Module 7 Flashcards
Electronic business
Refers to any online transaction
E-commerce
Is part of e-business requires the digital transmission of accounting transaction information
Benefits of e-commerce for businesses (7)
- Can reach more geographically dispersed customer base
- Lower overheads
- Increased inventory range
- Easier and quicker to fulfil orders
- Better customer service
- Lower sales and marketing costs
- Would be at a disadvantage if didn’t have online presence
Benefits of e-commerce for consumers (6)
- Eletronic delivery of ebooks etc straight to device
- Increased information available
- Greater range of vendors and products
- Ability to browse and purchase 24/7
- Ability to locate more competitive prices/ delivery options
- Increased personalisation
Three key risks of e-commerce
- Financial
- Reputational
- Legal
General business risks (5)
- Venture is unsucessful
- Loss of competitive advantage
- Cash flow difficulties
- Risk of loss of intellectual property
- Reduction in customer satisfaction
Accounting policy/ issues associated with e-business (5)
- Whether the entity is the principle/ agent
- Treatment of introductory offers/ trade discounts
- Revenue cut off
- Sales and marketing barter transactions
- Purchasing integration (in systems)
Main control company can implement to ensure internet transactions and communications are secure is…
Well designed, implemented and maintained system
Specific risks of e-commerce acronym
DESCRIP
D >
Data theft and loss
Ways data can be lost (4)
- Hackers
- Interception
- Data corruption
- Loss during transmission
Controls to address data theft and loss (6)
- Firewalls
- Encryption
- Biometric devices
- Audit logs (locked after a certain number of attempts)
- Authentication (something you have, know or are)
- Challenge response (security question)
Firewall
System or group of systems that enforces access control policy between two networks
E >
Electronic contracts repudiation
Electronic contracts repudiation
To deny/ refuse to accept contract is legally binding when performed online
Controls to address electronic contracts repudiation
- Confirmations (proof of delivery + return receipts)
- Timestamps
- Digital signatures
S >
Server failure
Server failure
From unintentional operational problems or malicious attacks
Types of sever failure (3)
- Denial of service attacks (flood)
- Virus attacks
- Spyware
Controls to address server failure (4)
- Disaster recovery
- Virus scans
- Anti-spyware programs
- Anti-spam programs
C >
Compliance with tax and legal requirements
VAT jurisdiction
Where the supply of goods/ services takes place
Corporation tax
Based on where the location of the server is
Controls to address compliance with tax and legal requirements
- Organisation must be aware of law
- Staff training on applications of laws
- Engage expert advisors
- Ensure accounting policies in line with applicable legal frameworks
R >
Returns of goods sold electronically
Controls to address returns of goods (3)
- Effective inventory management system
- Discretionary returns policy
- Ensure pricing policies reflect additional cost of returns
I >
Impersonation
Impersonation can be
Customer or organisation
Methods of impersonation (2)
- Spam emails/ phishing
- False websites
Controls to address impersonation (2)
- Authentication and passwords
- Customer education
P >
Information privacy
Key information privacy directive
Data Protection Directive
Ramifications of breaches of information privacy legislation (5)
- Loss of customer goodwill
- Negative publicity
- Legal action
- Poor staff morale
- Financial loss
New EU guidance
General Data Protection Regulation (2016)
Key organisation in UK for data protection
Information Commissioner’s Office (ICO)
Controls for information privacy (4)
- Well designed system that stores data accurately and securely
- Audit logs
- Authentication controls
- Clear policies around data retention
GDPR applies to who
All organisations collecting and processing personal data
GDPR applies to what
All personal data (including IP addresses)
Key GDPR considerations (4)
- Fines for most serious offences
- Mandatory requirement to notify ICO within 72 hours of breach of personal data
- ‘Right to be forgotten’
- ‘Right to access’
