E-Business - PowerPoint PPT Presentation

1 / 21
About This Presentation
Title:

E-Business

Description:

E-Business E-Commerce A method of buying and selling products and services electronically. Or E-commerce is the automation of the business process between buyers and ... – PowerPoint PPT presentation

Number of Views:56
Avg rating:3.0/5.0
Slides: 22
Provided by: Facu240
Category:

less

Transcript and Presenter's Notes

Title: E-Business


1
E-Business
2
E-Commerce
  • A method of buying and selling products and
    services electronically. Or E-commerce is the
    automation of the business process between buyers
    and sellers.
  • The main methods of e-commerce remain the
    Internet and the World Wide Web, but use of
    email, fax, and telephone orders are also
    prevalent.
  • So commerce is, quite simply, the exchange of
    goods and services, usually for money.

3
Elements of e-commerce
  • A product
  • A place to sell the product - in the e-commerce
    case a web site displays the products in some way
    and acts as the place
  • A way to get people to come to your web site
  • A way to accept orders - normally an on-line form
    of some sort
  • A way to accept money - normally a merchant
    account handling credit card payments. This piece
    requires a secure ordering page and a connection
    to a bank. Or you may use more traditional
    billing techniques either on-line or through the
    mail.
  • A fulfillment facility to ship products to
    customers (often outsource-able). In the case of
    software and information, however, fulfillment
    can occur over the Web through a file download
    mechanism.
  • A way to accept returns
  • A way to handle warrantee claims if necessary
  • A way to provide customer service (often through
    email, on-line forms, on-line knowledge bases and
    FAQs, etc.)

4
The disadvantages of e-commerce
  • Getting traffic to come to your web site
  • Getting traffic to return to your web site a
    second time
  • Differentiating yourself from the competition
  • Getting people to buy something from your web
    site. Having people look at your site is one
    thing. Getting them to actually type in their
    credit card numbers is another.
  • Integrating an e-commerce web site with existing
    business data (if applicable)
  • Confidentiality of data
  • Integrity of data
  • Availability of Internet
  • Power shift to customers

5
E-commerce Audit and Control Issues (Best
Practices)
  • When reviewing the adequacy of contracts in
    e-commerce applications, audit and control
    professionals should assess applicable use of the
    following items
  • A set of security mechanisms and procedures that,
    taken together, constitute a security
    architecture for e-commerce (e.g. Internet
    firewalls, PKI. encryption, certificates and
    password management)
  • A process whereby participants in an e-commerce
    transaction can be identified uniquely and
    positively (e.g., process of using some
    combination of public and private key encryption
    and certifying key pairs)
  • Digital signatures, so the initiator of an
    e-commerce transaction can be uniquely associated
    with it.
  • The procedures in place to control changes to an
    e-commerce presence
  • Logs of e-commerce applications, which should be
    monitored by responsible personnel.
  • The methods and procedures to recognize security
    breaches when they occur (network and host based
    intrusion detection systems)
  • The protections in place to ensure that data
    collected about individuals are not disclosed
    without their consent nor used for purposes other
    than that for which they are collected

6
E-commerce Audit and Control Issues (Best
Practices)
  • The mechanisms to protect e-commerces presence
    and their supporting private networks from
    computer viruses and to prevent them from
    propagating viruses to customers and vendors
  • The features within the e-commerce architecture
    to keep all components from failing and allow
    them to repair themselves, if they should fail
    (single point of failure and built in resilience.
  • A plan and procedure to continue e-commerce
    activities in the event of an extended outage of
    required resources for normal processing
  • A commonly understood set of practices and
    procedures to define managements intentions for
    the security of e-commerce
  • A shared responsibility within an organization
    for e-commerce security
  • Communications from vendors to customers about
    the level of security in an e-commerce
    architecture
  • A regular program of audit and assessment of the
    security of e-commerce environments and
    applications to provide assurance that controls
    are present and effective

7
Payment Mechanism in e-Commerce
  • Credit Cards
  • Credit is money made available to you by a bank
    or other financial institution, like a loan.
  • Debit Card/Stored Value Card/Digital Cash/Cheque
    Card/Prepaid Card
  • A credit card is a way to pay later a debit
    card is a way to pay now. When you use a debit
    card, your money is quickly deducted from your
    checking or savings account.
  • Electronic Fund Transfers (EFT)
  • Using electronic fund transfers (EFT), people can
    pay for goods and services by having funds
    transferred from various accounts electronically,
    using computer technology. One of the most
    visible demonstrations of EFT is the ATM, the
    automated teller machine that people use to
    obtain cash quickly.

8
Security in an EFT environment
  • All of the equipment and communication linkages
    are tested to effectively and reliably transmit
    and receive data
  • Each party uses security procedures that are
    reasonably sufficient for affecting the
    authorized transmission of data and for
    protecting business records and data from
    improper access
  • There are guidelines set for the receipt of data
    and to ensure that the receipt date and time for
    data transmitted are the date and time the data
    have been received
  • Upon receipt of data, the receiving party will
    immediately transmit an acknowledgment or
    notification to communicate to the sender that a
    successful transmission occurred
  • Data encryption standards are set
  • Standards for unintelligible transmissions are
    set
  • Regulatory requirements for enforceability of
    electronic data transmitted and received are
    explicitly stated

9
Automated Teller Machine (ATM)
  • An ATM is a specialized form of the POS terminal
    that is designed for the unattended use by a
    customer of a financial institution. These
    customarily allow a range of banking and debit
    operations, especially financial deposits and
    cash withdrawals. ATMs are usually located in
    uncontrolled areas to facilitate easy access to
    customers after hours.

10
Internal control guidelines for ATMs
  • Written policies and procedures covering
    personnel, security controls, operations,
    disaster recovery credit and cheque
    authorization, override, settlement, and
    balancing
  • Reconciliation of all general ledger accounts
    related to retail EFTs and review of exception
    items and suspense accounts
  • Procedures for PIN issuance and protection during
    storage
  • Procedures for the security of PINs during
    delivery and the restriction of access to a
    customers account after a small number of
    unsuccessful attempts
  • Systems should be designed, tested and controlled
    to prevent retrieval of stored PINs in any
    non-encrypted form. Application programs and
    other software containing formulas, algorithms
    and data used to calculate PINs must be subject
    to the highest level of access for security
    purposes.
  • Controls over plastic card procurement should be
    adequate with a written agreement between the
    card manufacturer and the bank that details
    control procedures and methods of resolution to
    be followed if problems occur.
  • Controls and audit trails of the transactions
    that have been made in the ATM.

11
Audit of ATM
  • To perform an audit of ATMs, the IS auditor
    should
  • Review measures to establish proper customer
    identification and maintenance of their
    confidentiality
  • Review files maintenance and retention system to
    trace transactions
  • Review exception reports to provide an audit
    trail
  • Review daily reconciliation of ATM transactions,
    including
  • Review segregation of duties in the opening of
    ATM and recount of deposit
  • Review the procedures made for the retained cards
  • Review encryption key change management procedures

12
E-cheques
  • A user writes an electronic cheque, which is a
    digitally signed instruction to pay. This is
    transferred (in the course of making a purchase)
    to another user, who then deposits it with the
    issuer. The issuer will verify the payers
    signature on the payment, and transfer the funds
    from the payers account to the payees account.
  • Some advantages of electronic cheque systems are
  • Easy to understand and implement
  • The availability of electronic receipts, allowing
    users to resolve disputes without involving the
    issuer
  • No need for payer to be online to create a
    payment
  • These systems are usually fully traceable, which
    is an advantage for certain law enforcement, tax
    collection and marketing purposes, but a
    disadvantage for those concerned about privacy.

13
Electronic Banking
  • Banking organizations have been delivering
    electronic services to consumers and businesses
    remotely for years. Electronic funds transfer
    (EFT) (including small payments and corporate
    cash management systems), publicly accessible
    automated machines for currency withdrawal and
    retail account management, are global fixtures.
  • Continuing technological innovation and
    competition among existing banking organizations
    and new market entrants has allowed for a much
    wider array of electronic banking products and
    services for retail and wholesale banking
    customers. However, the increased worldwide
    acceptance of the Internet as a delivery channel
    for banking products and services provides new
    business opportunities as well as new risks.

14
Common Features
  • Transactional (e.g., performing a financial
    transaction such as an account to account
    transfer, paying a bill, apply for a loan, new
    account, etc.)
  • Electronic bill payment
  • Funds transfer between a customers own checking
    and savings accounts, or to another customers
    account
  • Investment purchase or sale
  • Loan applications and transactions, such as
    repayments
  • Non-transactional (e.g., online statements, check
    links, co-browsing, chat)
  • Bank statements
  • Financial Institution Administration
  • Support of multiple users having varying levels
    of authority
  • Transaction approval process
  • Features commonly unique to Internet banking
    include
  • Personal financial management support such as
    importing data into personal accounting software.
    Some online banking platforms support account
    aggregation to allow the customers to monitor all
    of their accounts in one place whether they are
    with their main bank or with other institutions.

15
Risk Management Challenges in E-banking
  • Risk management is the responsibility of board of
    directors and senior management. They need to
    possess the knowledge and skills to manage the
    banks use of electronic banking and all related
    risks.
  • The speed of change relating to technological and
    service innovation in e-banking is unprecedented.
    Currently, banks are experiencing competitive
    pressure to roll out new business applications in
    very compressed time frames. This competition
    intensifies the management challenge to ensure
    that adequate strategic assessment, risk analysis
    and security reviews are conducted prior to
    implementing new e-banking applications.
  • Transactional e-banking web sites and associated
    retail and wholesale business applications are
    typically integrated, as much as possible, with
    legacy computer systems to allow more
    straight-through processing of electronic
    transactions. Such straight-through automated
    processing reduces opportunities for human error
    and fraud inherent in manual processes, but it
    also increases dependence on sound system design
    and architecture as well as system
    interoperability and operational scalability.

16
Risk Management Challenges in E-banking
  • E-banking increases banks dependence on
    information technology, thereby increasing the
    technical complexity of many operational and
    security issues and furthering a trend toward
    more partnerships, alliances and outsourcing
    arrangements with third parties, such as ISPs,
    telecommunication companies and other technology
    firms.
  • The Internet is everywhere and global by nature.
    It is an open network accessible from anywhere in
    the world by unknown parties. Messages are routed
    through unknown locations and via fast evolving
    wireless devices. Therefore, the Internet
    significantly magnifies the importance of
    security controls, customer authentication
    techniques, data protection, audit trail
    procedures and customer privacy standards.

17
Risk Management Controls for E-banking
  • Board and Management Oversight
  • Effective management oversight of e-banking
    activities
  • Establishment of a comprehensive security control
    process
  • Comprehensive due diligence and management
    oversight process for outsourcing relationships
    and other third-party dependencies
  • Security Controls
  • Authentication of e-banking customers
  • Nonrepudiation and accountability for e-banking
    transactions
  • Appropriate measures to ensure segregation of
    duties
  • Proper authorization controls within e-banking
    systems, databases and applications
  • Data integrity of e-banking transactions, records
    and information
  • Establishment of clear audit trails for e-banking
    transactions
  • Confidentiality of key bank information
  • Legal and Reputational Risk Management
  • Appropriate disclosures for e-banking services
  • Privacy of customer information
  • Capacity, business continuity and contingency
    planning to ensure availability of e-banking
    systems and services
  • Incident response planning

18
Electronic Business
  • The term electronic commerce is restricting,
    however, and does not fully cover the true nature
    of the many types of information exchanges
    occurring via telecommunication devices. The term
    electronic business also includes the exchange of
    information not directly related to the actual
    buying and selling of goods. Increasingly,
    businesses are using electronic mechanisms to
    distribute information and provide customer
    support. These activities are not commerce
    activities they are business activities. Thus,
    the term electronic business is broader and may
    eventually replace the term electronic commerce.

19
E-Business Building Process
  • The challenge for an organization is to turn the
    vision and the market opportunity into a viable
    business. Developing the marketing strategy and
    plans and designing and deploying the business
    solution is key. Those who successfully
    architect, develop, and deploy e-business
    solutions will need to formulate and adopt a
    comprehensive business plan. Because of the
    critical role of Internet technologies and
    integration requirements, it is recommended that
    organizations need a comprehensive planning
    framework, an actual e-business model. This
    structured planning approach enables the
    organization to assess, plan for, and implement
    the multiple aspects of an e-business.
  • Solid strategies
  • Knowledge management techniques applied to a
    companys information and intellectual assets
  • Effective e-business processes typically grouped
    in the customer relationship management (CRM),
    supply chain management (SCM), and core business
    operations domains

20
Electronic Business Models
  • Classification by Provider and Consumer
  • Business-to-Business (B2B)
  • Business-to-Consumer (B2C)
  • Business-to-Employee (B2E)
  • Business-to-Government (B2G)
  • Government-to-Business (G2B)
  • Government-to-Government (G2G)
  • Government-to-Citizen (G2C)
  • Consumer-to-Consumer (C2C)
  • Consumer-to-Business (C2B)

21
Electronic Business Models
  • When organizations go online, they have to decide
    which e-business models best suit their goals. A
    business model is defined as the organization of
    product, service and information flows, and the
    source of revenues and benefits for suppliers and
    customers. The concept of e-business model is the
    same but used in the online presence.
  • E-shops (Online Shopping)
  • E-commerce
  • E-procurement (old method is demand, approval,
    quotation, p.o,GRN)
  • Collaboration Platforms (software services that
    enable individuals to find each other and the
    information they need and to be able to
    communicate and work together to achieve common
    business goals ) (Orkut.com, youtube.com)
  • Third-party Marketplaces (Amazon.com )
  • Information Brokerage (a person or business that
    researches information for clients. )
  • Telecommunication (the use of electronic devices
    such as the telephone, television, radio or
    computer )
Write a Comment
User Comments (0)
About PowerShow.com