422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14

7/28/2019 422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14

1/6

07-02-201

Oxford University Press 2012. All rights reserved. E-Business

Chapter 14

Evaluation and Audit

of

e-Business


Learning Objectives

To understand

the purpose and need of auditing Information

Technology and e-business the principles and basics of auditing e-business

various methods and parameters used for auditing

e-business

security and infrastructure audit of e-business

performing IT audit and action items for the same


Introduction

What is Audit?

Examination and analysis of the records or

processes for the purpose of verification

Why it is needed?

for the purpose of verification of consistency and

for determining whether the system and processes

are performing the desired task

Types of Audit?

Financial, Security etc.


Why Audit in e-business?

- E-business involves number of business transactions

over the Web

- Financial transactions through payment gateways

- Effective security processes and infrastructure need to

be in place in order to ensure all activities run

smoothly


Health Indicators of an e-business

Health indicators of an e-business are the indicators that

contribute to value creation, customer satisfaction andbusiness financials; and the effectiveness and

efficiency of business activities.

Following are some of the indicators

1. Availability of the system for end users

2. Response time of a system for internal and external

customers

3. Accessibility of the system

4. Human factor engineering


Health Indicators of an e-business Cont..

5. Customer services

6. Privacy7. Illegal usage and its analysis

8. Copyright infringement

9. Security indicators

10. Various controls and how they are established

11. Other factors such as infrastructure, connectivity,

etc: These factors also indicate the overall business

health.


2/6

07-02-201


E-business Audit & documents

E-business auditing involves examination of the overall

processes and systems which include the audit of

- the network - system behaviour

- Infrastructure - processes

The supplementary documents facilitating auditing

include different diagrams and documents, as

- Network diagrams - System diagrams

- Staff relationship Diagram - Responsibility diagrams

- Point of exposure analysis - Infrastructure list and

positions

- Material and information flow diagrams


Need for e-business audit and evaluation

E-business audit is necessary for the following key

reasons:

Building customer faith

Improved safeguarding of assets

Improved data integrity

Improved system efficiency

Improved customer satisfaction

Once the processes are established, there is the need for

time-to-time review and improvement of these

processes, with the revelation of every new fact.


Auditing guidelines

Comprised of the recommended course of action

needed to perform a quality audit

Should satisfy the following basic criteria -

Evaluating and prioritizing action items based on the

significance of every part of the audit

Accuracy and reliability of audit findings

Impartial and non-prejudiced judgement that is not based

on outdated or irrelevant data

Scope and timeliness of the audit

Clarity, efficiency, and effectiveness of the audit


Major aspects of e-business Audit

The four major aspects of e-business audit are

Understanding and verifying roles

Identifying and understanding processes

Evaluation with reference to benchmark or expected

roles, and

Deriving inputs for enhancement with reference to

gaps.

An audit matrix has four parameters:

Investigation - Evaluation Measurement - Learning


Indicators of Audit Objectives

Two important indicators of audit objectives

Value creation and Achieving business objective

E-business auditing guidelines can be mapped to 4 heads -

The General Guidelines and the Framework for

Auditing

The Guidelines for Financial Auditing

The Guidelines for Performance Auditing

The Guidelines for Corporate Control Oxford University Press 2012. All rights reserved. E-Business

Conducting e-business audit

An e-business audit starts with an analysis of the following

aspects - General business overview

The business system and its key components

IT infrastructure and architecture

Different processes and standards followed

Staff and management

Security devices, policies, architecture, & implementation

Business alignment of e-initiatives

Extended organization, service providers, and external

devices used


3/6

07-02-201


Controls in e-business audit

Control refers to a system that prevents, detects, and

corrects unlawful events.

Implementation of reliable controls is required to

keep things in place

And also to make sure that processes, people, and

management are working effectively towards the

business goal.

The controls are not limited for security purpose, but

cover the entire system

Controls can be classified into preventive controls,

detective controls, and corrective controls. Oxford University Press 2012. All rights reserved. E-Business

Controls in e-business Audit Cont..

Controls cover the entire system, to -

Ensure that appropriate processes are in place

Ensure that the processes are being followed properly

Check whether the necessary infrastructure is in place

Understand the need of enhancement

The purpose of controls is to minimize the losses by

prevention of activities causing losses


An External Auditing System

External auditing system analysis comprises -

Interviews of employees, customers, and managers

A system study

Analysis of the results

The steps involved in conducting an audit include -

Steps to obtain clarity about the controls and

understanding of the controls

Assessment tests of the controls

Tests to detect the irregularities in controls

Review procedures Oxford University Press 2012. All rights reserved. E-Business

Steps involved in an e-business Audit


E-Auditing Parameters


Risks associated with Audit

The most challenging task in the planning phase is to

judge the level of risk associated with each segmentof the audit.

To decide on the level of risk, one needs to analyse the

internal controls -

- Control environment and activities

- Risk assessment, Monitoring

- Information and communication

- Control establishment and personnel

- Use of technologies


4/6

07-02-201


Security and Security Risk Assessment Steps

with reference to e-business


Tests of ControlsCollecting Auditing

Data

The testing of controls offers an insight into their

functioning and provides the necessary data.

Verification of management controls Iterative evaluation of controls

Once the management controls are found reliable, the

weaknesses of controls at every level are investigated

This includes verification of controls at the levels of

operator, accountant, individual employees, etc.


Audit Programs

The audit program is based on the organizations own

reference guide.

The program consists of steps to deduce the

efficiency.

The points to be considered while forming an audit

program

The standards used and

general guidelines followed by an organization


Audit and Testing

An audit needs to analyze the system from various

angles and perspectives, with the help of multiple

controls and a variety of combinations of these

controls.

It includes interviewing employees, testing, and

assessment of documents. Depending on the

complexity of the system, the testing plan for an audit

is decided.


Audit Reporting

Audit reports help organizations identify the gaps and

develop guidelines for bridging the gaps observedduring audit.

An e-business audit report should cover

IT functionality report

IT process auditing report,

Responsibilities and management response

A document addressing users about the need of the

correction in processes.


Audit Report heads

The report must be organized under relevant heads as

Customer interaction processes

Information gathering and analysis processes

Delegation of authority

Internal reporting, Escalation processes, Financial

processes, Contracting processes, etc.

The controls along with the observation and possible

ways of improvement

Information related to the performance indicators

used for auditing.


5/6

07-02-201


Audit of Performance Indicators

Performance indicators should be chosen appropriately

Should indicate the performance of the system accurately.

E-business audit made up of Performance indicators,efficiency indicators, and effectiveness indicators.

Efficiency indicators are associated with the resources

contributing towards the efficiency of business processes.

Effectiveness indicator provides an insight into the overall

effectiveness of business processes.

Workload indicators indicate the amount of work

performed.


E-business Balanced Score-card


E-business Audit Controls and Parameters

E-business is audited for various parameters. The important

control heads with reference to audit of e-business are -

Systems development management controls

E-business transaction management controls

Security management controls

Quality assurance management controls

Input controls

Operations management controls

Programming management controls

Financial management controls

Supply chain management controls

Database management controls


Scope of Audit Work


Concurrent Auditing for E-business

Concurrent auditing is collecting data and evidence

from all audit sources. Allows to capture and track the audit trail online

Provide means for tracking and early warning to

minimize losses resulting from anomalies

Helps identify irregularities quickly

Irregularity propagates quickly across the systems

and results in information and material losses


Steps of concurrent auditing

The steps followed for concurrent auditing are -

Perform feasibility study Analyze the of impact of concurrent auditing

Analyze and take related technical decisions

Plan and design

Implement

Carry out post audit cost benefit analysis


6/6

07-02-201


Advantages of Concurrent Auditing

The advantages of concurrent auditing with reference to

e-business are -

Alternative to traditional post auditing

Gives capability to auditors to track processes

Gives test capability to auditors and information

system and business staff

Can be used for training new users and to give insight

into the system and business


Security Audit

Security audit includes

audit for physical security

data transmission security, and

data storage security

along with security aspects of system

administration and application development.

It covers the following aspects:

1. Security of computers, servers, and network devices

2. Availability of hardware

3. Physical measures for information and data security


Security Audit

4. Backup policies

5. Handling of sensitive information

6. Transmission and encryption of important data

7. Server handling and configuration handling

8. Anomaly detections and identifying violations

9. Disaster recovery and business contingency plans

10. System privilege and access control

11. Information and source code handling

12. Testing strategies13. Security policies to handle viruses, intrusions, and

information corruption Oxford University Press 2012. All rights reserved. E-Business

Components of an e-business Security Audit

Monitoring

Contingency plan

Recovery and reconciliation

Transaction integrity

Incident monitoring and handling

User authentication


Infrastructure Audit

The purpose is to identify whether the required

infrastructure is in place and being used properly andefficiently.

Essential for security as well as efficiency reasons

Includes listing of the available infrastructure such as-

Hardware assets

Operating systems along with patches and versions

Software installed on various machines

Network analysis (connectivity and requirements)

Servers etc.


Infrastructure Audit Cont..

Also includes analyses of security and backup systems.

The infrastructure audit deals with -

Checking whether the required infrastructure is in

place

The quality of infrastructure

Scalability and security aspects of the infrastructure

Optimal use of infrastructure

Connectivity and communication

Processes related to infrastructure

422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14

Documents

Transcript of 422 33 Powerpoint Slides Chapter 14 Evaluation Audit e Business Chapter 14