Add to collection(s) Add to saved
  1. Business
  2. Accounting
  3. Managerial Accounting

E-commerce for accounting professionals Part 3: Opportunity knocks

advertisement 
E-commerce for accounting
professionals Part 3: Opportunity
knocks
By ROBIN DAY, CGA
Opportunity knocks
E-business transformations
Risk management
Assurance services
New competencies
Summary
This document is the second in a three-part series on the subject of electronic commerce
(EC) and how it has changed the way businesses operate both in the online world and in
more traditional forums.
Part 3 looks at the opportunities EC has created for financial professionals and how CGAs
can benefit from those opportunities. It also looks at some of the new skills we will require
to meet the needs of our clients and employers in the future.
Opportunity knocks
The shift toward e-commerce and e-business has created many opportunities for
professional accountants. Ultimately, the exact ones that are right for you will depend on
whether your role is that of a public practitioner, a consultant, or a manager; however, there
are many different ways to get involved. Many of the roles described herein are equally
applicable to pure e-businesses, their bricks and clicks cousins, and everything in between.
The main thing to remember is that no matter what the role, the core rules for success in
business have not changed, so as a CGA your background in financial management is an
excellent starting point for any direction you may choose.
This discussion is primarily from the point of view of an outsider — a public practitioner,
or a consultant — but the same principles apply if you are working within an organization
in a management role.
E-business transformations
Taking an existing brick and mortar business and transforming it into an e-business can be
an interesting and challenging project. The key to success is not to implement technology
for the sake of technology, but to look at the business reasons for doing so and proceeding
only if it makes economic sense. It is important to remember that no matter how flexible
and “intelligent” software can appear, it is still no match for a qualified human being. A
variety of approaches to transformations have been developed, but virtually all involve the
same basic stages.
Goal setting
It is amazing how many organizations throw money at programmers and web designers
without really knowing what they want to do. Often, it happens in response to a sales pitch
from someone who “can put your company online, turning it into an e-business overnight.”
Before a single line of code is written, an organization needs to define all of the goals for the
transformation, beginning with the overall corporate goals and objectives. And, before being
added to the final list, each goal needs to be examined for strategic alignment and evaluated
in terms of whether it makes financial sense.
Goals also need to be evaluated in terms of the organization’s infrastructure. After all, what is
the point of cornering the world market for widgets if you cannot find a way to deliver them
to your customer?
IT infrastructure review
Many organizations without an internal IT staff rely on a technology infrastructure that is
tenuous at best. Networks that have been designed primarily for file and device sharing are
not always able to meet the needs of today’s web-based applications, and organizations
frequently need to make wholesale changes in order to do business electronically.
Small- to medium-sized organizations generally deal with this problem by outsourcing many
IT functions, such as web hosting and design, but it is virtually impossible to do business
electronically unless everyone in the organization has access to a reliable full-time connection
to the Internet.
Organizational readiness
Of course, the computer systems are not the only thing that may not be ready for e-business.
Most organizations should undertake a complete readiness assessment to ensure that they are
truly prepared to do business electronically. This includes looking at:
•
•
•
•
•
Customers
Personnel
Physical plant
Products
Policies
Each of these areas needs to be examined to determine what changes are required in order for
the goals to be met.
Design and development
After deciding what goals are to be pursued, and ensuring that they are indeed achievable, it is
time to begin designing the systems, procedures, and business rules that will be required. This
critical step can take months and must involve management and staff in order to be
successful. This helps to pave the way to having people buy into the new systems when they
are introduced. It also helps to ensure that the designers have a clear understanding of the
underlying business logic that needs to be built into them.
The new systems must be able to support existing business processes while still
accommodating new ones. In many cases, links to legacy systems are necessary since
organizations cannot afford to discard all of their existing technology. Even if they can, the
data stored in those legacy systems must be preserved and transferred to the new ones.
Content maintenance
It is important to remember that virtually no system is ever complete. There are always new
features that can be added and improvements that can be made in a system’s functionality.
This is especially true of projects involving a Web presence.
The task of adding and updating content on a corporate web site is a never-ending one. Many
organizations have found they need a full-time webmaster just to keep their corporate web
site up to date. For some, this revelation comes only after they spend thousands of dollars on
E-commerce for accounting professionals: Part 3 • 2
a web site that is out of date just a few short months after it goes live. For others, the
realization that having a web site puts them in the publishing business comes earlier, but the
cost is usually still the same.
Very few organizations have the resources in-house to undertake an e-business
transformation, so they typically must rely on external consultants as well as internal
management staff. This, of course, leads to opportunities for public practitioners or full-time
consultants to provide advisory services.
Risk management
As large as the upside of e-business is, it also has a downside. Doing business globally on a
24/7/365 basis has introduced many new risks and it is imperative that they are managed and
controlled. Of course, the nature of these risks requires a different approach than with many
traditional risks. You cannot simply turn on the alarm system and lock the doors to an
e-business at the end of the day to keep out the bad guys. Furthermore, many of the activities
commonly associated with e-business exacerbate risks that already exist within organizations.
All of this has resulted in a wide variety of opportunities for CGAs in areas relating to risk
management.
Infrastructure concerns
Protection against the losses due to infrastructure problems begins with development of a
disaster recovery plan and use of basic security measures, such as firewalls and anti-virus
software, which were discussed in Part 2 of this series. Even with these measures in place, the
Internet is still not the safest environment in which to operate. In addition to all of the
traditional physical threats that pose a risk to all businesses, e-businesses must face such
perils as programming errors and careless or ignorant users who have control over valuable
data.
Online fraud
Doing business electronically also greatly increases the risk of fraud. A wide variety of
devices are available to anyone who wants to disguise their identity in the online world. These
devices can be used to impersonate others at either end of a transaction, allowing an
individual to intercept messages or gain unauthorized access to systems. These same
individuals can intercept your customer’s attempts to access your web site, rerouting them to
a competitor’s site, or intercept credit card numbers, passwords, and other valuable
information.
Further concerns have risen from the high level of repudiation when it comes to online
transactions and messages. Until recently, it has been relatively easy for an individual to
simply deny placing an online order or deny even sending a message. This activity resulted in
numerous disputes, disagreements, and even financial losses.
By becoming familiar with technologies such as secure servers, data encryption, biometrics,
and digital signatures, a CGA can position himself or herself to assist in resolving these
problems. S/he can also help organizations to stay one step ahead of the bad guys by ensuring
that future developments are anticipated or, at the very least, dealt with quickly when they
materialize.
Privacy issues
Not all of the risks in the e-business world come from the outside. Privacy has become a huge
source of risk for e-businesses as consumers become increasingly conscious of how, when,
and by whom their personal information is used. The arrival of Bill C6, the Personal
Information Protection and Electronic Documents Act (PIPEDA), in Canada has added some
structure to the playing field as it relates to privacy and the related rights and responsibilities.
E-commerce for accounting professionals: Part 3 • 3
An organization that does not stay within the boundaries laid out within this legislation may
face harsh penalties.
Even harsher penalties may be faced by those who choose not to live within the law when it
comes to information privacy. Users are more conscious than ever of the potential
ramifications of revealing personal information online, and organizations need to carefully
consider what information is requested and how it is handled. A business that violates the
privacy of its customers may soon find itself with a lot less customers to deal with as word of
any impropriety, be it real or perceived, travels quickly within the online community.
Cookies
One of the most talked about privacy debates surrounds the use of cookies by Internet sites.
Cookies are small data files that are created on the hard drive of a visitor to a web site. These
files typically contain only a unique identification number that allows the site developer to
track your preferences and personalize the information you see when you visit their site in the
future. While this may not seem like a bad idea at first, cookies can be expanded to include all
sorts of personal information including name, address, and credit card numbers that have been
“volunteered” by the user.
As intrusive as cookies may seem to the end user, they can pose an even greater risk to their
developers. Even though the cookie itself is stored on the user’s hard drive, the host server
also maintains a record of the cookies that have been issued and of their contents. If a hacker
gains access to this data and uses it, the developer may be held liable for any damages that
occur.
People
Of all the risks faced by e-businesses and their brick and mortar cousins, the ones posed by
people are often the most difficult to deal with. Human threats are present in all aspects of
business and generally fit into one of three types of acts:
•
•
•
Ignorance
Negligence
Sabotage
Most human threats can be minimized by developing and enforcing strong policies and
internal controls designed to guide employees in their daily routines. Education also plays a
significant role here since people who understand both what is expected and why will be
more likely to follow the rules.
The role of CGAs
CGAs are well positioned to provide services in all of these areas. After all, a large part of the
training we receive as professional accountants relates to risk management and internal
control issues.
While not all of the roles we can assume are new, they do involve some novel challenges in
terms of dealing with new types of risks and expansion of some former areas of concern. The
following are a few of the services that can be provided:
•
•
•
•
•
•
risk assessments;
process engineering, with an emphasis on internal control and risk management;
business continuity planning as it relates to disaster management and recovery;
forensic examinations;
assistance with development of policies and guidelines for employee behavior; and
independent evaluation of proposed risk management solutions.
E-commerce for accounting professionals: Part 3 • 4
Assurance services
Not all of the opportunities for accountants are in completely new areas. Opportunities can
also be found in more traditional areas such as assurance services. Most visibly, the impact of
doing business electronically needs to be considered in the completion of traditional
assurance engagements. Other, new types of assurance services are also in demand, as
practitioners are being asked to examine systems and the information they store and transmit.
Traditional engagements
Within the framework of traditional assurance engagements, there are several factors that
need to be considered in relation to e-business. Many of these relate to the dramatic changes
in internal control systems that have been necessitated as a result of the changes imposed by
e-business.
Internal controls
Since e-businesses rely mainly on complex computerized systems to process, record, and
report on transactions, auditors need to be able to gain an understanding of those controls in
order to determine the level of risk that is attached to an engagement.
Most large firms have developed teams of in-house specialists whose role is to examine and
report on the controls that exist within information systems. These specialists can assist the
auditor in gaining an understanding of the controls that exist within the client’s systems and
thereby determine the amount of substantive testing that is required to facilitate expression of
an audit opinion.
Electronic auditing
Of course, in many organizations, the sheer volume of transactions precludes a traditional
“ticking and vouching” approach to substantive testing. There is an upside to this situation
though, as complex auditing software can be used to perform testing which, in the past, would
have been prohibitively expensive. These packages are often so efficient that they can
examine entire sets of transactions, wherein the past reliance was placed on small statistical
samples, thus increasing the level of reliability of the testing.
Assessing corporate governance
Governance assessments are not something you will typically find listed on anyone’s business
card, but they are a necessary service these days. The term ‘governance’ is used most
frequently in the not-for-profit sector. It generally refers to the stewardship maintained by
management over corporate resources. Unlike traditional assurance services, which report on
internal controls and provide financial reporting, governance assessments look at all aspects
of operations to ensure that the best interests of the shareholders are being served.
One of the most commonly used approaches to governance assessments is the balanced
scorecard reporting method developed by Robert S. Kaplan and David P. Norton. Their book,
entitled The Balanced Scorecard, outlines a highly effective approach to measuring and
reporting on organizational effectiveness. Another excellent source of information on
governance, and governance assessments as they relate to information technology (IT), is the
IT Governance Institute. Their web site address is www.itgi.org.
Governance assessment services are generally performed by external consultants or by public
practitioners. With the recent collapses of Enron and WorldCom, I would expect to see a
sharp rise in the numbers of governance assessment engagements being undertaken. They
may even become mandatory as new standards are implemented in an attempt to avoid such
events.
E-commerce for accounting professionals: Part 3 • 5
New assurance services
In addition to traditional assurance engagements, CGAs are also in a position to perform new
types of assurance services. As professional accountants, we are in a position to advise our
clients and to provide assurance services relating to the following:
•
•
•
Integrity of information systems on which clients rely. These may be their own systems or
those of suppliers and associates.
Authenticity, accuracy, and integrity of information that has been stored or transmitted
electronically.
Compliance of suppliers and associates with written privacy and security policies.
These services are highly suited to CGAs because of our status as independent third parties
who have established a reputation for being trustworthy.
New competencies
Given the opportunities described earlier, there are some new skills that accountants need to
develop in order to ensure they can meet the needs of their clients. There is no need to panic.
This is not to suggest that we all become techies. However, we do need to ensure that we have
the correct tools at our disposal if we are going to offer our services to others.
The CGA Competency Framework will help you to identify the general areas of expertise
which you must develop to perform these new services. In addition to aspiring to similar
competencies to those of a typical public practitioner, a CGA interested in providing
e-business advisory services should also develop a high level of expertise in key areas of IT.
These areas are introduced in the paragraphs that follow.
Systems analysis and design
While this is not truly a new area, it has not been a major focus for accountants in the past and
its importance warrants inclusion in this discussion. Analysis and design is often made to
sound far more complex than necessary. Essentially, it involves defining a problem or
situation, developing a description or a model that accurately describes it, developing
potential improvements, and finally, selecting the most appropriate course of action.
Of course, describing some of the complex systems that are used in a typical e-business
environment can get a little bit more complex, but the basic methodology does not change.
Skills, such as process modeling and an understanding of relational database management
systems, are extremely valuable in systems analysis projects.
Types of information systems
The wide variety and complexity of information systems makes it impossible for any one
individual to become an expert in all of them, but it is necessary to have at least a basic
understanding of the different types of systems and the functions they are designed to
perform. Categories that should be studied in depth include:
•
•
•
•
•
•
functional systems, such as customer relationship management (CRM) and enterprise
resource planning (ERP) tools;
accounting software and reporting tools;
office automation products;
communications systems;
decision support systems; and
executive information systems.
E-commerce for accounting professionals: Part 3 • 6
Within each of these categories, there are literally hundreds of products and thousands of
possible combinations that could be encountered in any small- to medium-sized business.
E-business infrastructure
Of course, anyone providing e-business advisory services will need to become familiar with
the infrastructure of the Internet and the systems that support it. A basic understanding of
networking and network operating systems is a good starting point. Pay particular attention to
the TCP-IP protocol, which is the networking protocol of choice for the Internet and
e-business.
The infrastructure that supports e-business is, on the surface, surprisingly simple. After all, if
you can read and click a mouse button, you can navigate the Web. Add to that the ability to
type in your address and credit card details and you can be an online shopper. Take it one step
further and list an item for sale on eBay, and you are participating fully (well almost) in the
“new economy.” This may sound overly simple, and in reality it is stretching things
somewhat. On the surface, the Internet does not appear to be a complex entity; however, it is
what happens beneath the surface that counts.
Security and controls
This area could easily form the basis for lifelong study all on its own. Again, expert
knowledge in all aspects of security and controls is not a necessity, but you will at least need
to become familiar with the more commonly available products and tools.
Three key aspects of security and controls are reviewed in depth in Part 2 of this series where
we looked at the subjects of malicious code, encryption, and firewalls.
Summary
This three-part series has introduced many different aspects of e-commerce and how it is
changing the lives of accounting professionals everywhere. As indicated in the introduction, it
is not a comprehensive look at all, or any, of the many aspects of doing business
electronically. Instead, it is a starting point to begin expanding your understanding of
e-commerce and how it is changing the way we work.
This is the final article in a series of three parts by Robin Day, CGA.
E-commerce for accounting professionals: Part 3 • 7
Related documents
Final Review Sheet
Final Review Sheet
File - for Ms.Ghadah students
File - for Ms.Ghadah students
lecture4
lecture4
2 - E-Business
2 - E-Business
MANAGEMENT INFORMATION SYSTEMS
MANAGEMENT INFORMATION SYSTEMS
Activity answers
Activity answers
Management Information System
Management Information System
E-business models
E-business models
Lecture notes for this topic
Lecture notes for this topic
Download
advertisement