
• Information on the condition of goods

19
Web Site Assurance Seal Options

• Availability. The enterprise ensures that
  e-commerce systems and data are available as
  disclosed
• Availability policies conform with legal,
  contractual and other requirements
• Procedures to handle availability problems and
  security incidents
• Assurance that hardware and software have been
  properly tested and maintained
• Access Terms and Conditions communicated
• A functioning disaster recovery plan

20
Web Site Assurance Seal Options

• Non-repudiation The enterprise ensures that the
  authentication and integrity of transactions and
  messages received electronically are provable to
  third parties in conformity with its disclosed
  non-repudiation practices
• Controls to record another partys assent to an
  online transaction
• Establishment of who is liable for loss at
  different stages of the transaction process.
• Procedures to Authenticate users
• Safeguards against unauthorized users

21
Web Site Assurance Seal Options
22
Figure 4-18