Auditing & E-Commerce: A Risk Framework
Odette School of Business Working Paper No. 1/2004
Posted: 5 Jan 2004
Date Written: January 2004
The categories of e-commerce, like Business-to-Business (B2B), Business-to-Customers (B2C) and mobile Commerce (m-Commerce) makes use of core technologies different from each other (Salazar et al, 2003; Maxey, 2001) however, the common factor remains unchanged from the auditors' perception, i.e. risk and its potential to harm the integrity and accuracy of the data and decisions based on such data. E-commerce has begun in its varied facets. As an auditor, one may have to audit them. My effort is to identify the risks and show their impact on the assurance of the information system of any organization. AICPA/CICA (Cashell & Aldhizer III, 1999; Primoff, 1998) has jointly offered seal of assurance at web level and system level. The limitations of these certifications are equally important for an auditor as the objectives and the perceptions of these approval auditors are limited to their respective goals established by these accounting bodies. But, the role and functions of an auditor are beyond those of the assurance approval auditors. The organizational decision making processes are dependent on various segments of information bases whereas these assurance providers audit a limited amount related to their interest. This conceptual paper attempts to show why an auditor is expected to provide a much higher level of assurance to the organizational executives amidst a plethora of risks faced by their information and databases and accordingly a framework is provided for auditors to be implemented in the cyber entities under their review.
Keywords: E-Commerce, Risk, Auditing of Systems, Information Systems Auditing, Information Technology, Business Systems
JEL Classification: M40, M49
Suggested Citation: Suggested Citation