Abstract
M.Comm.
The Gartner Group (1996c:1) has recognised that the Internet has grown
substantially since its inception. Recently, companies are "Internet enabling" their
applications (The Gartner Group, 1997:1) and they are increasingly using the
Internet to initiate transactions (The Gartner Group, 1996b:16).
The South African Institute of Chartered Accountants requires that an auditor
should assess the control environment for each material class of transactions
(SAICA, SAAS 400 .18). Therefore the auditor may be required to review an
Internet ordering system where this is the source of material sales transactions.
With the increasing sophistication of computerised systems, computer auditors are
being forced to treat computer systems as the target of their audits (Watne and
Turne, 1994:14). The literature survey conducted did not reveal a suitable risk
model which may be applied to Internet ordering systems. Therefore the objective
of the research was to develop such a risk model.
The research identified the technology involved in Internet ordering systems. A
detailed literature review of these components was performed. Thereafter, the
research defined risk and selected a risk model appropriate to Internet ordering
systems. Risk was defined in relation to control objectives for computer systems,
as defined by Watne and Turne (1990:308-309), and the risk model selected was
the Access Model and the Path Context Model developed by Boshoff (1985,
1990).
Four layers in the "access path" of an Internet ordering system were selected for
review, namely the HTML electronic form, HTTP, TCP/IP and CGI scripts. Risk
factors identified varied according to the layers in the access path of an Internet
ordering system. In the HTML layer, risk was influenced by the design elements of
the electronic form. At the HTTP level, message header fields and server HTTP
response codes impacted on risk. TCP/IP was also found to have header fields
which affected risk. Finally, CGI scripts were found to be different to the other
layers. Risk factors at this level were found to be very dependent on the actual CGI
scripts implemented.
The short dissertation opened additional areas for research. Of the three types of
Internet EDI systems identified by The Gartner Group (1996b:4), only one was
selected for research in this short dissertation. Clearly, opportunity exists for
similar research to be conducted on the other Internet EDI implementations.
Another area opened for research was the evaluation of risk in system-specific CGI
scripts.
In conclusion, growth of electronic commerce on the Internet is being hampered by
debate over taxation of goods and services sold over the Internet and by US
government concerns over the exporting of encryption techniques (The Gartner
Group, 1997b:1). However it appears that successful resolution of these issues is
on the horizon (The Gartner Group, 1997b:1).