Business risk considerations• E-commerce risks include: – Risks arising from the nature of relationships with e-commerce trading partners; – Risks related to the recording and processin
Trang 1Chapter 17 Advanced Topics in Assurance Services
Trang 2E-Commerce Environments
• E-commerce: The use of electronic transmission
mediums (telecommunications) to engage in the
exchange, including buying and selling, of products and services requiring transportation, either physically or digitally, from location to location.
• E-commerce is changing how many organisations
currently undertake business.
Learning Objective 1:
Trang 3Early E-Commerce Systems:
Electronic Data Exchange (EDI)
• Forerunner to e-commerce was EDI.
• Example: Manufacturer requires suppliers to accept orders through electronically transmitted purchase
Trang 4Current Categories of E-Commerce
Trang 5Business Risk Assessments and Control
Considerations in E-Commerce
• Number of differences for business risk assessment
and related controls for B2B compared with B2C
e-commerce.
• B2B: audit client is transacting with small group of other businesses (identity known, authorisation procedures in place).
• B2C: audit client is transacting with the world at large (identity unknown).
Learning Objective 2:
Trang 6Business risk considerations
• E-commerce risks include:
– Risks arising from the nature of relationships with
e-commerce trading partners;
– Risks related to the recording and processing of
e-commerce transactions;
– Pervasive e-commerce security risks, including privacy issues;
– Fraud risks; and
– Risks of systems failures or ‘crashes’.
Trang 7– Programmed controls (e.g to ensure customer is
authentic – payment authorised with approved credit
card, order is reasonable, method of payment or worthiness have been established).
Trang 8Programmed controls are tested by test data techniques.
– B2C – authorisation of transactions established on many occasions by quoting valid credit card Funds are usually received before goods are shipped System reviewed as a part of general controls Programmed controls tested by the use of test data.
Learning Objective 3:
Trang 9Substantive tests in an E-Commerce
environment
• There should be evidence to support figures contained
in the financial report Auditor can substantively verify these figures.
• There may be assertions, such as rights and obligations (who owns the inventory the entity is selling?), to which auditor has to pay closer attention.
• Caution should be exercised with regard to analytical procedures, as some traditional relationships between account balances might no longer hold (e.g a supplier might not hold inventory).
Trang 10Continuous Assurance
• Rapid advances in information technology enable
information to be made available to users on a more
timely basis.
• E.g in the future, entities might have financial reports
on Internet and show current status of accounts (as
impacted by transactions as they flow into system).
• Assurance may be requested on such reporting
Trang 11Conditions necessary for a continuous
audit
Trang 12Examples of continuous assurance
• Continuous assurance can be on either financial or financial information Examples include:
non-– specific financial information required by debt covenants;
– an entity’s compliance with stated policies and practices with regard to e-commerce transactions;
– completeness and accuracy of frequently updated key information provided publicly on a website;
– financial reports available on demand; and
– effective operation of controls over specified systems or publicly accessible databases.
Trang 13Continuous assurance and XBRL
eXtensible Business Reporting Language (XBRL): is a
new technology bringing continuous assurance closer
to reality.
• Uses accepted standards and practice to encourage
standardisation and exchange of financial information
(including financial reports) across different technologies.
• Takes transactions and maps onto a standard structure for financial reports, and provides tags attached to
transactions that permit the tracing of these transactions.
Trang 15What forensic auditors do
• Investigative engagements:
– Fraud investigations – determining existence, nature and extent of fraud and funds tracing.
– Business economic loss analysis – contract disputes,
product liability claims, etc.
• Litigation support:
– Review of evidence to form assessment of case and
identify areas of loss.
– Obtain relevant evidence to support or refute legal claims.
Trang 16Typical approach to forensic auditing
assignment
• Plan meeting with client;
• Perform an engagement acceptance check;
• Perform a preliminary investigation;
• Develop an action plan;
• Obtain the relevant evidence;
• Evaluate the evidence; and
• Prepare the report.
Trang 17Environmental and Sustainability
Assurance
• Environmental reporting is becoming increasingly
prevalent, with the advent of triple bottom line and
sustainability reporting.
• IAASB has identified this as a major assurance service
on which it will be concentrating on in 2005-2006.
Learning Objective 6:
Trang 18International developments
• Many groups encouraging or creating standards or
criteria for environmental and sustainability reporting:
• IAASB
• Fédération des Experts Comptables Européens (FEE)
• The Global Reporting Initiative (GRI)
• Institute of Social and Ethical Accountability
(AccountAbility)
• The International Organisation for Standardisation (ISO) 14,000 series
• CPA Australia
Trang 19Providing assurance on environmental and
• There was a large increase in the proportion of those
reporting being independently assured (27 per cent in
2002 compared with 19 per cent in 1999).
• The major accounting firms performed the majority of these verifications (65 per cent).
Trang 20Current practice – CPA Australia
• Accounting firms provided 87 per cent of assurance reports
in Japan, 60 per cent in continental Europe, 23 per cent in the UK, and 15 per cent in Australia Is acknowledged that few such assurance reports are issued in the USA and
Canada.
• Suitable criteria – survey showed that only 40 per cent of assurance reports refer to the reporting criteria used
Criteria that are mentioned most frequently are the GRI
guidelines (11 per cent), followed by the AA 1000
framework.
• Assurance standards that were being followed - it was
found that 66 per cent of all reports (accounting firms: 55 per cent) do not mention any standards in accordance with
Trang 21Current practice – CPA Australia (Cont.)
• The assurance standard that was most often referred to was AccountAbility’s ‘AA 1000 Assurance Standard’
Trang 22Overarching principles
Trang 23Assurance currently provided
• Environment Australia notes that there are primarily four levels of assurance services currently provided These are:
– Level 1: Data verification – the checking of randomly
selected data.
– Level 2: Verification of completeness of reporting –
assessing the level of reporting against the organisation’s policy, aspects and impacts, and objectives and targets.
– Level 3: Report verification incorporating site level
compliance auditing.
Trang 24Assurance reporting on sustainability
reports
• An assurance report should contain:
– a title that clearly indicates the report is an independent engagement report;
– an addressee;
– a description of the subject matter;
– identification of the suitable criteria;
– a description of any inherent limitations;
– a statement to identify the responsible party and to
describe the responsible party’s and the assurance
provider’s responsibilities;
Trang 25Assurance reporting on sustainability
reports (Cont.)
– a statement the engagement was performed in
accordance with AUSs/ ISAEs;
– a summary of the audit procedures performed;
– the practitioner’s conclusion expressed in the form that is appropriate to either a reasonable-assurance or a limited- assurance engagement;
– the assurance report date; and
– the name and location of the firm or the assurance
provider.