Secure e-Business Chartered Accountants of Canada Comptables agréés du Canada Overview of WebTrust...
-
Upload
derick-parker -
Category
Documents
-
view
220 -
download
3
Transcript of Secure e-Business Chartered Accountants of Canada Comptables agréés du Canada Overview of WebTrust...
Secure e-Business
AICPA Chartered Accountants of Canada
Comptablesagréésdu Canada
Overview of WebTrustTM
Secure e-Business
What are this site’s e-Commerce practices? I am worried about security I would like to maintain anonymity I do not like trace ability What are they going to do with my information? Who am I really doing business with? I am afraid I will get scammed, will I get my stuff? What is the recourse if something goes wrong?
Concerns About e-Business
Secure e-Business
People who have access to the Internet but who have not purchased a good or service through the Internet, state that the following were factors in their decision:
52 %
Concern over privacy of personal information
56 %
Concern over unauthorized use of credit card information
36 %
Concern over not receiving product or service ordered
Source: Canadian Institute of Chartered Accountants Electronic Commerce Survey August 1997
Barriers to Acceptance
Secure e-Business
The visual aspect of online shopping is key There is a strong commitment to purchasing at Canadian sites. Online purchasing is considered to be convenient and saves time. Considerable concern still exists about the privacy of personal
information related to online purchasing. A third party security endorsement can help build the trust of site
visitors. Book marking of favorite sites has the potential to build loyalty The power of “word of mouth” should not be underestimated.
D&T & Retail Council of Canada’s Most Recent Study
Consumers are saying…
Secure e-Business
Provides assurance that a web site meets AICPA/CICA defined criteria for business practices and transaction integrity, security and privacy, and related disclosures.
Is designed to build consumer confidence in electronic commerce. Is the only service combining privacy, security, and transactional integrity
with up-front and ongoing independent third party verification. Will be able to demonstrate a web site’s compliance with the privacy laws of
major industrial countries. Is a global seal that can be provided by qualified and licensed CPAs and CAs
around the world.
The WebTrustTM Response A Unique Seal of Assurance
WebTrustTM
Secure e-Business
Planning: New Zealand
Researching: Belgium Malaysia Japan Italy Argentina
Planning: New Zealand
Researching: Belgium Malaysia Japan Italy Argentina
Currently: Canada United States England and Wales Denmark France Germany Ireland Netherlands Spain Australia Hong Kong
Currently: Canada United States England and Wales Denmark France Germany Ireland Netherlands Spain Australia Hong Kong
Global Offering of WebTrustTM
Secure e-Business
Web consumer would see the seal on a Web page
Would then click on it to access additional information
WebTrustTM Seal
Secure e-Business
Definition of scope Web sites & services included Geographical scope
Self-assessment questionnaire Understand outsourced activities Initial period at least 60 days Unqualified audit report At least semi-annual updates Independence Appropriate team with required expertise
WebTrustTM Certification Process
Secure e-Business
Perform a Self-evaluation.Understand and document the electronic commerce business and systems processes, procedures and controls.
Map existing processes and controls against WebTrust™ Principles and Criteria.
Build a WebTrust™ Preview Site
Overview of the WebTrustTM Process
Phase I – Understanding the Methodology and Process
Phase I – Understanding the Methodology & ProcessPhase I – Understanding the Methodology & Process
Self Evaluation
Understand & Document Process, Procedures & Controls
Map Processes & Controls
Build WebTrustTM Preview Site
Secure e-Business
Overview of the WebTrustTM Process
Phase II – Testing of the Processes & Controls
Phase II – Testing of the Processes & ControlsPhase II – Testing of the Processes & Controls
Test and Evaluate
Test and evaluate the Business Practices Disclosures, Transaction Integrity, Security and Privacy Controls.
Secure e-Business
Overview of the WebTrustTM Process
Phase III – Reporting
Phase III – ReportingPhase III – Reporting
Complete and Certify
Complete the final report and certify the Web Site.
Secure e-Business
Update our review and tests of the Business Practice Disclosure, Transaction Integrity and Information Protection on a semi-annual basis.
Update for any major system changes and service offerings.
Overview of the WebTrustTM Process
Phase IV – Minimum Semi-Annual Updates (Version 3.0)
Phase IV – Minimum Semi-Annual UpdatesPhase IV – Minimum Semi-Annual Updates
Update & Review our Tests Semi-Annually
Update for any Major System Changes & Service Offerings
Secure e-Business
WebTrust™ Security Seal WebTrust™ Transactional Integrity Seal WebTrust™ Privacy Seal or WebTrust™ Consumer Protection Seal including all three of the
above Additional principles for B2B & ISP/ASPs include:
availability confidentiality non-repudiation customized disclosures
The New Version 3.0 WebTrustTM
Version 3.0 includes any of the following WebTrustTM Seals:
Secure e-Business
The enterprise discloses key security policies, complies with such security policies, and maintains effective controls to provide reasonable assurance that access to electronic commerce system and data is restricted only to authorized individuals in conformity with its disclosed security policies.
WebTrustTM 3.0 Principles: Security
Security
Secure e-Business
Transaction Integrity
The enterprise discloses its business practices for electronic commerce, executes transactions in conformity with such practices, and maintains effective controls to provide reasonable assurance that e-Commerce transactions are processed completely, accurately and conformity with its disclosed business practices.
WebTrustTM 3.0 Principles: Transaction Integrity
Secure e-Business
WebTrustTM 3.0 Principles: Privacy
The enterprise discloses its privacy policies, complies with such privacy practices, and maintains effective controls to provide reasonable assurance that personally identifiable information obtained as a result of electronic commerce is protected in conformity with its disclosed privacy practices.
Privacy
Secure e-Business
WebTrustTM 3.0 Principles: Availability
The enterprise discloses its practices for availability, complies with such availability disclosures, and maintains effective controls to provide reasonable assurance that e-commerce systems and data are available as disclosed.
Availability
Secure e-Business
WebTrustTM 3.0 Principles: Non-repudiation
The enterprise discloses it practices for non-repudiation, complies with such practices, and maintains effective controls and appropriate records to provide reasonable assurance that the authentication and integrity of transactions and messages received electronically are provable to third parties in conformity with its disclosed non-repudiation practices.
Non-repudiation
Secure e-Business
WebTrustTM 3.0 Principles: Confidentiality
The enterprise discloses its confidentiality practices, complies with such confidentiality practices and maintains effective controls to provide reasonable assurance that access to information obtained as a result of electronic commerce and designated as confidential is restricted to authorized individuals in conformity with its disclosed confidentiality practices.
Confidentiality
Secure e-Business
WebTrustTM 3.0 Principles: Customized Disclosures
The enterprise’s specified disclosures are consistent with professional standards for suitable criteria and relevant to its electronic controls over the processes supporting such disclosures to provide reasonable assurance that such disclosures are reliable.
Customized Disclosures
Secure e-Business
What happens if a company does not meet the audit requirements? How long do we have to fix any inconsistencies?
The company needs to demonstrate that it has been in compliance with the WebTrust™ criteria for at least 60 days before it can receive the WebTrust™ seal. Then it needs to remain in compliance with the criteria to continue to display the seal.
As part of their work, practitioners may identify weaknesses which need to be addressed. This may be included as part of the services based on the extent of the weaknesses identified. However, if the practitioner and the management determine that the weaknesses are extensive, then we will have to address those issues and help you improve the controls and practices separately. In such cases, the seal will be awarded 60 days after the implementation of the new controls, to ensure their effectiveness.
Secure e-Business
What does WebTrust™ membership provide other than quarterly (semi-annual) audits?
As is the case with a financial statement audit, there is no membership structure. The AICPA/CICA task force would be willing to consider such a program if there was sufficient interest among organizations with the WebTrust™ seal.
However, as a certified WebTrust™ web-site, you will be listed at the WebTrust™ home page under a listing of all WebTrust™ certified companies. This provides customers a “Yellow Pages” of WebTrust™ web-sites. Additionally, the members will have access to “Best Practices” for Internet electronic commerce.
Secure e-Business
How is a WebTrust™ audit different from a regular accounting and/ or system audit and what extra value does it provide?
The purpose of a WebTrust™ audit differs significantly from those of a financial statement audit. The focus of WebTrust™ is on the business practices disclosures for electronic commerce transactions and the related controls over transaction integrity and information protection. The WebTrust™ view is ensuring that business-to-consumer electronic commerce transactions are appropriately handled and that related concerns of typical consumers are addressed by the business.
By contrast, the financial statement audit focuses on the reliability and fair presentation of financial statements and the related footnotes and disclosures. The audit work performed on accounting systems is an intermediate step in formulating the auditor's opinion on the financial statements.
Secure e-Business
By representing WebTrust™ , does the CA or CPA issuing the WebTrust seal ensure security of the company’s processes and systems to customers?
The responsibility for ensuring security of a company’s processes and systems is that of the company’s management. The practitioner is providing an independent and objective assessment of how management is discharging that responsibility.
Secure e-Business
What are the key customer benefits?
Key customer benefits are increased trust and confidence in doing business electronically on the Internet. This should ultimately result in more efficient markets and lower cost benefits to both the company and its customers.
Customers will have access to a “Yellow Pages” listing of your web-site as a WebTrust™ certified business.
WebTrust™ is a recognized seal of assurance on the Internet. The true advantage will be for those companies who get the early edge through strategic marketing of their electronic commerce practices and their WebTrust™ certification.