Index Document Electronic Invoicement
Upcoming SlideShare
Loading in...5
×
 

Index Document Electronic Invoicement

on

  • 882 views

Index of the Document Recommendations for businesses for the implementation or auditing of electronic invoicing processes

Index of the Document Recommendations for businesses for the implementation or auditing of electronic invoicing processes

Statistics

Views

Total Views
882
Views on SlideShare
879
Embed Views
3

Actions

Likes
0
Downloads
1
Comments
0

3 Embeds 3

http://www.yourlegalconsultants.com 1
http://static.slidesharecdn.com 1
http://www.docseek.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Index Document Electronic Invoicement Index Document Electronic Invoicement Presentation Transcript

  • www.yourlegalconsultants.com [email_address] Internet:Electronic invoicement/ Downloadable documents A SAMPLE OF THE CONTENTS PRIOR TO ITS ACQUISITION
  • ELECTRONIC INVOICEMENT DOCUMENT: Recommendations for businesses for the implementation or auditing of electronic invoicing processes Available documents in the area of document acquisition www.yourlegalconsultants.com [email_address]
  • 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES
    • INDEX OF THE DOCUMENT
    • GUIDELINES FOR AUDITING AND IMPLEMENTING E-INVOICING SYSTEMS
    • INTRODUCTION
    • SCOPE OF APPLICATION
    • IDENTIFICATION OF ASSETS IN A STANDARD INVOICING PROCESS
    • 2.1. Organisation and role of the CDO in the Invoice Department
    • ORGANISATIONAL ENVIRONMENT FOR SECURITY (EXAMPLE OF A DEFINITION OF A SECURITY POLICY)
    • 3.1. Organisation for security
    • 3.1.1. There should be a security policy
    • 3.1.2. The security policy should be approved by the Management
    • 3.1.3. The security policy should be supported by the Management
    • 3.1.4. The correct use of each system should be specified and duly documented
    • 3.1.5. Written procedures should be produced for all operational security processes (administrators, operators and users)
    • 3.1.6. There should be a security board to centralise decisions regarding the security of installations and systems
    • 3.1.7. All of the system's assets should be inventoried
    • 3.1.8. All issues should be taken into account
    • 3.1.9. A catalogue of metrics should be established to ascertain the security status
    •  
    • .
    www.yourlegalconsultants.com [email_address]
  • 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES 3.2. Access control 3.2.1. No access should be granted without prior identification of the person concerned 3.2.3. Access to systems 3.2.4. Access to data or logical access to information 3.3. Identification - Authentication 3.3.1. Physical in terms of the facility 3.3.2. Logical concerning identification and subsequent logical access to systems 3.3.3. Identification on line. With reference to the network 3.4. Registration 3.4.1. Physical registration of the facility 3.4.2. Registration of logical access to the systems 3.5. Audit 3.5.1. Physical security audit of the facility 3.5.2. Logical systems security audit www.yourlegalconsultants.com [email_address]
  • 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES 3.6. Confidentiality 3.6.1. Personal information should be identified 3.6.2. A system should be set up to classify information 3.6.3. Confidentiality for physical installations that host sensitive information (if applicable) 3.6.4. Logical confidentiality of information 3.7. Integrity 3.7.1. Physical integrity of installations and equipment 3.7.2. Logical integrity of systems and information 3.8. Availability 3.8.1. Physical availability of installations and equipment 3.8.2. Logical availability of systems and applications 3.9. Data interchange / communications 3.9.1. Physical interchanges 3.9.2. Logical interchanges 3.9.3. Data interchange or Access to information 3.10. Legal compliance 3.10.1. Installations 3.10.2. Systems and information www.yourlegalconsultants.com [email_address]
  • 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES 3.11. Personnel 3.11.1. Personnel should be selected in consideration of the security requirements of the job 3.11.2. Personnel should be recruited in consideration of the security requirements of the job 3.11.3. Personnel should be informed of the responsibilities expected of them in their job 3.11.4. Personnel should be trained in consideration of the security requirements of the job www.yourlegalconsultants.com [email_address]
  • 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES
    • ANALYSIS OF THE RISKS TO BE TAKEN INTO ACCOUNT IN E-INVOICING PROCESSES FROM THE POINT OF VIEW OF THE PROVIDER AND FROM THE POINT OF VIEW OF THE CUSTOMER
    • 4.1. General Processes
    • 4.1.1. General risk in Information Systems
    • 4.1.2. Risk in third-party invoicing service provider
    • 4.1.3. Audit risk due to lack of current documentation on general processes and procedure s
    www.yourlegalconsultants.com [email_address]
  • 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES 4.2. Process for carriage and logistic distribution of the dispatch. 4.2.1. Risk of using an e-invoicing system devoid of any clear, transparent identification 4.2.2. Risk of sending out e-invoices without prior acceptance on the part of the customer 4.2.3. Risk deriving from trading partners involved in the carriage of goods or services having access to the e-invoicing system without any prior agreement between the parties. 4.2.4. Risk of access to the electronic invoicing system on the part of the carrier without providing those responsible with any sort of preliminary training in the use of key functions of the invoice system. 4.2.5. Risk of incompatibility of the electronic invoicing systems, creating vulnerabilities in security throughout the process of exchanging information. 4.2.6. Risk of providing access to the electronic invoicing system without positive testing of the communication based on criteria that have been agreed upon previously by the parties concerned. 4.2.7. Risk of providing access to the electronic invoicing system without positive testing of the communication based on criteria that have been agreed upon previously by the parties concerned. 4.2.8. Risk of issuing electronic invoices in EDI format without the prior consent of the customer. 4.2.9. Risk deriving from suppliers using different structures in EDI format www.yourlegalconsultants.com [email_address]
  • 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES   4.3. Chain of custody and storage of electronic invoices and their auditing. 4.3.1. Risk of checking the validity of the certificate at the time of signature or when the receipt is issued for the electronic invoice. 4.3.2. Risk deriving from the impossibility of verifying the integrity of the electronic invoice 4.3.3. Risk deriving from not keeping the electronic invoices in the period set by the legislation in force 4.3.4. Risk of non-availability of the electronic invoices for a reasonable length of time. 4.3.5. Risk of amending the invoices within the retention period. 4.3.6. Risk that the information stored is not in a human-readable format as a result of computer processing. 4.3.7. Risk that the information contained in the electronic invoice might not be entirely accurate due to the continued existence of erroneous calculations, master data and encryption tables in the invoice application. 4.3.8. Risk of not retaining audit trails 4.4. Reception process to be followed with respect to the carriage of goods or services 4.4.1. Risk of very little control in transactions and storage of electronic invoices and delivery notes, preventing access by the competent authorities. 4.4.2. Risk of non-receipt or access to the original electronic invoice on the part of the customer. 4.5. Generic process for the carriage of data or messaging. 4.5.1. Risk of alteration or change in the data contained in the invoice or e-invoice during transmission. www.yourlegalconsultants.com [email_address]
  • Thank you for your interest [email_address] For personal queries, please contact: www.yourlegalconsultants.com [email_address]