7/27/2019 Ch07+ Student F13

1/33

Chapter Seven

E-Business Risks

7/27/2019 Ch07+ Student F13

2/33

Topics Addressed in Chapter 7

E-Business and E-Commerce

The Technology of E-Business

Understanding E-Business Risk Specialized E-Business Applications

Managing Third-Party Providers

Third-Party Assurance Services Auditing Data Centers and Data Recovery

Auditing Web Servers

Auditing Databases

7/27/2019 Ch07+ Student F13

3/33

E-Commerce and E-Business

E-commerce means using IT to buy and sell goods

and services electronically.

E-business is a broader term, covering not only goodsand services exchanges, but also all forms of business

conducted using electronic transmission of data and

information.

Current state of E-business is C-business, where the

Cstands for collaborative.

7/27/2019 Ch07+ Student F13

4/33

7/27/2019 Ch07+ Student F13

5/33

E-Supply Chains

e-supply chain management (e-SCM)

The collaborative use of technology toimprove the operations of supply chain

activities as well as the management of supplychains

information visibility

The process of sharing critical data required tomanage the flow of products, services, andinformation in real time between suppliers andcustomers

7/27/2019 Ch07+ Student F13

6/33

RFID as a Key Enabler inSupply Chain Management

radio frequency identification (RFID)

Tags that can be attached to or embedded in

objects, animals, or humans and use radio

waves to communicate with a reader for the

purpose of uniquely identifying the object or

transmitting data and/or storing information

about the object

7/27/2019 Ch07+ Student F13

7/33

7/27/2019 Ch07+ Student F13

8/33

7/27/2019 Ch07+ Student F13

9/33

Collaborative Commerce

collaborative commerce (c-commerce)

The use of digital technologies that enablecompanies to collaboratively plan, design, develop,

manage, and research products, services, andinnovative EC applications

collaboration hub (c-hub)

The central point of control for an e-market. Asingle c-hub, representing one e-market owner, canhost multiple collaboration spaces (c-spaces) inwhich trading partners use c-enablers to exchange

data with the c-hub

7/27/2019 Ch07+ Student F13

10/33

7/27/2019 Ch07+ Student F13

11/33

Collaborative Commerce

vendor-managed inventory (VMI)

The practice of retailers making suppliers responsible

for determining when to order and how much to order

RetailerSupplier Collaboration: Target Corporation Lower Transportation and Inventory Costs and

Reduced Stock-Outs: Unilever

Reduction of Design Cycle Time: Clarion Malaysia

Reduction of Product Development Time: Caterpillar,

Inc.

7/27/2019 Ch07+ Student F13

12/33

Evolution of E-Business

EDI, electronic exchange of source documents between buyers andsellers

Phase 1

Web pages, development of Web pages that mirrored paperdocuments

Phase 2

Active websites, development of Websites that use Internetcommunication features

Phase 3

Intranets, use of Internet to improve business within organizationsPhase 4

Supply chain, use of Internet to improve business across the supplychain

Phase 5

Collaborative commerce, use of Internet to conduct businessvirtually

Phase 6

7/27/2019 Ch07+ Student F13

13/33

The Technology of E-Business

TCP/IP is the most widely used protocol.

Each message transmission over the Internet

requires an IP address, which may be static or

dynamic, for both the sender and the receiver.

The main hardware component is the Web

server.

7/27/2019 Ch07+ Student F13

14/33

The TCP/IP Model

Layer Function Description

Application Layer Translates messages into the hosts

computer application software for

screen presentation.

Presentation Transport Layer Breaks messages into TCP packetscalled datagrams and attaches header

plus information on reassembling, and

ensures data delivery

Internet Protocol (IP) Layer Breaks down packets further and routes

them from sender to receiver

Network Interface Layer Handles addressing and the interface

between requesting and receiving

computers

7/27/2019 Ch07+ Student F13

15/33

HTML and XML

HTML (hypertext markup language) is a

formatting language that specifies the

presentation of information over the WWW. XML (extensible markup language) enables

the transmission and manipulation of

information across the Internet.

7/27/2019 Ch07+ Student F13

16/33

HTML and XML

HTML and XML are both markup languages.

HTML describes how the data are displayed. XML

describes what the data mean. XML is extensible (expandable), while HTML is not.

The accounting and finance industry is developing extensible business

reporting language (XBRL). XBRL tags would ensure retrieval of

similar data and allow for manipulation of the information so thatcomparison would be possible. Business entities can store the data once

in XBRL format and extract it as needed for a variety of reporting

purposes.

7/27/2019 Ch07+ Student F13

17/33

Privacy and Confidentiality

Privacy concerns the protection afforded to

proprietary information.

trade-off between privacy and personalization

trade-off between privacy and security

Confidentiality is a similar concept except that

it focuses on information specially designed tobe confidential or secret.

7/27/2019 Ch07+ Student F13

18/33

Risk Indicators for E-Business Privacy and Confidentiality

The entity has no privacy policy

The entity captures data not needed to process transactions

The degree of protection afforded by the privacy policy is minimal

The entity uses third-party cookies

The entity allows third-party cookies

Transmissions to and from the entity are not encrypted

The entity does not promise not to share data with third parties

7/27/2019 Ch07+ Student F13

19/33

Privacy Policies

Two main purposes: Protect the entity

Explicitly explains how proprietary information is handled

Provide assurance to business partners about information use

Elements of a sound privacy policy General statement

Description of information collected at the site

Use of collected information

7/27/2019 Ch07+ Student F13

20/33

Internet Explorers Privacy Settings Screen

7/27/2019 Ch07+ Student F13

21/33

Understanding E-Business Risk

Areas associated with e-business risks:

privacy and confidentiality

security and availability

transaction integrity

business policies

7/27/2019 Ch07+ Student F13

22/33

The Languages of E-Business

HTML

XML

XBRL ebXML

7/27/2019 Ch07+ Student F13

23/33

Privacy

Privacy vs confidentiality

Privacy and security trade-offs

Privacy policies Internet tracking tools

7/27/2019 Ch07+ Student F13

24/33

Information System Security

and Availability

General network and telecommunications

risks and controls

EncryptionSSL, SET, S-HTTP

Securing electronic payments

Securing the web server

System availability and reliability

7/27/2019 Ch07+ Student F13

25/33

Transaction Integrity and

Business Policies

The integrity of transactionscomplete,

accurate, timely, authorized

Repudiationorigin and reception non-

repudiation

Digital signatures and digital certificates

Electronic audit trails

7/27/2019 Ch07+ Student F13

26/33

Specialized E-Business

Applications

Electronic Data Interchange (EDI)VAN

vs web-based

Collaborative Commerce

E-Mail Security and Privacyspamming,

spoofing, and e-mail policies and controls

7/27/2019 Ch07+ Student F13

27/33

Managing Third Party Providers

Third-party servicesISPs, ASPs,

certificate authorities, and electronic

payment providers

Independent evaluations of third parties

SAS 70 Reports on Processing of Transactions

by Service organizations

7/27/2019 Ch07+ Student F13

28/33

Third Party Assurance Services

CPA Trust engagements

TRUSTe

BBB Online Veri-Sign

7/27/2019 Ch07+ Student F13

29/33

Information Risks

Content on web page exposing web publisher to libel, defamation of character, slander

Copyright infringement and invasion of privacy suits stemming from posted textual

content

Copyright infringement and invasion of privacy suits stemming from digital scanning

and morphing

Copyright, patent, or trade secret infringement violations by material used by web site

developers After unauthorized access to a web site, online information about employees or

customers is stolen, damaged or released without authorization

Electronic bulletin boards containing defamatory statements resulting in liability or

embarrassment

Worldwide legal exposure resulting from use of creative material (e.g. names,

likenesses) that violate laws of countries outside of the home country Credit card information intercepted in transit is disclosed or used for fraudulent

purposes

Information that has been changed or inserted in transmission is processed leading to

erroneous results

Flight of intellectual property due to employees moving to competitors

7/27/2019 Ch07+ Student F13

30/33

Technology Risk Negligent errors or omissions in software design

Unauthorized access to a web site,

Infecting a web site with computer viruses

Internet service provider (ISP) server crashes Software error and omission risks causing unauthorized access

Software content risk that violates a copyright or is libelous.

Third party intercepts credit card information in transit causing breeches in security

for online payments.

Intercepting and copying or changing non-credit card information during

transmission

Insufficient bandwidth to handle traffic

Obsolete hardware or hardware lacking the capacity to process required traffic

Risk due to excessive ISP outages or poor performance

ISP or home-company servers being down

Scant technical infrastructure to manage cycle time to develop, present, and

process web-based products

Risk of improperly integrating e-commerce system with internal databases

Risk of improperly integrating e-commerce system with internal operational

processes

Risk due to poor web site design manifesting themselves in long response times

Inability of customer or supplier computers to handle graphical downloads

7/27/2019 Ch07+ Student F13

31/33

Business Risk Electronic bulletin boards containing defamatory statements resulting in liability

Worldwide legal exposure resulting from use of information in violation of home-

country laws

Using web sites to conduct illegal promotional games, such as a sweepstakes orcontests

Risks related to payment to web site developers and disputes between

developers and clients

Lack of maintenance on existing web pages

Impact on business due to intellectual property lost due to employees moving to

competitors

Changes in supplier relationships re: data access, data ownership, distribution

strategy, and marketing tactics

Changes in customer relationships re: data access, data ownership, distribution

strategy, and marketing tactics

Products out-of-stock due to poor communication with operations

Inconvenient return policies -- lack of coordination with physical system

Excessive dependence on ISP to support firm's business strategy

Inability to manage cycle time for developing, presenting, and processing web-

based products

Improperly integrating e-commerce systems with internal operational processes

Insufficient integration of e-commerce with supply chain channels

7/27/2019 Ch07+ Student F13

32/33

7/27/2019 Ch07+ Student F13

33/33

Questions or Comments