ebusinessSERVICE REQUI DANS LE CADRE DES TRANSACTIONS D ENTREPRISES ET COMPANIES
PAIETUNISIE
8 views
27 slides
Mar 07, 2025
Slide 1 of 27
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
About This Presentation
E BUSINESS
Slide Content
T
R
U
S
T
GRMS E-Business Assurance Services
For
Internal
Use Only
R
U
S
T
GRMS E-Business Assurance Services
For
Internal
Use Only
For
Internal
Use Only
2
Why Read This?
Enhance Systems,
with Limited
Funding
Reduce
Inventories
Increase Sales
Reduce
Procurement
Cost
Utilize
Customer
Information
Better - Yet adhere to
Privacy Regs Make Business
- “e”…Define
“e” First
Your
Client
Your client has a lot of
pressure to make “e” work...
Funding may be limited...
Expectations are high...
Trading Partners are
demanding support for trusting
each other...
Your client asks for help in the
assurance sense…
how do you choose what to
offer?
This PowerPoint shows some highlights and the attached Word
Document will take you through the decision process, step by step.
Internal
Use Only
2
Why Read This?
Enhance Systems,
with Limited
Funding
Reduce
Inventories
Increase Sales
Reduce
Procurement
Cost
Utilize
Customer
Information
Better - Yet adhere to
Privacy Regs Make Business
- “e”…Define
“e” First
Your
Client
Your client has a lot of
pressure to make “e” work...
Funding may be limited...
Expectations are high...
Trading Partners are
demanding support for trusting
each other...
Your client asks for help in the
assurance sense…
how do you choose what to
offer?
This PowerPoint shows some highlights and the attached Word
Document will take you through the decision process, step by step.
For
Internal
Use Only
3
Purpose of this Document
Present a solution set of assurance (advisory and
attest/opinion-level) services GRMS can provide to clients
Please note the work referred to in this document should be
performed by a cross-section of GRMS with the best skills
(meaning this is not a specific line of service summary of
services)
Internal
Use Only
3
Purpose of this Document
Present a solution set of assurance (advisory and
attest/opinion-level) services GRMS can provide to clients
Please note the work referred to in this document should be
performed by a cross-section of GRMS with the best skills
(meaning this is not a specific line of service summary of
services)
For
Internal
Use Only
4
E-Business Opportunity & Risks
Organization &
Competencies
Performance
Management
Strategy
Processes
Systems &
Technology
E-BusinessE-Business
Delivery &
Operations
Security
Tax & Legal
Privacy
E-Business means opportunity,
but opportunity with many risks ...
Internal
Use Only
4
E-Business Opportunity & Risks
Organization &
Competencies
Performance
Management
Strategy
Processes
Systems &
Technology
E-BusinessE-Business
Delivery &
Operations
Security
Tax & Legal
Privacy
E-Business means opportunity,
but opportunity with many risks ...
For
Internal
Use Only
5
How Can PricewaterhouseCoopers Help?
Trust is necessary for client customers and business
partners to engage in e-Business with them.
PricewaterhouseCoopers helps clients identify and manage
e-Business risks to fully leverage the opportunities found in
a connected economy. Our E-Business Risk Management
Solutions helps clients achieve the security, reliability,
effectiveness, and assurance necessary to build trust in an
E-Business world.
S
e
c
u
r
i
t
y
R
e
l
i
a
b
i
l
i
t
y
E
ff
e
c
t
i
v
e
n
e
s
s
A
s
s
u
r
a
n
c
e
Trust
Internal
Use Only
5
How Can PricewaterhouseCoopers Help?
Trust is necessary for client customers and business
partners to engage in e-Business with them.
PricewaterhouseCoopers helps clients identify and manage
e-Business risks to fully leverage the opportunities found in
a connected economy. Our E-Business Risk Management
Solutions helps clients achieve the security, reliability,
effectiveness, and assurance necessary to build trust in an
E-Business world.
S
e
c
u
r
i
t
y
R
e
l
i
a
b
i
l
i
t
y
E
ff
e
c
t
i
v
e
n
e
s
s
A
s
s
u
r
a
n
c
e
Trust
For
Internal
Use Only
6
Global Risk Management Solutions (GRMS) offers
E-Business assurance solutions designed to build trust
Comprehensive E-Business assessments
- Address all risk categories
Specialized assessments in key risk areas, such as
- Security
- Privacy
- Transactional integrity
- Operational resilience / availability
E-Business Assurance Services
Internal
Use Only
6
Global Risk Management Solutions (GRMS) offers
E-Business assurance solutions designed to build trust
Comprehensive E-Business assessments
- Address all risk categories
Specialized assessments in key risk areas, such as
- Security
- Privacy
- Transactional integrity
- Operational resilience / availability
E-Business Assurance Services
For
Internal
Use Only
7
Our E-Business Assurance Services have two
primary forms
Advisory services
- Provide assessments of E-Business for the use of internal
management
- Identify issues for corrective action
Opinion-level services
- Provide assessments of E-Business for use by external parties
- Give comfort on controls
E-Business Assurance Services
Internal
Use Only
7
Our E-Business Assurance Services have two
primary forms
Advisory services
- Provide assessments of E-Business for the use of internal
management
- Identify issues for corrective action
Opinion-level services
- Provide assessments of E-Business for use by external parties
- Give comfort on controls
E-Business Assurance Services
For
Internal
Use Only
8
Range of E-Business Advisory Services
Broad
Specialized
Advisory Opinion-Level
emm@
E-B Diagnostic
BetterWeb
Specialized
Consulting
WebTrust
SysTrust
SAS 70
COLA
(Customized
OnLine Assurance)
Internal
Use Only
8
Range of E-Business Advisory Services
Broad
Specialized
Advisory Opinion-Level
emm@
E-B Diagnostic
BetterWeb
Specialized
Consulting
WebTrust
SysTrust
SAS 70
COLA
(Customized
OnLine Assurance)
For
Internal
Use Only
9
Broad Advisory Services - emm@
Emm@, the e-business Maturity Model, is a framework that
helps a client assess its e-business status by providing insight
into questions such as:
Are they ready for e-business? How do they know?
Where should they concentrate their scarce investment dollars and
management resources?
What strengths do they have that might give them a competitive
edge in the race to dominate their industry?
What actions should they take to shore up critical risk areas?
By what means are they tracking their progress toward successful
achievement of their e-business strategy?
Emm@ is used to help organizations assess their functional
strengths and weaknesses, design specific solutions to support
their e-business strategies, and evaluate their ongoing e-
business operations for continuous improvement and risk
management.
Internal
Use Only
9
Broad Advisory Services - emm@
Emm@, the e-business Maturity Model, is a framework that
helps a client assess its e-business status by providing insight
into questions such as:
Are they ready for e-business? How do they know?
Where should they concentrate their scarce investment dollars and
management resources?
What strengths do they have that might give them a competitive
edge in the race to dominate their industry?
What actions should they take to shore up critical risk areas?
By what means are they tracking their progress toward successful
achievement of their e-business strategy?
Emm@ is used to help organizations assess their functional
strengths and weaknesses, design specific solutions to support
their e-business strategies, and evaluate their ongoing e-
business operations for continuous improvement and risk
management.
For
Internal
Use Only
10
Emm@ Structure
Emm@ defines five levels of maturity in a successful e-
business, allowing benchmarking against best practices, as
follows:
The Emm@ framework spans nine domains as follows:
- E-Business Strategy- Tax
- Organisation & Competencies- Legal
- Processes and Related Controls- Security
- Systems & Technology - Delivery & Operations
- Performance Management
Within this structure, over 1000 best practices have been identified as
critical to the success of e-business initiatives at different levels of e-
business maturity. These practices are used to determine a client’s status.
On-line
Presence
On-line
Business
On-line
Integrated
Business
On-line
Advanced
Business
Full
E-Business
Internal
Use Only
10
Emm@ Structure
Emm@ defines five levels of maturity in a successful e-
business, allowing benchmarking against best practices, as
follows:
The Emm@ framework spans nine domains as follows:
- E-Business Strategy- Tax
- Organisation & Competencies- Legal
- Processes and Related Controls- Security
- Systems & Technology - Delivery & Operations
- Performance Management
Within this structure, over 1000 best practices have been identified as
critical to the success of e-business initiatives at different levels of e-
business maturity. These practices are used to determine a client’s status.
On-line
Presence
On-line
Business
On-line
Integrated
Business
On-line
Advanced
Business
Full
E-Business
For
Internal
Use Only
11
Emm@ Results
The Performance Wheel is a graph that visually displays the results of client
assessment scoring. Each sector of a Performance Wheel represents a
single domain or issue, depending on the view selected. The colored portion
of the sector represents the percentage score the client ahs achieved for that
particular domain/issue. The circumference eof the wheel represents a
percentage score of 100%, or full compliance with all relevant GPSs for that
domain/issue.
Internal
Use Only
11
Emm@ Results
The Performance Wheel is a graph that visually displays the results of client
assessment scoring. Each sector of a Performance Wheel represents a
single domain or issue, depending on the view selected. The colored portion
of the sector represents the percentage score the client ahs achieved for that
particular domain/issue. The circumference eof the wheel represents a
percentage score of 100%, or full compliance with all relevant GPSs for that
domain/issue.
For
Internal
Use Only
12
Broad Advisory Services - E-B Diagnostic
E-Business Diagnostic is an advisory tool designed to be used at
a high-level to determine broad risks to an organization
Based on the emm@ domains and practice statements
Customized by industry
Provides benchmarking in key areas, by industry
Designed to be a much higher-level assessment than emm@
Useful for comparing multiple units or processes to determine
which ones exhibit the highest risk
May be used in conjunction with emm@
Use E-B Diagnostic to highlight areas of highest risk (business
unit or risk category)
Conduct full emm@ review of highlighted area
Internal
Use Only
12
Broad Advisory Services - E-B Diagnostic
E-Business Diagnostic is an advisory tool designed to be used at
a high-level to determine broad risks to an organization
Based on the emm@ domains and practice statements
Customized by industry
Provides benchmarking in key areas, by industry
Designed to be a much higher-level assessment than emm@
Useful for comparing multiple units or processes to determine
which ones exhibit the highest risk
May be used in conjunction with emm@
Use E-B Diagnostic to highlight areas of highest risk (business
unit or risk category)
Conduct full emm@ review of highlighted area
For
Internal
Use Only
13
We offer specialized consulting in key E-
Business areas, including
Security assessment and architecture services
Public Key Infrastructure, VPN, and Intrusion Detection
consulting
Business process controls consulting
Privacy risk management
Operational resilience and network availability
Project Support Office
Specialized Advisory Services
Internal
Use Only
13
We offer specialized consulting in key E-
Business areas, including
Security assessment and architecture services
Public Key Infrastructure, VPN, and Intrusion Detection
consulting
Business process controls consulting
Privacy risk management
Operational resilience and network availability
Project Support Office
Specialized Advisory Services
For
Internal
Use Only
14
Advisory Service - PwC BetterWeb
sm
The BetterWeb
sm
program is an initiative of PricewaterhouseCoopers to help make
the Web a better place to do business. Through the BetterWeb
sm
program, we have
developed a better set of standards that require online businesses to provide better
information to consumers, which helps them build better customer relationships.
We grant a license to use the BetterWeb
sm
seal to online businesses that commit to
our standards for disclosure of online business practices to consumers.
Building consumer confidence
S
a
l
e
s
T
e
r
m
s
P
r
i
v
a
c
y
P
o
l
i
c
y
S
e
c
u
r
i
t
y
P
r
o
c
e
d
u
r
e
s
C
o
m
p
l
a
i
n
t
R
e
s
o
l
u
t
i
o
n
PricewaterhouseCoopers
VeriSign
BBB OnLine
TRUSTe
PublicEye
Internal
Use Only
14
Advisory Service - PwC BetterWeb
sm
The BetterWeb
sm
program is an initiative of PricewaterhouseCoopers to help make
the Web a better place to do business. Through the BetterWeb
sm
program, we have
developed a better set of standards that require online businesses to provide better
information to consumers, which helps them build better customer relationships.
We grant a license to use the BetterWeb
sm
seal to online businesses that commit to
our standards for disclosure of online business practices to consumers.
Building consumer confidence
S
a
l
e
s
T
e
r
m
s
P
r
i
v
a
c
y
P
o
l
i
c
y
S
e
c
u
r
i
t
y
P
r
o
c
e
d
u
r
e
s
C
o
m
p
l
a
i
n
t
R
e
s
o
l
u
t
i
o
n
PricewaterhouseCoopers
VeriSign
BBB OnLine
TRUSTe
PublicEye
For
Internal
Use Only
15
Benefits of a BetterWeb partnership
PwC BetterWeb
sm
•Monthly advisory: news,
insight, commentary
•Related surveys,
benchmarking studies, best
practices
•Relevant regulatory and
industry analysis
•Networking and conference
opportunities
•Disclosure gap analysis,
recommendations, seal
display
•Licensee promotional toolkit:
PR, customer and
communications
•PwC press release and search
engine listing of licensees
•Additional disclosure best
practices
Complementary
Knowledge Base
Global Seal Program
Internal
Use Only
15
Benefits of a BetterWeb partnership
PwC BetterWeb
sm
•Monthly advisory: news,
insight, commentary
•Related surveys,
benchmarking studies, best
practices
•Relevant regulatory and
industry analysis
•Networking and conference
opportunities
•Disclosure gap analysis,
recommendations, seal
display
•Licensee promotional toolkit:
PR, customer and
communications
•PwC press release and search
engine listing of licensees
•Additional disclosure best
practices
Complementary
Knowledge Base
Global Seal Program
For
Internal
Use Only
16
Transaction Integrity
The entity maintains effective
controls to provide reasonable
assurance that customer
transactions using electronic
commerce are completed and
billed as agreed.
AICPA WebTrust provides visible, independent assurance over e-Business to
increase consumer confidence in client business practices, transaction integrity,
and information protection.
Business Practices Disclosure
The entity discloses its business
practices for electronic
commerce transactions and
executes transactions in
accordance with its disclosed
business practices.
B2C seal of assurance for the Internet economy
Only CPA firms can issue a WebTrust seal. The seal is re-validated every 90 days
to ensure that the company is still adhering to WebTrust requirements.
Information Protection
The entity maintains effective
controls to provide reasonable
assurance that private customer
information obtained as a result
of electronic commerce is
protected from uses not related to
the entity’s business.
Broad Opinion-Level Services - WebTrust
Internal
Use Only
16
Transaction Integrity
The entity maintains effective
controls to provide reasonable
assurance that customer
transactions using electronic
commerce are completed and
billed as agreed.
AICPA WebTrust provides visible, independent assurance over e-Business to
increase consumer confidence in client business practices, transaction integrity,
and information protection.
Business Practices Disclosure
The entity discloses its business
practices for electronic
commerce transactions and
executes transactions in
accordance with its disclosed
business practices.
B2C seal of assurance for the Internet economy
Only CPA firms can issue a WebTrust seal. The seal is re-validated every 90 days
to ensure that the company is still adhering to WebTrust requirements.
Information Protection
The entity maintains effective
controls to provide reasonable
assurance that private customer
information obtained as a result
of electronic commerce is
protected from uses not related to
the entity’s business.
Broad Opinion-Level Services - WebTrust
For
Internal
Use Only
17
Click to see report issued by: Click to see report issued by:
XY&Z, Independent Certified XY&Z, Independent Certified
Public AccountantsPublic Accountants
User sees seal
on web page:
Clicks to
get
additional
information
WebTrust Seal
Attestation service, originated
by US CPA and Canadian
Chartered Accountants
Institutes
Based on a defined set of
WebTrust principles &
criteria
Auditors issue attest report,
client includes on Web site
Issue WebTrust seal if report
unqualified
Seal can be displayed for up
to 3 months
Limitations on seal & display
of report, removal by the
CPA
Internal
Use Only
17
Click to see report issued by: Click to see report issued by:
XY&Z, Independent Certified XY&Z, Independent Certified
Public AccountantsPublic Accountants
User sees seal
on web page:
Clicks to
get
additional
information
WebTrust Seal
Attestation service, originated
by US CPA and Canadian
Chartered Accountants
Institutes
Based on a defined set of
WebTrust principles &
criteria
Auditors issue attest report,
client includes on Web site
Issue WebTrust seal if report
unqualified
Seal can be displayed for up
to 3 months
Limitations on seal & display
of report, removal by the
CPA
For
Internal
Use Only
18
WebTrust Principles and Criteria
Business Practices Disclosure
The entity discloses its business practices for electronic
commerce transactions and executes transactions in
accordance with its disclosed business practices.
Transaction Integrity
The entity maintains effective controls to provide reasonable
assurance that customers’ orders placed using electronic
commerce are completed and billed as agreed.
Information Protection
The entity maintains effective controls to provide reasonable
assurance that private customer information obtained as a
result of electronic commerce is protected from uses not
related to the entity’s business.
Internal
Use Only
18
WebTrust Principles and Criteria
Business Practices Disclosure
The entity discloses its business practices for electronic
commerce transactions and executes transactions in
accordance with its disclosed business practices.
Transaction Integrity
The entity maintains effective controls to provide reasonable
assurance that customers’ orders placed using electronic
commerce are completed and billed as agreed.
Information Protection
The entity maintains effective controls to provide reasonable
assurance that private customer information obtained as a
result of electronic commerce is protected from uses not
related to the entity’s business.
For
Internal
Use Only
19
B2B assurance for a connected economy
The AICPA introduced an assurance service, SysTrust, to report on the
reliability of an entity’s systems. To earn an unqualified SysTrust report,
a “system” must meet all four principles and 58 criteria. The AICPA
defines a system as an infrastructure of hardware, software, people,
procedures, and data that—together in a business context—produces
information. The four essential principles of system reliability as
defined by the AICPA are availability, security, integrity, and
maintainability. Examples of how an unqualified SysTrust opinion can
help are:
A major retailer requires Internet-enabled suppliers to have a
SysTrust review performed prior to beginning a business relationship
to ensure that the supply chain linkage can be maintained.
An Internet-based forest products exchange links forest products
producers and buyers. To encourage these customers to use this
service, the exchange has a SysTrust review performed to provide
assurances that appropriate controls are present.
Broad Opinion-Level Services - SysTrust
CPA SysTrust
sm
Service
Internal
Use Only
19
B2B assurance for a connected economy
The AICPA introduced an assurance service, SysTrust, to report on the
reliability of an entity’s systems. To earn an unqualified SysTrust report,
a “system” must meet all four principles and 58 criteria. The AICPA
defines a system as an infrastructure of hardware, software, people,
procedures, and data that—together in a business context—produces
information. The four essential principles of system reliability as
defined by the AICPA are availability, security, integrity, and
maintainability. Examples of how an unqualified SysTrust opinion can
help are:
A major retailer requires Internet-enabled suppliers to have a
SysTrust review performed prior to beginning a business relationship
to ensure that the supply chain linkage can be maintained.
An Internet-based forest products exchange links forest products
producers and buyers. To encourage these customers to use this
service, the exchange has a SysTrust review performed to provide
assurances that appropriate controls are present.
Broad Opinion-Level Services - SysTrust
CPA SysTrust
sm
Service
For
Internal
Use Only
20
If an E-Business operation is outsourced, and the third parties
seeking comfort are the independent auditors of the client
organization, then SAS 70 may be the right form of assurance.
SAS 70 is a formal report on the design, implementation, and
effectiveness of controls at a service organization.
SAS 70 reports are used to explicitly support the financial
audit process of organizations that use outside service
organizations.
SAS 70 reports contain large amounts of detail on the
description of the control environment, the control
objectives, and the controls that are in place to meet those
control objectives
SAS 70 reports are restricted to the service organization, its
customers, and the independent accountants of its customers.
Opinion-Level Services - SAS 70
Internal
Use Only
20
If an E-Business operation is outsourced, and the third parties
seeking comfort are the independent auditors of the client
organization, then SAS 70 may be the right form of assurance.
SAS 70 is a formal report on the design, implementation, and
effectiveness of controls at a service organization.
SAS 70 reports are used to explicitly support the financial
audit process of organizations that use outside service
organizations.
SAS 70 reports contain large amounts of detail on the
description of the control environment, the control
objectives, and the controls that are in place to meet those
control objectives
SAS 70 reports are restricted to the service organization, its
customers, and the independent accountants of its customers.
Opinion-Level Services - SAS 70
For
Internal
Use Only
21
Our e-Business assurance solution sets assure potential and existing customers of
an independent evaluation of E-Business practices and controls. We work with
management to customize the assurance service to meet client needs.
Our assurance service can address all or some of the following operational control
areas:
Business practices and
related disclosures
Business process integrity
Demonstrating trust on the web
Security
Privacy
Operational resilience
Audience measurement
Advertising delivery
Specific legal and regulatory
requirements
COLA - Customized OnLine Assurance
Internal
Use Only
21
Our e-Business assurance solution sets assure potential and existing customers of
an independent evaluation of E-Business practices and controls. We work with
management to customize the assurance service to meet client needs.
Our assurance service can address all or some of the following operational control
areas:
Business practices and
related disclosures
Business process integrity
Demonstrating trust on the web
Security
Privacy
Operational resilience
Audience measurement
Advertising delivery
Specific legal and regulatory
requirements
COLA - Customized OnLine Assurance
For
Internal
Use Only
22
Example: DoubleClick Opinion Over
Advertising Transaction Integrity
COLA Example
Report of Independent Accountants
To the Management and Board of Directors of DoubleClick, Inc.:
We have examined DoubleClick, Inc. ("DoubleClick") Management's Assertion, included in the accompanying
Management's Statement on the Effectiveness of Internal Control, that for the period January 1, 2000 through March
31, 2000, DoubleClick's internal control provided reasonable assurance that the objectives addressed in the stated
Assessment Criteria were met. DoubleClick's management is responsible for maintaining effective internal control over
the DART system to achieve the objectives set forth in the Assessment Criteria. Our responsibility is to express an
opinion on Management's Assertion based on our examination.
Our examination was conducted in accordance with standards established by the American Institute of Certified Public
Accountants and, accordingly, included obtaining an understanding of the internal control over those aspects of the
DART system dealing with the complete and accurate processing and reporting of information addressed in the
Assessment Criteria, testing, and evaluating the design and operating effectiveness of the internal control, and
performing such other procedures as we considered necessary in the circumstances. We believe that our examination
provides a reasonable basis for our opinion.
Because of inherent limitations in any internal control, misstatements due to error or fraud may occur and not be
detected. Also, projections of any evaluation of internal control to future periods are subject to the risk that the internal
control may become inadequate because of changes in conditions, or that the degree of compliance with policies and
procedures may deteriorate.
In our opinion, DoubleClick Management's Assertion referred to above is fairly stated, in all material respects, based on
the Assessment Criteria.
PricewaterhouseCoopers LLP
May 9, 2000
Internal
Use Only
22
Example: DoubleClick Opinion Over
Advertising Transaction Integrity
COLA Example
Report of Independent Accountants
To the Management and Board of Directors of DoubleClick, Inc.:
We have examined DoubleClick, Inc. ("DoubleClick") Management's Assertion, included in the accompanying
Management's Statement on the Effectiveness of Internal Control, that for the period January 1, 2000 through March
31, 2000, DoubleClick's internal control provided reasonable assurance that the objectives addressed in the stated
Assessment Criteria were met. DoubleClick's management is responsible for maintaining effective internal control over
the DART system to achieve the objectives set forth in the Assessment Criteria. Our responsibility is to express an
opinion on Management's Assertion based on our examination.
Our examination was conducted in accordance with standards established by the American Institute of Certified Public
Accountants and, accordingly, included obtaining an understanding of the internal control over those aspects of the
DART system dealing with the complete and accurate processing and reporting of information addressed in the
Assessment Criteria, testing, and evaluating the design and operating effectiveness of the internal control, and
performing such other procedures as we considered necessary in the circumstances. We believe that our examination
provides a reasonable basis for our opinion.
Because of inherent limitations in any internal control, misstatements due to error or fraud may occur and not be
detected. Also, projections of any evaluation of internal control to future periods are subject to the risk that the internal
control may become inadequate because of changes in conditions, or that the degree of compliance with policies and
procedures may deteriorate.
In our opinion, DoubleClick Management's Assertion referred to above is fairly stated, in all material respects, based on
the Assessment Criteria.
PricewaterhouseCoopers LLP
May 9, 2000
For
Internal
Use Only
23
Transaction Integrity
Security
Privacy
Operational Resilience
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring
Business Practices
COLA Assurance Framework
Internal Controls
Internal
Use Only
23
Transaction Integrity
Security
Privacy
Operational Resilience
Control Environment
Risk Assessment
Control Activities
Information & Communication
Monitoring
Business Practices
COLA Assurance Framework
Internal Controls
For
Internal
Use Only
24
COLA Assurance Framework
Business Practices
•Terms and conditions
•Nature of goods and
services to be provided
•After-sales service
•Questions, complaints,
claims
•Monitoring
Privacy
•Notice/awareness of
policies
•Choice & consent for
opt-out provisions
•Access to edit/correct
personal data
•Security of data
•Compliance program &
monitoring
Transaction Integrity
•Contract execution
•Order entry & submission
–Product pricing, features,
& interoperability
–Accuracy & completeness
–Positive acknowledgement
•Order fulfillment
–Correct quantities shipped
–Notification of back-orders
–Shipment/order
monitoring
•Billing & settlement
processing
•Security of transactions
•Transaction follow-up &
history
•Monitoring
Security
•Encryption during
transmission
•Identification &
authentication
•Authorization
•Accountability & non-
repudiation
•Monitoring
Operational Resilience
•Performance monitoring
•Capacity planning
•Service-level agreements
•Backup and recovery
•Business continuity
planning
Internal
Use Only
24
COLA Assurance Framework
Business Practices
•Terms and conditions
•Nature of goods and
services to be provided
•After-sales service
•Questions, complaints,
claims
•Monitoring
Privacy
•Notice/awareness of
policies
•Choice & consent for
opt-out provisions
•Access to edit/correct
personal data
•Security of data
•Compliance program &
monitoring
Transaction Integrity
•Contract execution
•Order entry & submission
–Product pricing, features,
& interoperability
–Accuracy & completeness
–Positive acknowledgement
•Order fulfillment
–Correct quantities shipped
–Notification of back-orders
–Shipment/order
monitoring
•Billing & settlement
processing
•Security of transactions
•Transaction follow-up &
history
•Monitoring
Security
•Encryption during
transmission
•Identification &
authentication
•Authorization
•Accountability & non-
repudiation
•Monitoring
Operational Resilience
•Performance monitoring
•Capacity planning
•Service-level agreements
•Backup and recovery
•Business continuity
planning
For
Internal
Use Only
25
SAS 70
WebTrust & SysTrust
Advertising Delivery
S
e
c
u
r
i
t
y
R
e
l
i
a
b
i
l
i
t
y
E
ff
e
c
t
i
v
e
n
e
s
s
A
s
s
u
r
a
n
c
e
Trust
Audience Measurement
COLA
GRMS E-Business Assurance Services -
Providing Trust
Internal
Use Only
25
SAS 70
WebTrust & SysTrust
Advertising Delivery
S
e
c
u
r
i
t
y
R
e
l
i
a
b
i
l
i
t
y
E
ff
e
c
t
i
v
e
n
e
s
s
A
s
s
u
r
a
n
c
e
Trust
Audience Measurement
COLA
GRMS E-Business Assurance Services -
Providing Trust
For
Internal
Use Only
26
Where to go for more information
[email protected]
703 918 3505
[email protected]
314 206 8710
As stated earlier, these items discussed are a solution set of
assurance (advisory and attest/opinion-level) services GRMS can
provide to clients
The work referred to in this document should be performed by a
cross-section of GRMS with the best skills (meaning this is not a
specific line of service summary of services). There are many
with these skills in various regions / lines of service we will refer
you to.
Internal
Use Only
26
Where to go for more information
[email protected]
703 918 3505
[email protected]
314 206 8710
As stated earlier, these items discussed are a solution set of
assurance (advisory and attest/opinion-level) services GRMS can
provide to clients
The work referred to in this document should be performed by a
cross-section of GRMS with the best skills (meaning this is not a
specific line of service summary of services). There are many
with these skills in various regions / lines of service we will refer
you to.
pwc
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 27
- Age 283 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
69 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
66 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
61 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
54 views
21
Know for Certain
DaveSinNM
29 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
34 views