E-commerce and Public Key Infrastructure (PKI) Audit/Assurance Program 


E-commerce and Public Key Infrastructure (PKI) Audit/Assurance Program  Download (212K; Member Only)
Bookstore Purchase the Book

  Provide feedback on this document
Knowledge Center  Visit the Audit Tools and Techniques Knowledge Center community

The major objectives of the e-commerce/PKI audit/assurance review are to:

  • Provide management with an independent assessment of the effectiveness of the architecture and security of the e-commerce and PKI environments and their alignment with the enterprise’s IT security policies and architecture and with industry good practices.
  • Provide management with an evaluation of the IT function’s preparedness in the event of an intrusion or major failure of the e-commerce or PKI environments.
  • Identify issues that may impact the security of the enterprise’s e-commerce stance.

The review will focus on the architecture and security of e-commerce and PKI environments, including, but not restricted to, relevant policies, standards and procedures, as well as resilience to major outages, intrusions or other failures.

Note that this document does not address issues related to e-commerce itself, such as timeliness of delivery of items ordered. These would be covered in other audit programs of a financial and operational nature.

IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the Certified Information Systems Auditor (CISA) designation and/or necessary subject matter expertise to adequately review the work performed.