 |
 |
 |
 |
|
 |
 |
|
 |
Business Practices
General Controls
Transaction Integrity
and Processes
Application Controls
Data Quality and
External Factors
Completeness
Risk Assessment
following processes, evaluation and measurement of the output of the action. To
“Act” is to correct any problem detected in the “Checking” phase.
A TQM approach to internal audit of EC ensures that horizontal integration
across networks and vertical integration through hierarchies are achieved (Flood,
1993). It also has the ability to integrate the internal audit function in dynamic
networks of communication and controls (Chou et al., 1998).
Figure 1 depicts the TQM framework for Internet-based EC transactions.
The framework is developed and based on the five principles: (1) continuous
improvement, (2) activity analysis, (3) control analysis, (4) evaluation analysis,
and (5) risk assessment.
THE FRAMEWORK CRITERIA
The Framework has three basic elements:
1. Drivers: The internal auditor begins with the analysis of EC activities such as
transactions for goods or services. The analysis of activities provides an understanding of
each transaction and how the different parties associated with a transaction
interrelate with one another. It will identify significant risk factors that threaten the
entity’s operations.
2. Systems: The internal auditor establishes the general and application controls
to ensure stability and accuracy of specific application’s inputs, programs, and
outputs. An EC transaction can be analyzed using a transaction Workflow that
can automate sophisticated business processes using graphical builder. A trans-
action workflow provides visual checks of sub-transactions that constitute the
complete transaction. It helps to spot potential risks and gaps in control appli-
cations and may point toward the root cause. Workflow extends the business
process throughout an organization and beyond to include any Email or Web