Welcome to Luca!globe
CPA Journal - May 1998 Current Issue!    Navigation Tips!
Main Menu
CPA Journal
Professional Libary
Professional Forums
Member Services



By Walter Schmidt

There is a new assurance service being offered that could allow all of us to immediately provide our clients with Internet related consulting services. Here are some basic facts concerning the CPA WebTrust, as the new service is called. Coverage here is only the tip-of-the-iceberg. More information is available at the AICPA's website, www.aicpa.org. But it should be enough to introduce you to what could be a key 21st century profit center for you and your firm.

See you on the net...

On September 16, 1997, the AICPA and the Canadian Institute of Chartered Accountants, in an attempt to break down barriers to mainstream consumer acceptance of electronic commerce, announced this unique seal of assurance for electronic commerce--CPA WebTrust. With the coming of various electronic financial technologies, CPAs recognize the need to assess commerce web sites to assure they meet the criteria for standard business practices and controls over transaction integrity and information protection.

Developed in line with the White House paper "A Framework for Global Electronic Commerce," the CPA WebTrust tells potential customers that a web site has been evaluated and meets all the CPA WebTrust criteria that are set forth in three broad principles: Business Practices Disclosures, Transaction Integrity, and Information Protection.

After specially trained CPAs have examined a web site successfully, a report indicating compliance is issued and the site is granted the CPA WebTrust seal (developed by VeriSign to be difficult to forge and revocable if the organization does not continue to meet the prescribed criteria). Consumers can click on the seal to access the report, as well as the CPA WebTrust principles and criteria. The CPA must revisit the site and the seal must be refreshed at least every quarter. And each CPA WebTrust site will be linked to a directory of all sites bearing the seal.

The Three Broad Principles

Business Practices Disclosures: The site discloses its business practices for electronic commerce transactions and asserts that transactions are executed in accordance with the disclosed business practices. This principle relates to the electronic commerce transaction processes that the entity uses and does not include any representation as to the quality of its goods or services nor their suitability for any customers' intended purpose (such matters are outside the scope of the WebTrust principles and criteria).

Transaction Integrity: The site maintains effective controls to ensure that customers' orders placed using electronic commerce are completed and billed as agreed. These controls and practices address matters such as the accuracy, completeness, and timeliness of transaction processing.

Information Protection: The site maintains effective controls to ensure that private customer information is protected from uses not related to its business. These controls and practices address matters such as encryption or other protection of private customer information.

The Webtrust Criteria

Business Practices Disclosure:

    1. The entity discloses the terms and conditions by which it conducts its electronic commerce transactions.

    2. The entity discloses descriptive information about the nature of the goods that will be shipped or the services that will be provided.

    3. The entity discloses (on its Web site and/or in information provided with the product) where customers can obtain warranty, service, and support related to the goods and services purchased on its Web site.

    4. The entity discloses information to enable customers to file claims, ask questions, and register complaints.

Transaction Integrity: The entity maintains controls to provide reasonable assurance that--

    1. each order is checked for accuracy and completeness.

    2. the correct goods are shipped in the correct quantities in the time frame agreed.

    3. sales prices and all other costs are displayed for the customer before requesting acknowledgment of the order.

    4. procedures are in place that allow for subsequent follow-up of orders.

    5. monitoring procedures provide reasonable assurance that its business practice disclosures remain current.

    6. the entity has a control environment that is generally conducive to reliable business practice disclosed on its Web site and effective controls over electronic commerce transaction integrity.

Information Protection: The entity maintains controls to protect--

    1) transmissions of private customer information over the Internet from unintended recipients.

    2) private customer information obtained as a result of electronic commerce and retained in its system from outsiders.

    3) against its unauthorized access to customers' computers and its unauthorized modification of customers' computer files.

    4) The entity maintains controls to provide reasonable assurance that its information protection controls remain effective.

    5) The entity has a control environment that is generally conducive to effective controls over protection of private customer information.

And Some FAQS

Why is WebTrust needed?

A major impediment to the growth of commerce over the Internet has been broad concern over the security and privacy of credit card and other confidential information transmitted when purchasing goods, services, and information electronically. There is also concern over the frequent inability of consumers and businesses to confirm the legitimacy of companies offering goods and services over the Web.

Why should I offer WebTrust?

WebTrust is a strategic opportunity for practitioners to extend their service offering to existing and potential new clients. Gaining the Internet and computer-based competencies necessary to offer WebTrust also gives you a technological foundation that can support a wide range of other technology-based client services.

Can my firm logo be included as a part of the WebTrust Seal?

No, while it cannot be a part of the WebTrust Seal, if your client permits, you may place your firm logo and other firm data close to the seal or at other agreed upon locations on the client web site.

Are there any costs incurred to offer WebTrust?

Yes. Costs that the practitioner will incur will include CPE and ongoing training, a licensing fee, and per seal charges.

What are the professional liability and risk management considerations related to WebTrust?

Each practitioner needs to evaluate this service opportunity in accordance with the firm's own professional liability and risk management policies.

Is WebTrust covered by my malpractice carrier?

WebTrust is likely to be included in the basic coverage of most major CPA malpractice insurers. However, you are advised to speak with your broker or insurance carrier to clarify their coverage for this service. *

Walter Schmidt, CPA, (walts@dorsai.org) has written articles on the practical use of hardware, software, and the I-Net, and is recognized by his peers as an authority on how businesses can benefit from using the WEB. He is a member of the LUCA Oversight committee and AICPA's nine-member Virtual Resource Panel.

Michael J. Rosencrantz
The CPA Journal

The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.

©2009 The New York State Society of CPAs. Legal Notices

Visit the new cpajournal.com.