（2004）Information Technology Auditing and Cybercommerce：A Risk Perspective.pdfVIP

Copyright © 2004 Information Systems Audit and Control Association. All rights reserved. . Information Technology Auditing and Cybercommerce: A Risk Perspective By Jagdish Pathak, Ph.D. ybercommerce has taken many forms, and information online business has been subject to an evaluation by a qualified technology (IT) auditors find that they have to audit firm. The seal also provides assurance regarding the following: Cthem. The categories of e-commerce, including • Business practices and information privacy—The business business-to-business (B2B), business-to-customers (B2C) and must disclose how orders are processed and how returns and mobile commerce (m-commerce), make use of different core warranties are handled. The business must also disclose its technologies.1 However, the common factor remains policy on the maintenance of customer information (e.g., the unchanged from the auditors’ perspective, i.e., risk and its selling of mailing lists). potential to harm the integrity and accuracy of the data and • Transaction integrity—The business must report how decisions based on such data. transactions are validated and processed, as well as how the The purpose of this article is to identify the risks and show billing process is controlled. Disclosures of billing and their impact on the assurance of the information system of any settlement terms are also required. organization. • Information protection