The electronic frontier.Before jumping into WebTrust, CPAs should understand not only the problems with consumer online commerce that give rise to programs such as WebTrust, but also the Web logo services from non-CPA competitors. Although electronic commerce offers CPAs a chance to build on their experience, reputation and training, they need to understand some background before they proceed. No one article, or even one book, can explain everything CPAs. need to know about online commerce, but this article explores several key areas in the current e-commerce landscape. LEARN TO TRUST Although the estimates vary widely from different research organizations, Forrester Research Forrester Research is an independent technology and market research company that provides its clients with advice about technology's impact on business and consumers. Corporate facts
prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the AICPA AICPA See American Institute of Certified Public Accountants (AICPA). special committee on assurance services Assurance services have been defined by the American Institute of Certified Public Accountants (AICPA) as 'Independent Professional Services that improve information quality or its context'. , the e-commerce assurance market for CPAs could grow to between $2 billion and $11 billion annually over the next few years (www.aicpa.org/assurance/index.htm). Although e-commerce is exploding, both buyers and sellers voice concerns about conducting business on the Internet. Many customers and business owners still distrust the process of e-commerce. They also may have a number of concerns about their potential trading partners--trading partners that they may never have dealt with previously or even communicated with other than by the Web or e-mail. Indeed, research published earlier this year by CommerceNet (www.commerce.net), a not-for-profit industry association that promotes e-commerce, confirms that a lack of trust is one of the top issues identified by market participants The term market participant is used in United States constitutional law to describe a U.S. State which is acting as a producer or supplier of a marketable good or service. When a state is acting in such a role, it may permissibly discriminate against non-residents. as preventing e-commerce from growing as fast as it otherwise could. While e-commerce is increasing, trust concerns, too, have actually risen over the last year, suggesting that this problem will not decline merely as people become more familiar with doing business on the Internet. Customers are wary because many questions remain unanswered about online stores, such as the following: * Is this a real company? (The authentication (1) Verifying the integrity of a transmitted message. See message integrity, e-mail authentication and MAC. (2) Verifying the identity of a user logging into a network. problem.) * Is this a trustworthy company? (The reputation problem.) * If I send credit card or bank information, is it safe? (The payment problem.) * If I provide information to a company on its Web site, where will the information end up? (The privacy problem.) * If I place an order, will I receive what I asked for? * Will I receive delivery when promised? * Will any problems I have be resolved quickly? * Is the money-back guarantee honored? * How soon will I get credit for returned items? * How quickly will the company perform service on warranty items? * Will the company be able to send me necessary replacement parts quickly? CPAs, by virtue of education and experience, are in an excellent position to provide assurance to consumers on these questions and thus remove some of the obstacles hindering hin·der 1 v. hin·dered, hin·der·ing, hin·ders v.tr. 1. To be or get in the way of. 2. To obstruct or delay the progress of. v.intr. further growth of Internet commerce. LOGO ASSURANCE SERVICES WebTrust is not the first attempt at answering these questions. In the past few years, logo services or logo programs have been used to build trust between e-commerce trading partners. Essentially, if a seller fulfills a set of criteria specified by an assurance provider, it can place the providers logo on its Web site. The logo offers reassurance REASSURANCE. When an insurer is desirous of lessening his liability, he may procure some other insurer to insure him from loss, for the insurance he has made this is called reassurance. to concerned buyers that the seller meets the standards established by a trusted third party In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; they use this trust to secure their own interactions. TTPs are common in cryptographic protocols, for example, a certificate authority (CA). Typically, the logo itself is tamper-resistant and is linked to the assurance provider's site, where the user can go to find out more detailed information about the meaning and scope of the logo service. CPA (Computer Press Association, Landing, NJ) An earlier membership organization founded in 1983 that promoted excellence in computer journalism. Its annual awards honored outstanding examples in print, broadcast and electronic media. The CPA disbanded in 2000. WebTrust is one of several logo services. Such services are becoming increasingly common. Some services address fairly narrow issues. For example, in response to widespread public concern about the security of credit card information on the Internet, MasterCard and Visa collaborated on a joint venture called Secure Electronic Transactions Secure Electronic Transaction (SET) is a standard protocol for securing credit card transactions over insecure networks, specifically, the Internet. SET is not itself a payment system, but rather a set of security protocols and formats that enables users to employ the existing (SET). Electronic vendors that meet SET standards for sending credit card information over the Internet can display the logo shown at right. (See www.visa.com for more on SET.) In a similar vein, the network authentication and digital certificate company VeriSign Inc. (www.verisign.com) introduced the VeriSign Authentic Site logo (above) to assure users that a Web site is capable of transmitting and receiving secure (encrypted en·crypt tr.v. en·crypt·ed, en·crypt·ing, en·crypts 1. To put into code or cipher. 2. Computer Science ) information and that the site and company are real. While the SET and VeriSign logo services address highly specific issues of trust-building, CPA WebTrust addresses a much wider set of issues. The WebTrust logo (see page 38) assures that the seller has met the established WebTrust criteria, which have three major sections: business practices, transaction integrity and information protection. (A one-day seminar for CPAs on WebTrust explains these criteria in detail. For more on CPA WebTrust, see the sidebar (1) A Windows Vista desktop panel that holds mini applications (gadgets) such as a calendar, calculator, stock ticker and Vonage phone dialer. It is the Windows counterpart to the Dashboard in the Mac. See Windows Vista and gadget. on page 38 and "In CPAs We Trust," JofA, Dec.97, page 62.) The CPA's goal is to determine whether a seller meets the WebTrust criteria and can use the WebTrust logo, thereby providing valuable information to buyers while helping sellers gain a competitive edge in an increasingly crowded marketplace. Potential rivals to CPA WebTrust include * The Better Business Bureau's BBBOnLine program, which grants a logo to a seller that has satisfied seven criteria or standards (see exhibit 1, page 32). BBBOnLine addresses the authentication problem: Buyers click on the BBBOnLine logo to go to the BBBOnLine Web site, which verifies that the company's site is legitimately displaying the logo. Exhibit 1: BBBOnline Criteria (1) Become a member of the appropriate local Better Business Bureau. (2) Provide the BBB BBB A medium grade assigned to a debt obligation by a rating agency to indicate an adequate ability to pay interest and repay principal. However, adverse developments are more likely to impair this ability than would be the case for bonds rated A and above. with information regarding company ownership and management and the street address and telephone number at which the company does business, which will be verified by the BBB in a visit to the company's physical premises. (3) Be in business a minimum of one year (with limited exceptions). (4) Have a satisfactory complaint-handling record with the BBB. (5) Agree to participate in the BBB's advertising self-regulation program, and correct or withdraw online advertising when challenged by the BBB and found not to be substantiated or not in compliance with our children's advertising guidelines guidelines, n.pl a set of standards, criteria, or specifications to be used or followed in the performance of certain tasks. . (6) Respond promptly to all consumer complaints. (7) Agree to binding arbitration, at the consumer's request, for unresolved Not completed; not finished; not linked together. See resolve. disputes involving consumer products or services advertised or promoted online. * TRUSTe, which primarily addresses Internet privacy Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. issues. Sellers can potentially extract information from buyers without their knowledge or permission and sell it to other companies. For example, a travel site may use information from so-called cookie files A file that contains cookies. Internet Explorer saves cookies in separate files in the Cookies folder. Netscape and Firefox save cookies in a COOKIES.TXT file within a Profile folder. See cookie and COOKIES.TXT. on a traveler's computer to build a profile of the traveler. Each time the user visits the travel site more information is added to the profile. Alternatively, businesses often share information from forms that buyers complete online. The TRUSTe logo (see exhibit 2, at right) essentially indicates that the seller has stated how the buyer's information will be used (for example, it will be used only for internal activities, it will be sold to third parties or some variation between these two policies) and the seller will abide by the stated policy. To subsequently test a seller's adherence adherence /ad·her·ence/ (ad-her´ens) the act or condition of sticking to something. immune adherence to its pledge, the TRUSTe organization seeds the seller's database with a phony user name. If that name later appears in another seller's databases, TRUSTe knows the first seller has violated vi·o·late tr.v. vi·o·lat·ed, vi·o·lat·ing, vi·o·lates 1. To break or disregard (a law or promise, for example). 2. To assault (a person) sexually. 3. its pledge. The first seller could then lose its right to display the logo. Sellers also agree to a possible surprise audit by Coopers & Lybrand or KPMG KPMG Klynveld Peat Marwick Goerdeler (accounting firm) KPMG Kaiser Permanente Medical Group KPMG Keiner Prüft Mehr Genau (German) KPMG Kommen Prüfen Meckern Gehen Peat Marwick. By clicking on the TRUSTe logo, consumers can determine whether the logo is legitimate. Exhibit 2: TRUSTe Logos and Meanings (1) Information Disclosure * The site must explain and summarize sum·ma·rize intr. & tr.v. sum·ma·rized, sum·ma·riz·ing, sum·ma·riz·es To make a summary or make a summary of. sum its general information gathering practices. * The site must explain up from what personally identifiable data are being gathered, what the information is used for and with whom the information is being shared. * The site must disclose whether users may opt out of having their information used by the site or third parties, whether they may delete To remove an item of data from a file or to remove a file from the disk. See file wipe, trash and undelete. 1. (operating system) delete - (Or "erase") To make a file inaccessible. or deactivate de·ac·ti·vate tr.v. de·ac·ti·vat·ed, de·ac·ti·vat·ing, de·ac·ti·vates 1. To render inactive or ineffective. 2. To inhibit, block, or disrupt the action of (an enzyme or other biological agent). 3. themselves from the site's database and whether they may update or change their information once it is disclosed. (2) The site must display on its home page the trustmark that discloses the site's overall privacy policy. (3) Communication Monitoring. The site may not monitor personal communications to third parties such as e-mail or instant messages, except to the extent required by law, or as necessary in the process of maintaining the site. (4) The site must adhere to adhere to verb 1. follow, keep, maintain, respect, observe, be true, fulfil, obey, heed, keep to, abide by, be loyal, mind, be constant, be faithful 2. its stated privacy policies. (5) The site must adhere to its stated privacy policies, even after the site discontinues the TRUSTe program unless consent is obtained directly from the user. (6) The site agrees to cooperative with all TRUSTe reviews and audits. * The International Computer Security Association (ICSA See TruSecure. ), formally the National Computer Security Association (NCSA (1) (National Center for Supercomputing Applications, Urbana-Champaign, IL, www.ncsa.uiuc.edu) A high-performance computing facility located at the University of Illinois at Urbana-Champaign. ), is an independent organization that primarily concentrates on security issues. ICSA offers a Web Certification Program that, unlike BBBOnLine and TRUSTe, focuses on the technology side of e-commerce (www.ncsa.com/services/certification/wcfg.htm). The certification process includes a combination of self-reporting, on-site evaluation, remote testing and spot-checking. Those Web sites meeting the ICSA criteria can display the logo shown below. WebTrust differs from these other logo services in important ways. First, the WebTrust criteria include a broad variety of e-commerce criteria, well beyond those addressed by BBBOnLine or TRUSTe. Although ICSA goes deeper into technology criteria, in addition to some technology criteria, WebTrust addresses business practices and internal control criteria. For example, WebTrust requires numerous performance disclosures on the Web site such as delivery times, how returns are handled and a phone number for customer services. The WebTrust criteria include specific technology and internal control disclosures relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc processing orders and protecting customer information. In addition to its broad coverage, probably the most significant difference is that CPAs fully pretest--under well-established attestation The act of attending the execution of a document and bearing witness to its authenticity, by signing one's name to it to affirm that it is genuine. The certification by a custodian of records that a copy of an original document is a true copy that is demonstrated by his or her standards--all the seller's assertions regarding the WebTrust criteria before issuing the logo. BBBOnLine and TRUSTe, in particular, primarily rely on self-reporting and some after-the-fact testing. Finally, recognizing the rapidly changing Internet and e-commerce environments, WebTrust requires that sellers be recertified at least every 90 days. Thus, although CPA WebTrust faces some competition as an assurance service, it has important advantages that should render it attractive to e-commerce participants. MARKET NICHES FOR ASSURANCE SERVICES Looking beyond the specifics of consumer e-commerce, where will the potential markets for logo assurance services come from? Exhibit 3, below, illustrates the different types of buyers and sellers involved in e-commerce. The combinations create different market segments with different needs and characteristics; knowing these characteristics can help a CPA determine the appropriate points to stress in marketing WebTrust to these different market segments. Table 3: Types of E-commerce Transactions Types of E-commerce Sellers Types of Buyers New, Web Specific Traditional Established Consumers Cell I Cell III Businesses Cell II Cell IV The seller may be a new enterprise that exists only on the Web, such as Amazon.com (www.amazon.com), or an established company opening an electronic store, such as Barnes & Noble. Buyers may be individuals or organizations. Individuals are generally more spontaneous. Business buyers are likely to be more analytical and systematic in their purchasing decisions. Business buyers usually work with signed contracts, purchase orders and a bidding process. They also have access to third-party sources of information, such as Dun & Bradstreet, that retail consumers generally don't consult. Perhaps the most obvious market for logo assurance services is in cell I. Unlike traditional businesses, new, Web-based sellers do not have established reputations. Retail consumers might be reluctant to enter into e-commerce transactions with sellers they're unfamiliar with. Individual consumers are generally less likely to locate formal third-party information. Consequently, a third-party assurance logo located on the Web site is a powerful marketing tool for e-commerce sellers, since it may be the only third-party assurance the consumer sees. It is no surprise, then, that WebTrust, BBBOnLine and TRUSTe all seem to be aimed at this market segment. The other market segments, however, also provide significant opportunities for those offering logo assurance services. Traditional companies (cells III and IV) that are regional, or are established only in specific market niches and are now expanding nationally or even internationally via e-commerce, will benefit from WebTrust. The logo will help them get a jump-start in markets where they have not yet established reputations. Even though retail e-commerce receives the most coverage in the popular press, the dollar value of business-to-business e-commerce transactions--manufacturing, wholesale trade and services--is significantly larger and the difference is growing. As with other estimates of e-commerce activities, the estimated sizes of these two market segments vary widely. However, Forrester Research estimated that the business-to-business market will grow to be eight times larger than that of retail e-commerce by the year 2000. While business buyers do have access to a broader range of third-party information, it can be expensive to search this information and apply it to particular potential sellers. Assurance logos provide an efficient and cost-effective way to screen potential sellers. Business buyers can then perform more detailed evaluations only on sellers that made it through the first logo-based screening process. This two-step approach will be more important as businesses make general "calls for bids" on the Web rather than the business-as-usual scenario of seeking bids from a small number of established suppliers. Just as some companies and government agencies now require their suppliers to be ISO (1) See ISO speed. (2) (International Organization for Standardization, Geneva, Switzerland, www.iso.ch) An organization that sets international standards, founded in 1946. The U.S. member body is ANSI. 9000-compliant, they also may require that they display the WebTrust logo. (It should be noted that currently WebTrust is only a business-to-consumer logo service. The AICPA electronic commerce assurance services task force is developing a business-to-business version of WebTrust.) CPAs should start recommending the WebTrust logo to clients and employers now and not wait for market pressures to force them to do so later. Businesses displaying the WebTrust logo will have a competitive advantage. WebTrust's ultimate success depends on how well the profession, and its clients, market the logo. POTENTIAL PITFALLS Entering the assurance arena does carry some risks. Retail consumers, unfamiliar with a CPA's attestation services Noun 1. attestation service - a consulting service in which a CPA expresses a conclusion about the reliability of a written statement that is the responsibility of someone else attestation report , may not understand the limitations of WebTrust. For example, a consumer may believe a CPA firm that performed a WebTrust engagement endorses the seller's products. A disappointed customer may sue the firm. Business buyers generally have a better understanding of attestation engagements, but litigation An action brought in court to enforce a particular right. The act or process of bringing a lawsuit in and of itself; a judicial contest; any dispute. When a person begins a civil lawsuit, the person enters into a process called litigation. risks exist with those customers, too. CPAs should carefully screen their prospective clients, particularly those in the retail e-commerce marketplace. ("Financial Reporting and Risk Management in the 21st Century," an article cowritten by AICPA General Counsel Richard Miller Richard Miller may be:
NEW HORIZONS WebTrust is not the only e-commerce service or assurance service that CPAs could provide. Based on our own experience plus discussions with practitioners, anecdotal evidence anecdotal evidence, n information obtained from personal accounts, examples, and observations. Usually not considered scientifically valid but may indicate areas for further investigation and research. seems to indicate that most clients will not be ready for their first WebTrust examinations. For example, the appropriate internal controls may not be in place. Thus, CPAs may have significant opportunities in helping clients prepare for WebTrust examinations. The attestation standards The introduction to this article provides insufficient context for those unfamiliar with the subject matter. Please help [ improve the introduction] to meet Wikipedia's layout standards. You can discuss the issue on the talk page. do allow CPAs to provide advice to clients--even help prepare assertions--as long as management takes responsibility for the final decisions and assertions. From a functional point of view, companies are justifiably jus·ti·fi·a·ble adj. Having sufficient grounds for justification; possible to justify: justifiable resentment. jus concerned about the new and modified internal controls needed to support e-commerce. For example, the fact that outsiders now have access to their online systems is justifiably a matter of considerable concern. Traditional businesses often have to integrate their new e-commerce systems with their existing sales, inventory and accounting systems. WebTrust criteria do address internal controls but primarily from a narrow focus of protecting customer information and order entry accuracy. However, these are just a small part of the many internal control issues associated with c-commerce. Supplying more in-depth internal control assurance services could provide many new opportunities for CPAs. Also, sellers may have concerns about buyers. Sellers want some form of nonrepudiation, meaning a buyer cannot deny sending an order request. Sellers may eventually require buyers--especially business buyers making very large purchases--to have some form of assured authentication controls in place, suggesting that another realm of opportunities for CPAs to sell assurance services may be forthcoming. ACTION PLAN WebTrust and other assurance services described in this article build on existing CPA skills. Although CPAs do not need to be technological experts, they do need to understand e-commerce to help determine how to apply their existing skills to this new domain. (For profiles of practitioners performing WebTrust engagements, see "WebTrust Rolls On," JofA, Feb. 98, page 98, and "WebTrust Isn't just for Stores," JofA, Apr. 98, page 81.) The following is a broad action plan to help CPAs move into e-commerce. Obtain an overview. A number of books and articles provide information about e-commerce concepts, terminology and technology without becoming bogged down in technical details: * The CPA's Guide to Web Commerce, by John Graves and Jacqueline justice (AICPA). * Frontiers of Electronic Commerce, by Ravi Kalakota and Andrew B. Whinston Andrew B. Whinston is an American economist and computer scientist. He is the Hugh Roy Cullen Centennial Chair in Business Administration, Professor of Information Systems, Computer Science and Economics, and Director of the Center for Research in E-Commerce (CREC) in the McCombs (Addison-Wesley). * Understanding Electronic Commerce, by David Kosiur (Microsoft Press Microsoft Press is the publishing arm of Microsoft, usually releasing books dealing with various current Microsoft technologies. Microsoft Press' first introduced books were The Apple Macintosh Book by Cary Lu and Exploring the IBM PC ). Several magazines such as Electronic Commerce World and Internet Computing computing - computer also are available. Key Web sites include CommerceNet (www.commerce.net) and Emmerce (www.computerworld.com/emmerce/) and the Institute's dedicated WebTrust site (www.cpawebtrust.org). Learn about logo services. Visit BBBOnline (www.bbb online.org), TRUSTe (www.etrust.org) and ICSA (www.ncsa.com) sites to learn more about them and understand how they differ from WebTrust. Visit the AICPA site (www.aicpa.org/webtrust/index.htm) to read and download detailed information about WebTrust. Tailor CPA services. After a CPA talks to a prospective client, he or she should look at exhibit 3 to properly classify clas·si·fy tr.v. clas·si·fied, clas·si·fy·ing, clas·si·fies 1. To arrange or organize according to class or category. 2. To designate (a document, for example) as confidential, secret, or top secret. the entity. The CPA can then customize the assurance services. A frontier is a wild and unpredictable place. The online business community will likely wrestle with a number of solutions to e-commerce problems before reaching satisfactory answers. But strip away the technology issues and e-commerce isn't really all that new: Consumers want assurance on online purchases the same way that they want assurance on traditional financial statements. CPAs who understand the online problems will find many solutions from their years of audit experience. The combination is hard to beat. RELATED ARTICLE: EXECUTIVE SUMMARY * CPAs THINKING ABOUT GETTING INTO WebTrust should be well informed about the problems of e-commerce and WebTrust competitors. * TRUST IS THE KEY ISSUE. Customers wonder whether they can trust a company and whether sensitive information will be kept private. * A NEW SERVICE FROM THE AICPA WebTrust is not the only logo service available. Other logo services include BBBOnline, TRUSTe, and ICSA. * WEBTRUST IS UNIQUE BECAUSE it includes broader criteria, requires testing before the seal is added, requires frequent re-examination and is tied in with traditional attestation services. * A COMPANY'S NEED FOR online assurance will vary, based on how well it is know in the marketplace and who its customers are. RELATED ARTICLE: CASE STUDY Dollars, Marks and Beer Money makes the world go around, as the song goes, and today the Internet makes money go around the world. Sonnet sonnet, poem of 14 lines, usually in iambic pentameter, restricted to a definite rhyme scheme. There are two prominent types: the Italian, or Petrarchan, sonnet, composed of an octave and a sestet (rhyming abbaabba cdecde Financial has gone into the business of selling money over the Web--all over the world--quickly, cheaply and securely. If you have to purchase $100,000 in supplies in Paris tomorrow, Sonnet will convert the dollars to francs. All you need is a modem. Sonnet, founded in 1992 to provide discount currency exchanges for companies, introduced a new product this year called FXWeb (wwws.onnetfinancial.com). No new software is necessary. Once you sign up with Sonnet, you can enter a password-protected page and set up one or more source accounts--such as your company's bank account in New York--and destination accounts--such as a parts supplier in Tokyo or your company's branch office in Oslo. You type in the amount and the type of currency and hit "OK." You're done. FXWeb follows up with an online confirmation and organizes all your transactions into a report you can download into a general ledger General Ledger A company's accounting records. This formal ledger contains all the financial accounts and statements of a business. Notes: The ledger uses two columns: one records debits, the other has offsetting credits. or spreadsheet program. Sonnet is not a credit company--its clients must send the actual transaction funds the same day--and it does not speculate in the currency markets. Its business is organizing the transactions and it makes its money entirely from fees it charges its customers. "Think of us as the air traffic controllers of currency exchange," said Sonnet Senior Vice-President Daniel A. Carmel. Hassle-free environment The Internet gives Sonnet and its small to midsize business clients several advantages over banks. The first is cost: Sonnet's online system can easily gather all the dollar-to-yen transactions, for example, and combine them in one transaction. This gives smaller companies the same favorable fa·vor·a·ble adj. 1. Advantageous; helpful: favorable winds. 2. Encouraging; propitious: a favorable diagnosis. 3. transaction rates as the world's largest corporations. Companies don't have to worry if their banks can't handle certain international transactions or waste time shopping around for a better rate: Sonnet works with 25 U.S. banks to negotiate the best rate for a given transaction. Customers don't have to keep banker's hours. "We have a client who buys beer wholesale in Germany for export to Canada," said Carmel. "At the end of the day, he plugs his laptop Same as laptop computer. laptop - portable computer into a jack in his hotel room and posts all his transfers." Sonnet performs the transfers three times a day and charges fixed fees ranging from $40 to $150, depending on the size of the transaction. Security Sonnet relies on a VeriSign digital certificate to ensure security of transactions. (VeriSign is the security arm of CPA WebTrust. See the sidebar on page 38 and www.verisign.com for details.) Currently, it uses 40-bit encryption The reversible transformation of data from the original (the plaintext) to a difficult-to-interpret format (the ciphertext) as a mechanism for protecting its confidentiality, integrity and sometimes its authenticity. Encryption uses an encryption algorithm and one or more encryption keys. technology, although it expects to go to the even more secure 128-bit technology in the near future. (Each bit doubles the encoding See encode. power.) Sopnet's site allows customers to set up a double log-in process so no one person in the company can make a transaction solely on his or her own authority. A CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. or CFO See Chief Financial Officer. , for example, can have a high-level supervisory log-in password to administer other employees' authority. "If someone quits--or is fired--it takes just minutes to cancel that employee's log-in authority," said Carmel. For the small business people who want their piece of the global market, the Internet is simplifying the business of doing business. RELATED ARTICLE: WebTrust: A New Approach to E-Commerce The movie Casablanca revolves around stolen "letters of transit," which allow the bearer One who is the holder or possessor of an instrument that is negotiable—for example, a check, a draft, or a note—and upon which a specific payee is not designated. to cross borders. People with the proper papers can escape to the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. ; those without them get shot. A half-century later, with European borders coming down, these issues may appear to belong to the past. But the Internet has revived re·vive v. re·vived, re·viv·ing, re·vives v.tr. 1. To bring back to life or consciousness; resuscitate. 2. To impart new health, vigor, or spirit to. 3. the need for letters of transit. Since 1995, VeriSign has provided digital certificates, the Internet equivalent of a passport. Such online "papers" can authenticate (1) To verify (guarantee) the identity of a person or company. To ensure that the individual or organization is really who it says it is. See authentication and digital certificate. (2) To verify (guarantee) that data has not been altered. the identity of a given company, verify an e-mail message has not been corrupted and ensure privacy. Last year, VeriSign certificates became a key part of the AICPA's first new assurance service, CPA WebTrust. Provided exclusively by CPAs (and chartered accountants char·tered accountant n. Chiefly British Abbr. CA A member of one of the institutes of accountants granted a royal charter. in Canada), the WebTrust logo service merges the traditional attestation engagement with new technology. For example, to earn the WebTrust logo a company must disclose and follow its business practices for online transactions and maintain effective controls to ensure proper fulfillment ful·fill also ful·fil tr.v. ful·filled, ful·fill·ing, ful·fills also ful·fils 1. To bring into actuality; effect: fulfilled their promises. 2. and billing of orders. The CPA also has to confirm that the company has a physical location. The VeriSign certificate is the security portion of the engagement: Consumers click on the logo to call up a certificate. They can view online WebTrust papers issued by a CPA and proceed to VeriSign's site, which maintains a secured list of all Web Trust companies as well as a digital certificate online. The technologically curious should feel free to go to VeriSign's site to read the company's lengthy technical descriptions of the different kinds of certificates and what they do. For everyone else, it's enough to note that WebTrust, like every financial statement audit, has a CPA behind it. Everett C. Johnson, Deloitte & Touche partner and chairman of the Institute's electronic task force, summarized the importance of WebTrust: It provides assurance on privacy and security along with assurance on sound business, something CPAs have been doing for over a century. GLEN L. GRAY, CPA, PhD, is a professor of accounting and MIS at the College of Business Administration and Economics, California State University, Northridge CSUN offers a variety of programs leading to bachelor's degrees in 61 fields and master's degrees in 42 fields. The university has over 150,000 alumni. It's also home to a summer musical theater/theater program known as TADW (TeenAge Drama Workshop) that leads teenagers through an . He (with Karl Nagel, CPA) is currently writing the Guide to Electronic Commerce Assurance Services for Harcourt Brace Professional Publishing. (URL URL in full Uniform Resource Locator Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. : www.csun.edu/~vcact00f/; e-mail: glen.gray@csun.edu.) ROGER S. DEBRECENY, FCPA FCPA Foreign Corrupt Practices Act FCPA Fairfax County Park Authority (Virginia) FCPA Fujitsu Computer Products of America FCPA Fair Campaign Practices Act FCPA Fellow of CPA Australia FCPA Florida Concrete & Products Association , is professor of accounting in the Nanyang Business School at Nanyang Technological University Nanyang Technological University (Abbreviation: NTU) is a major research university in Singapore. The University's garden campus, known as the Yunnan Garden campus is in the southwestern part of Singapore. , Singapore. (URL: www.ntu.edu.sg/home/adebreceny/; e-mail: rogerd@netbox.com) |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion