Years ago, white collar criminals broke into computer files for such old-fashioned reasons as greed and misappropriation of funds. In those days, controls were as simple as putting a lock on the computer room door. Today, hackers may bring down a web site just for the fun of it, and assessments of internal controls often require a unique combination of technological and cross-border expertise. These changing dynamics add a whole new dimension of risk to audits of financial statements, and it is precisely these risks that are addressed in a new practice statement issued by the International Federation of Accountants (IFAC).
IFAC's statement on "Electronic Commerce – Effect on the Audit of Financial Statements" provides helpful guidance for audits of organizations that engage in commercial activity over a public network, such as the Internet. But the guidance also applies to business conducted over a private network.
- The level of skills and knowledge required to understand the effect of e-commerce on the audit. (The needed skills can vary significantly from one client to another depending on the extent of the entity's e-commerce involvement, its industry and its strategy.)
- The business, legal, regulatory and other risks faced by entities engaged in e-commerce activities. (These risks can get incredibly complicated, since there isn't any comprehensive legal framework for Internet e-commerce, and the laws vary around the world depending in part on factors such as a country's computer population, telecommunications structure and overall digital literacy.)
- The effect of electronic records on audit evidence. (Audits can get even further complicated by the facts that electronic records may be more easily destroyed or altered than paper records, and it may be considerably more difficult to determine whether or not e-records have been destroyed or altered.)
IFAC's new statement is available for $25 by calling 1-212-286-9344, and it is available for downloading through the online bookstore.