Audit In An E-commerce Environment - Case Study Example

Audit In An E-commerce Environment Introduction Auditing of financial statements in the past few decades have undergone dramatic transformation on account of growing complexity in the business environment. The technology innovations and its subsequent applications in the field of business management have presented new challenges to the auditors. This is particularly true in case of business transactions over the computer network or Internet. The global nature of such business transactions has raised numerous questions on the accounting practices and its consequences on underlying principles governing the preparation of financial statements. Traditional business establishments also made use of remote computers and connections to process data or exchange information. However, the present age has re-defined the business models to include transactions between business to business (B2B), business to consumer (B2C), and business to other entities that include government agencies, institutions and employees. The scope of conducting business transactions is widely varied and the global nature of such transactions has made a significant impact on performing the audit of financial statements. The auditors are faced with numerous challenges and issues pertaining to financial risks, accounting principles and audit of financial statements in context with changing business environment. Ecommerce features and trends Ecommerce allows consumers to buy or hire products and services over the Internet across the boundaries of time and distance. The age-old concept of buying and selling has undergone a sea change in the past decade. The traditional mode where the consumer interacted with the product specialists before making a purchase decision has been replaced by a simple browser that has taken the corporate IT systems to the consumer via the Internet. Many corporations are leveraging their products and services across the Net and following a web marketing strategy now has become the norm. The smoothness of customer interaction channels, the speed, and unparalleled cost savings have propelled many companies to the Internet. Over the past few years’ businesses have succeeded in harnessing the Internet to create new sales channels and acquire new customers. The advantages of online presence include dissolving geographical boundaries, international market presence, and uniformity in product or service presentation to potential customers, online agencies for marketing the company’s products or services. There are many factors that have favored online shopping among net users. The primary reason for shopping online is the consumers save time when purchasing online. Shopping can be done anytime of the day or night from the comforts of one’s bedroom. Another advantage of shopping online is avoiding travel and traffic. Challenges faced by auditors in an ecommerce environment It has already been established that the Internet is a powerful medium and the potential it has to offer in Ecommerce context is endless. Transparency in consumer transactions and a forthcoming attitude is essential in order to ensure the businesses with high levels of profits and visibility on the Net. However, in context of business audits the assessment of risks and management of data privacy issues present serious challenges to the firm auditors. The ecommerce applications and transfer of customer related data and are increasingly vulnerable to hackers or spywares that pose a serious threat on the Internet. The open connection is highly exposed to increasing number of threats in the form of data protection, integrity and confidentiality issues besides other security threats such as hackers and viruses. This renders the whole system and the reputation of the organization highly susceptible to security breaches. Besides customer data protection issues, organizations are also exposed to payment issues that arise from non-authentic payment details or faulty transactions. Hence payment authentication system plays a vital role in securing online transactions and promoting business growth in an ecommerce setup. A significant concern raised during audit within ecommerce transactions is the absence of paper records of payments or invoices. The auditor has to rely on system records and online information sources for verifying details of any commercial or business transactions. The system being totally dependant on technology support and related infrastructure is highly exposed to threats of system failure or collapse of vital network components. In such scenarios it often becomes difficult to restore data especially in places where there is no backup available. Development and changes in audit practices in the past few years The evolution of audit procedures in context of ecommerce is not very old since much of the development in this technology platform has occurred within the past decade. The past few years have witnessed a significant development and growth in the usage of the Internet in the commercial sector. Initially, the Internet was used only by government agencies and large establishments to maintain and automize the work process and help with storage and compilation of vital data. These initial work applications faced few risks on account of limited use and restricted access to confidential data and information. The Internet was not used for committing online transactions. However, with the growing popularity of the medium the usage of Internet expanded to medium and small enterprises and finally to the homes of individuals. The corporates and individuals used the Internet for accessing vital information online and this scope was expanded to include unlimited availability of information, data, and services catered to meet individual demands and expectations. Business entities perceived increased market and revenue earning opportunities through innovative use of technology tools and this led to increasing sales and commercial activity over the Internet. Ecommerce witnessed a boom with wide range of industries and service providers exploring the unlimited potential offered by this medium. The growth of ecommerce led to increasing online transactions with more and more people banking online, booking their tickets online and purchasing gifts and items of need online. The impact of this evolution and innovation in technology is evident in the way business models have been re-designed to accommodate increased customer convenience and ease of doing business. “Thus the technological evolution and the expansion of the online transactions concept resulted in the incorporation within the ecommerce concept of all the commercial activities executed by the employment of the information and communication technologies, such as the Internet, virtual private networks (VPN), automated teller machines (ATM), electronic fund transfers (EFT), electronic data interchange (EDI), supply chain management (SCM), and also customer relationship management (CRM)” (Genete et al., 2008). The widening of application areas and methods in the ecommerce industry has resulted in increased risk exposure in the form of technical loopholes and innovative uses of technology to infringe on personal and corporate privacy. There are various technologies that have emerged in the past few years that include cloud computing, virtual and simulated environments, and biometric devices. As the world moves towards expansion in terms of globalization and technology advancements, security systems are becoming even more important to any organizations than ever. Since securities such as PIN numbers, key card accesses, and passwords could be easily stolen and hacked, a better security, biometric technology, was introduced to reduce risks from identity thief and information leak. Since most important information is being stored in computers, an excellent security system is then required in order to keep information safe from any issues that might lead to the company loss. The security systems such as PIN numbers, key card systems, signatures and passwords are just basic securities system installed in almost any organizations, but those could be easily stolen, faked, and hacked before ones even realize they are attacked. The significance of the risk assessment process is realized in context of the increasing dependency of organizations on such systems and online applications. Modern economy is driven by knowledge sharing programs that provides businesses with the competitive edge and improves quality of products and services delivered. Risk management practices to be more effective in the present market conditions should adopt strategies that are based on faster access to information that is accurate and reliable while taking decisions. One of the primary requirements of an effective risk assessment system is to ensure the accuracy and reliability of financial and related data that have a direct bearing to the business growth and performance. A well integrated information system and knowledge sharing practice among auditors has become the need of the day to provide effective services to their clients. In the face of these developments the role of auditors became more complex owing to the diverse nature of data and information assimilated from various locations across the globe. It must be noted in this context that the role of the auditor remains the same and this involves communicating the exact financial situation to the stakeholders of the organization. This includes collection of data about the audited system, analysis of business practices; protection of data, analysis of data for reliability and accuracy, compilation of data collected into presentable report format and identify situations that need improvement. The role of auditors have evolved in context of ecommerce environment that makes it necessary for auditors to have an improved understanding of the online business model, technology, strategies, and tools. This is imperative for assessing the risks involved in the financial statements. This is vital for understanding the audit process and techniques used in data collection and its potential risk factor (Genete et al., 2008). Michael Juergens (2009) identified ten critical areas that make the task of auditing in an ecommerce environment more challenging. This includes risk assessment in organizations using cloud computing solutions, operating in a virtual environment and dissatisfied employees who can play with the security features in the system or indulge in fraudulent activities. The technology has equipped the enterprises and individuals with increased capacity to handle complex tasks but auditors must “review data classification schema, access management, index design and maintenance, and user training” (Juergens, 2009). The risk assessment procedure should hence include restricted access to vital data, integrity of data processing systems, data communication system, agreements between ecommerce trading partners, and the flow of operational processes. Analysis of the impact of ecommerce audit in practical environment The subsequent paragraphs analyse the impact of changing audit practices in practical environment. The section highlights the changing audit requirements and compliance issues that have been implemented by amazon.com and HSBC in order to meet the needs of the present environmental challenges. The business implications of both retailers and banking institutions are to a large extent influenced by these security measures and policies that have been implemented for increasing performance and productivity within the organizations. Online retailing deals with direct consumer transactions and interactions that support the business model. The risks are prevalent in the form of online transactions and handling of vital consumer data. However, in case of HSBC the outsourcing business model holds immense risks in terms of data exchange and financial risks related to such practices. This requires a close monitoring and strict adherence to security and compliance standards to ensure safe and effective business operations. Amazon.com is one of the largest ecommerce portal offering online retail services to its customers from all over the world. It is the pioneer in implementing recommendations from the internal auditing of its ecommerce business. The company has been implementing change management based on the recommendations from the internal auditors. The company recognizes that the brand image of the company is important for the online customers and anybody doing business through ecommerce methods are very sensitive to the company’s brand image. The auditing practices of the company involve tracking every move and click of the customer and keeping a record of the customer history for future references. This has proved highly effective in using the data to assess risks, monitor performance and devise effective strategies. The system keeps track of the frequency of customer visits, purchase trends, payment history and personal details that helps the company to analyse user behavior and customer preferences. The business model focuses on market growth through partnerships and alliances that provides the company with an increased competitive advantage in the industry along with increased market shares. In view of security threats the company has implemented highly secured payment gateways that authenticate the transaction process at every stage. (Chaffey, 2008) Multinational banking organizations like Hong Kong Shanghai Banking Corporation (HSBC) have evolved its audit measures to accommodate the changing operating environment that involves online banking transactions and handling of critical customer data. The company for the past few years has outsourced its operations to the developing economies of India and China in search of cost advantage and operational efficiency. The model has provided them with an increased competitive edge in the industry and helped in expanding its operations and markets. However, it poses a major challenge in implementing security controls for audit purpose. The company has issued and implemented policies and compliance standards for its employees and departments. Strict adherence to these standards is mandatory to prevent any breach in security and protect against data piracy or misuse of customer information. (HSBC.com, 2009) Conclusion The e-business model needs to adopt a safe and secured online payment application since most of the users are wary of making credit card transactions over the Internet. The rising instances of unauthorized access, violation of personal information and data hacking has caused sincere concerns over the safety issues of making online transactions. The legal issue that may arise in the event of a conflict between the consumer and business service provider is another cause of concern. This becomes more complicated in case of global scenario. There are many new technologies that can now be used to provide greater security to the online transactions. The use of Secure Socket Layer (SSL) is one such mechanism that encrypts or translates the order information into a highly indecipherable code that cannot be hacked by anyone. Further use of effective codes can lead the consumer to a secured zone that cannot be accessed from any remote server. Effective auditing practices in the ecommerce environment require the logging of customer transaction from its initiation through collection of the receipt and delivery of the product (ISACA, 2002). Auditing of the financial statements of the companies is very effective in reducing the cost of raising capital. This adds to the economic value of the company. The role of auditing hence provides the organizations with an added advantage and increase competitive edge in the terms of lowered interest rates, higher share prices and increased efficiency in leveraging financial costs. The advent of new technology and business models has made a significant impact on the role of auditors today. It has changed the way auditing process is conducted in the present business context. As discussed in the paper the auditors should possess an in-depth understanding and increased insight of the ecommerce tools and technology to enable them to provide a comprehensive risk assessment report and evaluate the implications of various types of transactions taking place online. The significance and relevance of financial statements has changed in the context of information technology tools and applications that have enabled the users with easy access to unlimited expanse of data and information related to a company’s performance. The increasing use of Internet has threatened the relative importance of financial statements to investors since they now have access to numerous alternative sources of information for analysis. “For example, investors can now get up-to-the minute data about companies through public and proprietary databases, instead of having to wait for quarterly or annual reports (Stanford, 2004). References: 1. Genete, Laura-Diana and Tugui, Alexandru. 2008. Particularities of audit planning in ecommerce. http://www.ibima.org/pub/journals/CIBIMA/volume6/v6n1.pdf 2. Juergens, Michael. 2009. Expert names top 10 audit issues of 2009. http://www.internetnews.com/bus-news/article.php/3819156 3. Stanford.edu. 2004. Auditing in the ecommerce era. http://securities.stanford.edu/news-archive/2004/20041020_Headline100083_Staff.html 4. Chaffey, Dave. 2008. Amazon.com case study. 5. ISACA. 2008. IS auditing guideline. 6. ISACA. 2002. Audit trails in an ecommerce environment. 7. Wagner, Harold J. 2001. Information systems and electronic commerce. 8. ICGFM. 2009. International journal on governmental financial management. 9. University of Missouri. 2007. Ecommerce security guide. 10. Institute of Internal Auditors. 2003. Control and audit implications of ecommerce activities. 11. ISACA. 2008. What ecommerce planners should remember? http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=52630&TEMPLATE=/ContentManagement/ContentDisplay.cfm 12. HSBC. 2009. HSBC Global Resourcing. http://www.hsbcglobalresourcing.com/ Read More