Training Courses

AEC100: Audit & Control Considerations in Electronic Commerce

CPE credits: 7

Description: This seminar provides insight to those professionals who have grappled with electronic commerce and information security issues surrounding the continued growth of virtual markets. Electronic Commerce (EC) is a range of applications that extends the core business activities of the enterprise into a virtual electronic community that is shared with customers, suppliers, business partners, employees, and prospects.

Connecting businesses and consumers, be it for banking, retail sales, or confirming airline reservations, controlling electronic commerce (EC) will require an integrated examination of electronic data interchange (EDI), electronic funds transfer (EFT), electronic benefits transfer (EBT), and the Internet. Unsecured electronic commerce presents risks which could create a 'black hole' of liability for organizations, seminar attendees will be prepared for the challenges of auditing, assessing and securing automated financial electronic commerce applications, with an aim of avoiding such corporate liabilities.

Audience: This seminar is intended for internal and external audit professionals, Controllers and their management, system developers, Chief Technology Officers, Chief Information Officers, Chief Security Officers, and individuals who wish to learn more about securing and controlling their organization's electronic commerce environment.

Prerequisites: There is no prerequisite for this seminar. No advanced preparations are required for this seminar.

Objectives: After completing this seminar, participants will be able to:

Identify the various uses of Internet technology and learn how the changing roles of this technology in an e-business environment can jeopardize the reliability of information both from a management and an audit point-of-view
Evaluate E-commerce risk assessment and controls
Determine that an e-business organization faces new threats to the safeguarding of its assets, and that the access to those assets is often managed via IT-systems. Further, manipulation of those systems could lead to unauthorized use of assets
Identify that access controls, log files and segregation of duties are key controls in maintaining overall security in emerging virtual markets governed by E-commerce
Perform an audit of their organization's E-commerce environment

Course Outline:

Leveling the Playing Field: A Quick Look at the Internet Numbers

Defining Electronic Commerce

Elements of Electronic Commerce
Goal of E-Commerce

Electronic Commerce - Setting a Course for Success

E-Commerce vs. E-Business
The E-Business Cycle

Rise of the Internet Economy’s “Net” Impact

Critical Issues in E-Commerce

Functional Parts of Electronic Commerce

Key Factors to E-Commerce Development Processes
Emerging E-commerce Business Models
VPN Security and Control

EC Risks

Threats to E-Business

Auditing Electronic Commerce

EC Security Considerations
Securing Web Architecture Design

Establishing Trust in Virtual Markets

Building Credibility
Why Does Web Credibility Matter?
Building Trust
EDI and EC

Secure E-commerce Options

Electronic Data Interchange- Audit and Control Issues

EDI: Nine Areas of Audit Concern
Performing an EDI Audit

General Electronic Commerce Security Tools

Specific Electronic Commerce Security Tools

Utilizing E-Commerce Audit "Tools and Techniques”

Mistakes to Avoid in Planning a Successful E-Commerce Strategy

Privacy and Identity Theft

Dr. Marcella's seminar is based on findings from his books; Electronic Commerce: Control Issues for Securing Virtual Enterprises, and Establishing Trust in Virtual Markets, published by the Institute of Internal Auditors, and EDI Security, Control and Audit, published by Artech House.

Back to training courses.

IT Management Consulting, Training Services, and Audit & Security Reviews Since 1984