e-commerce fastest growing trade need to manage their risks, educational purpose study especially for Risk Management business students... I recommend for ICMAP students
2. E-commerce
‘ e-tail, e-trade, e-retail, online buying selling,
e-commerce, online shopping what ever term
it take, its there; and growing from luxurious
to FMCGs and from raw material of
companies to grocery, vegetables, from autos
to books.
4. ‘e-commerce definition
The use of electronic transmission to engage
in the exchange, including buying and selling,
of products and services requiring
transportation, either physically or digitally,
from location to location.
when parts are shipped, supplier electronically
transmits invoice to manufacturer.
because it reduces data entry, mailing costs and
time to complete transactions.
5. E-commerce opportunities
powerful tool in the
economic growth of
developing countries
E-commerce promises better
business for SMEs
sustainable economic
development
Requires strong political will
and good governance
Requires responsible and
supportive private sector
6. Risk
This paper discusses what types of risks are
present in e-commerce and presents a
methodology that can be used to control e-
commerce risks.
e-commerce-based risks are similar to those
encountered in other business environments
and that many of the requisite controls are
extensions of controls for managing
information systems risks.
7. Ecommerce categories
Business-to-business (B2B) e-commerce:
Companies buying from and selling to each other
online. EDI was the early form for undertaking
B2B e-commerce.
Business-to-consumer (B2C) e-commerce:
Any business or organisation that sells its products
or services to consumers over the Internet
B2B: audit client is transacting with small
group of other businesses (identity known,
authorisation).
B2C: audit client is transacting with the world
at large (identity unknown).
8. E-commerce risks include:
Risks arising from the nature of relationships
with e-commerce trading partners;
Risks related to the recording and processing
of e-commerce transactions;
Pervasive e-commerce security risks,
including privacy issues;
Fraud risks; and
Risks of systems failures or ‘crashes’.
10. Risk in revenue recognition
E-commerce companies are often based on
revenue multiples, revenue is the area
susceptible of misuse and fraud so subject to
constant scrutiny i.e. continuous Audit
Revenues Are Often More Complicated in e-
Commerce
Accounting issue is timing of revenue
recognition and presentation (gross vs net)
Timing of revenue
When orders received
When goods dispatched
When received by customer
When accepted by customer
When goods return option elapsed
11. Risk in revenue recognition
Most of companies accept payment via
credit/ debit card or cash on delivery and
delivery primary responsibility of company so
important to consider risk and rewards
transferred to customer at time of revenue
recognition
revenue presentation (gross vs net)
At value customers billed including all costs
of carriage, discount, insurance, agency
commission and return costs
12. Risk in revenue at gross
Typical e-Commerce firm had negative earnings
and P/E multiples
Companies that report at gross may inflate
market share proportions
Examples of Reporting at Gross
Priceline.com brokered airline tickets online and included
the full price of the ticket as Priceline.com revenues. This
greatly inflated revenues relative to traditional ticket
brokers and travel agents who only included commissions
as revenue.
eBay.com included the entire price of auctioned items into
its revenue even though it had no ownership or credit risk
for items auctioned online.
Land's End issued discount coupons (e.g., 20% off the
price), recorded sales at the full price, and then charged the
price discount to marketing expense.
13. Risk in revenue recognition
Goods delivered to customer have option of
return so revenue may be recognised when
return option elapsed
Credit risk
Price discretion and discrimination
Direct taxation; legal issues related to taxes on
revenues considered mainly responsibility of
source country and company using that source,
these issues not yet settled resolved case to case
basis
A note must be given in financial statement
regarding revenue recognition criteria
14. Risk in revenue recognition
Management
Recognise revenue when each performance
criteria satisfied
Point of time vs over the period
when control passes
Disclosure of revenue recognition criteria
Continuous process auditing
auditors review transactions at frequent intervals or as
they occur
intelligent control agents: heuristics(artificial
intelligence) that search electronic transactions for
anomalies
15. Ecommerce operational Risk
We have categorized risks in three primary areas:
Information risks stem from information published and contained
in web sites and associated with the conduct of e-commerce. risks
associated with misuse of information, such as violation of laws of
host country and other countries.
Technology risks include risks involving hardware, software,
telecommunications and databases. These risks include the
consequences resulting from the misuse of technology or the use
of inappropriate technologies required to address business needs.
Business risks concern customer and supplier relationships, and
risks associated with products and services marketed and
distributed over the Internet. They also include risks associated
with managerial aspects of the contractual relations.
17. Information Risk
Content on web page exposing web publisher to libel,
defamation of character, slander
Copyright infringement and invasion of privacy suits stemming
from posted textual content ,digital scanning and morphing
Copyright, patent, or trade secret infringement violations by
material used by web site developers
After unauthorized access to a web site, online information about
employees or customers is stolen, damaged or released without
authorization
Credit card information intercepted in transit is disclosed or used
for fraudulent purposes
Information that has been changed or inserted in transmission is
processed leading to erroneous results
Flight of intellectual property due to employees moving to
competitors
18. Technology Risk
Negligent errors or omissions in software design
Unauthorized access to a web site,
Infecting a web site with computer viruses
Internet service provider (ISP) server crashes
Software error and omission risks causing
unauthorized access
Software content risk that violates a copyright
Insufficient bandwidth to handle traffic
19. Technology Risk
Insufficient bandwidth to handle traffic
Obsolete hardware or hardware lacking the capacity
to process required traffic
Risk due to excessive ISP outages or poor
performance
ISP or home-company servers being down
Scant technical infrastructure to manage cycle time to
develop, present, and process web-based products
Inability of customer or supplier computers to handle
graphical downloads
20. Business Risk
Risks related to payment to web site developers and disputes
between developers and clients
Lack of maintenance on existing web pages
Changes in supplier relationships re: data access, data ownership,
distribution strategy, and marketing tactics
Changes in customer relationships re: data access, data ownership,
distribution strategy, and marketing tactics
Products out-of-stock due to poor communication with operations
High shipping costs required for distribution
Inconvenient return policies -- lack of coordination with physical
system
Excessive dependence on ISP to support firm's business strategy
Inability to manage cycle time for developing, presenting, and
processing web-based products
Risk due to unprotected domain names which are usued by other
organizations
Insufficient integration of e-commerce with supply chain channels
21. E-Commerce controls
Security infrastructure controls (firewalls,
encryption and other security controls);
Systems controls (controls over systems
development, systems monitoring); and
Programmed controls (e.g. to ensure
customer is authentic – payment authorised
with approved credit card, order is
reasonable, method of payment or credit-
worthiness have been established).