Search Terms: personal w/5 information w/5 privacy, House or Senate or Joint
Document 231 of 261.
Copyright 1999
Federal News Service,
Inc.
Federal News Service
MAY
26, 1999, WEDNESDAY
SECTION:
IN THE NEWS
LENGTH:
4183 words
HEADLINE:
PREPARED TESTIMONY OF
MR. ALAN ANDERSON
SENIOR VICE PRESIDENT
AMERICAN INSTITUTE OF CERTIFIED PUBLIC ACCOUNTANTS
BEFORE THE
HOUSE
SMALL BUSINESS COMMITTEE
BODY:
Summary
There are significant barriers to the growth of electronic commerce for small business that reflect its customer's concerns about the risks of doing business on the Internet. Customers ask questions like:
* How do I know whom I am conducting a transaction with? * Will I receive what I ordered in the condition that I expect? * Is it a reliable business? * Is it a secure site? * Will my privacy be protected? * Will I get scammed?
The Internet provides an exceptional opportunity for small businesses to conduct business transactions efficiently and effectively in cyberspace. There are various projections for overall growth of such business from about $1.0 billion today to more than $100 billion in the next five to eight years. For these projections to become a reality and for small business to be able to be a part of this growth opportunity, the above customer concerns have to first be addressed.
The CPA profession, through the American Institute of Certified Public Accountants, has researched concerns about electronic commerce and believes the CPA profession is uniquely positioned to offer a comprehensive private sector response to these issues (in essence consumer protection) on the Internet. In response to this need, the AICPA, together with the Canadian Institute of Chartered Accountants (CICA) has developed a new service called CPA WebTrustsm, that is designed to build consumer trust and confidence in the electronic marketplace.
CPA WebTrust requires a Web site to:
* disclose its business and information privacy practices and to follow those practices, * maintain effective controls over the integrity of transactions, and * maintain effective controls to protect private customer information.
After a specially licensed CPA has conducted an independent and objective examination of a Web site and determined that the sight has complied with the WebTrust Criteria, the Web site can obtain and display the CPA WebTrust seal of assurance. However, the process doesn't end there. CPA WebTrust requires ongoing periodic updates to ensure that the Web site continues to comply with the WebTrust Criteria.
We believe this new symbol of trust is a model for a private sector initiative that will both enhance e-commerce success on the Internet for businesses large and small and also provide for consumer protection. CPA WebTrust provides full, fair, and honest disclosure and provides assurance to customers or potential customers that a small business engaging in electronic commerce is legitimate and has appropriate controls to protect a customer's interests.
This will allow the customer or potential customer to make informed decisions about doing business on the Internet. Many legitimate small businesses will be required to "raise the bar" for doing business with customers on the Internet in order to qualify for CPA WebTrust but in so doing, will lay the foundation for future sustainable growth through the establishment of sound business practices and policies
**************
Introduction
My name is Alan Anderson and I am representing the more than 330,000 Certified Public Accountants in the United States that are members of the American Institute of Certified Public Accountants (AICPA) in my capacity as a Senior Vice President for Technical Services of the AICPA. I am also a former partner of McGladrey & Pullen LLP, a public accounting firm for which I worked over 17 years. In my testimony today, I will outline the needs of customers in the electronic commerce marketplace, the steps that the CPA profession is taking to provide assurance to customers regarding these needs, and how these initiatives are postured to provide not only a private sector response to the associated consumer protection needs, but also a gateway to allow small businesses to compete effectively and on the same playing field as larger companies.
Although I represent the AICPA today, I wish to point out that e- commerce is a global initiative. The service that I will describe is the result of a joint effort between the AICPA and its counterpart in Canada, the CICA, and has been recently licensed to similar accounting organizations in England, Scotland, Ireland, Australia and New Zealand. We anticipate more expansion in the global marketplace in the coming months. For purposes of this statement, references to the AICPA also generally include our international partners.
Electronic Commerce Marketplace and Barriers to Consumer Acceptance
There have been many projections of the potential growth of consumer- oriented business on the Internet. These are generally in the range of $1.0 to $3.0 billion (less than 1% of total retail sales) today to over $100 billion in five to eight years. These same studies often cite the consumer's concern about the need for protection related to the legitimacy of on-line business and the
privacy
and security of their transactions and use of
personal information.
As a result, many studies indicate that only about 20 to 25% of on-line users are willing to complete a purchase transaction over the Internet. As the Internet develops and matures, its success will therefore depend on gaining and maintaining the trust of consumers. This trust will be critical to the success of small businesses that engage in electronic commerce and depend on consumer confidence in place of the name recognition or tremendous financial resources familiar to larger businesses.
In order to understand the views of online users toward purchasing products on the Internet, the AICPA commissioned Yankelovich Partners to conduct a survey in mid-1997. This survey, conducted among 1,003 Americans who are 18 years old or older and subscribe to an online service either at home or at school indicated that:
On-line users are receptive to buying a variety of products over the Internet but often do not do so because of security fears.
* A large majority of on-line users say they would not provide information about their income (91%) or give out their credit card number (85%) when shopping on-line.
* Large majorities are even hesitant to provide their phone number (74%) or address (67%).
* A lack of security is the number one reason given by non-buyers for not purchasing products on-line. * Having credible assurance about the security of on-line transactions would greatly increase on-line purchasing of products and services.
This research indicated that there was a need to build consumer trust and confidence in order to overcome these barriers and for electronic commerce to reach its full potential.
The Yankelovich survey also explored these consumers' views about the concept of CPA WebTrust, which was then under development by the AICPA. The survey indicated that:
* More than three-quarters of on-line users have a favorable impression of CPA WebTrust.
* Significantly, nearly half (46%) of on-line users say the CPA WebTrust seal would make them more likely to purchase products and services on-line.
* The fact that CPAs are providing this seal of assurance is a key factor in creating user acceptance of CPA WebTrust.
* A majority of on-line users -- particularly those currently or most likely to shop on-line -- say CPA endorsement makes this service more trustworthy, useful, and important.
These findings were reaffirmed by similar research results that were released earlier this year by Ernst & Young LLP, in "The Second Annual Ernst & Young Internet Shopping Study".
Role of the CPA Profession
For over 100 years, the objectivity and integrity of the CPA has played a major role in shaping the U.S. economy. Consider the development of the U.S. securities market. Without question, the U.S. capital markets are the most effective and efficient in the world. One key element of the efficiencies this market enjoys is the audited financial statements reported on by the CPA.
With the advent of the Securities Acts of 1933 and 1934 and the requirement for audited financial statements to supplement the sale of securities, the CPA stepped in to fill a void in the capital market place. Because of the independence, integrity and objectivity that a CPA brings to an audit engagement, public confidence in the securities market grew and continues to grow. Investors learned that an independent and objective professional had examined the financial statements of the seller. The investor could now rely with confidence on the financial information included within a prospectus. This reliability has freed the investor to focus more clearly on assessing management's ability to grow shareholder value.
A strong parallel between the Internet and the development of the securities market exists today. In many respects, electronic commerce on the Internet is in its infancy. The potential economic benefits of electronic commerce have yet to be realized by retailers, especially the small business owner, or consumers.
One reason for this is the lack of trust and confidence consumers have about the Internet. How do I know whom I am transacting with? Is this a reputable company that I can depend on? Is the Internet reliable? Is it secure? These are just several of the questions in potential customers' minds.
To increase consumer confidence and to address these fears and concerns, the AICPA has developed and is offering the CPA WebTrust service, with its sister Institutes across the world. In simple terms, Web sites can elect to be audited by public accounting firms and CPAs, who are specifically licensed by the AICPA. Those Web sites that demonstrate they meet all of the WebTrust Principles and Criteria are awarded the right to display the CPA WebTrust seal of assurance.
The CPA WebTrust seal of assurance is a symbolic representation of a CPA's unqualified report, which also appears on the Web site. (Please refer to Appendix A for an example of what a customer will see as he or she views and clicks on the CPA WebTrust Seal.)
The WebTrust Principles and How WebTrust Works
The WebTrust Principles
CPA WebTrust is based on three main principles designed to ensure that Web site operators institute practices to protect consumer interests, while at the same time providing small businesses with the tools necessary to stimulate future growth and sustainability on the Internet. Web site management must make a written assertion that their Web site follows these principles. These principles are described as follows.
Business Practices & Information Privacy Disclosures Principle
The entity discloses its business and information privacy practices for electronic commerce transactions and executes transactions in accordance with its disclosed business and information privacy practices.
To enhance customer confidence in electronic commerce, it is important that the customer is informed about the entity's business and privacy practices for electronic commerce transactions. As a result, it is required for the business to properly disclose its business practices for dealing with such matters as the following:
* A description of the goods or services being offered * The time frame for completion of transactions * Method of delivery of goods or services, including customer options * Payment terms * Electronic settlement practices and related charges to customers * Product return policies * How to obtain customer service and support * How to file claims, ask questions or register complaints * How to file a complaint for resolution by a third party using binding arbitration * How information being collected is being used, maintained or distributed to others,
This principle relates not only to the electronic commerce transaction processes that the business uses, but also provides assurance to a potential customer that the business has a proven history of demonstrating compliance with these disclosures.
WebTrust does not include any direct representation as to the quality of its goods or services nor their suitability for any customer's intended purpose (such matters are outside the scope of the WebTrust Principles and Criteria. However, they are covered, in part, in the WebTrust Consumer Recourse Mechanism provided through a third party binding arbitration feature).
Transaction Integrity Principle
The entity maintains effective controls to provide reasonable assurance that customers' orders placed using electronic commerce are completed and billed as agreed.
These controls and practices address matters such as appropriate transaction identification, transaction validation, the accuracy, completeness, and timeliness of transaction processing and related billings, the disclosure of terms and billing elements and, if applicable, electronic settlement. These matters are important to promote confidence in electronic commerce and effectively demonstrate to a potential customer a small business's ability to deliver on its sales promise. This demonstrated ability serves to increase sales for the small business owner engaging in electronic commerce by reducing the consumer's fear in dealing with the anonymity associated with Internet shopping
Information Protection Principle
The entity maintains effective controls to provide reasonable assurance that private customer information obtained as a result of electronic commerce is protected from uses not related to the entity's business.
These controls address matters such as:
* The collection and use of customer data and a customer's access to such data
* Encrypting private customer information (such as credit card numbers and personal and financial information) transmitted to the entity over the Internet,
* Protecting such information once it reaches the entity,
* Requesting permission of customers to use their information for purposes other than those related to the entity's business, and
* Obtaining customer permission before storing, altering, or copying information on the customer's computer.
Consumer concern about the safeguarding of private information traditionally has been one of the most significant deterrents to undertaking electronic commerce transactions.
The WebTrust Criteria
In order to provide more specific guidance on meeting the WebTrust Principles, the WebTrust Criteria have been developed. These criteria provide an objective basis and a consistent set of measurement criteria for CPAs to use in testing and evaluating Web sites and an effective benchmark for the small business to use in developing a sound electronic commerce business. The small business must be able to demonstrate over a period of time, at least two months and typically three months or more, that (1) it actually executed transactions in accordance with the business and information privacy practices it discloses for electronic commerce transactions, (2) its controls were operationally effective, (3) it maintains a control environment that is conducive to reliable business practice disclosures and effective controls, and (4) it maintains monitoring procedures to ensure that such business practices remain current and such controls remain effective. These concepts are an integral part of the WebTrust Criteria. The full text of the CPA WebTrust Principles and Criteria document is available at the AICPA's Web site at www.aicpa.org. The CPA WebTrust Examination
Obtaining the Seal
To obtain the CPA WebTrust seal of assurance, an on-line business must meet all the WebTrust Principles as measured by the WebTrust Criteria associated with each of these principles. In addition, the entity must (1) engage a CPA who has been specifically licensed by the AICPA to provide the CPA WebTrust service and (2) obtain an unqualified report from such CPA.
In order to award the CPA WebTrust seal, the CPA must examine the Web site in accordance with professional standards established by the AICPA. Those standards require that the CPA plan and perform the examination in such a manner as to obtain reasonable assurance that management's assertion is not materially misstated.
The CPA tests management's assertion that its Web site meets all of the WebTrust Principles and Criteria. The CPA's examination will include: (1) obtaining an understanding of a small business's electronic commerce business and information privacy practices and its controls over the processing of electronic commerce transactions and the protection of related private customer information, (2) selectively testing transactions executed in accordance with disclosed business practices, (3) testing and evaluating the operating effectiveness of the controls, and (4) performing such other procedures as are considered necessary in the circumstances.
In many respects, the standards a CPA must follow in performing a CPA WebTrust engagement are similar to those followed in performing an audit of financial statements. Both types of engagements require the same planning, supervision and due professional care. In addition, CPAs use a screening process for new clients that ensures that they are legitimate businesses and have a history of meeting their commitments.
Independence and objectivity are two other key elements of both the audit and the CPA WebTrust engagement. For example, a CPA cannot have a financial interest in a business that he or she is examining for the CPA WebTrust seal. It is these two characteristics that provide a great deal of value to both users of financial statements and the CPA WebTrust seal of assurance. Because the CPA has no interest in the business under examination, he or she can make fair and objective assessments of the controls and procedures that management has in place.
Keeping the Seal
Once the seal is obtained, the business will be able to continue displaying it on its Web site provided:
Its CPA updates his or her assurance examination of the assertion on a regular basis. The interval between such updates will depend on matters such as:
* The nature and complexity of the business's operation, * The frequency of significant changes to its Web site, * The relative effectiveness of the business's monitoring and change management controls for ensuring continued conformity with the WebTrust Criteria as such changes are made, and * The CPA's professional judgment.
For example, an update will be required more frequently for a financial institution's fast-changing Web site for securities transactions than for an on-line service that sells archival information using a Web site that rarely changes.
In no event would the interval between updates exceed 3 months and this interval often may be considerably shorter.
During the period between updates, the on-line business informs the CPA of any significant changes in its business policies, practices, processes, and controls if such changes might affect the business's ability to continue meeting the WebTrust Principles and Criteria, or the manner in which they are met. Such changes may trigger the need for an assurance update or, in some cases, removal of the seal until an update examination by the CPA can be made. If the CPA becomes aware of such a change in circumstances, he or she would determine whether an update examination would need to be performed and whether the seal would need to be removed until the update examination was completed and the updated auditor's report is issued.
Protecting the Seal
The AICPA has teamed with VeriSign, Inc., a leading provider of digital authentication and security services on the Internet, to provide protection for the CPA WebTrust seal. VeriSign conducts an independent verification to ensure that the Web site is a genuine site for the named business and provides a highly secure digital certificate verify the site's identity and protect the CPA WebTrust seal.
How CPA WebTrust Helps Protect a Customer's Interests while Stimulating Growth for Small Business
We believe that CPA WebTrust will help protect the consumer in the following ways:
* Required disclosure of business practices provides significant information for the consumer on which to base purchasing decisions. Our research with small business owners displaying the CPA WebTrust seal has shown that a reliable form of disclosure on business practices coupled with the assurance of knowing that these practices have a demonstrated history of being followed significantly reduces the amount of time needed to educate potential customers who request information through email or telephone calls. One small business displaying the CPA WebTrust seal has reported to the AICPA that it experienced a significant increase in sales followed the posting of the WebTrust seal to its web site.
* Required controls over transaction integrity and information protection help ensure that the risks of doing business over the Internet are minimized. Obviously, this perceived risk by the customer is greater when doing business with an unrecognizable entity, as is often the case with small businesses.
* For Web sites who do not currently meet the CPA WebTrust criteria, the "bar will be raised" for doing business on the Web thereby laying the foundation for small businesses to be able to grow and stay a viable force on the Internet.
* Independent verification by the respected CPA profession helps build consumer trust and confidence especially since this is updated at least once every three months. Increased trust and confidence will undoubtedly benefit small business, which might otherwise lack credibility on the Internet when competing against larger, more established companies that enjoy name recognition and healthy marketing resources.
* The CPA and VeriSign both verify the legitimacy of the business and that the business owner's Web site is genuine. This provides reasonable assurance that only legitimate Web sites qualify for the CPA WebTrust seal.
* VeriSign provides a digital certificate to protect the CPA WebTrust seal and also uses so called "spider technology" to scan the Internet for any sites displaying a WebTrust-like seal without authorization. Attempts to counterfeit the CPA WebTrust seal would be quickly detected.
* The AICPA requires CPAs to attend training and obtain a special license in order to provide the CPA WebTrust service. As part of the license, the CPA firm agrees to an independent quality inspection of its CPA WebTrust services. Most CPA firms have been in the business of providing valuable audit, tax and consulting services to small businesses for decades.
* CPA WebTrust protects American consumers who shop at overseas Web sites and at the same time, provides trust and confidence to the overseas shopper looking to conduct commerce at the web site of a small business owner in the United States. Because the Internet is global, the AICPA has licensed similar accountant's institutes in a number of countries to offer WebTrust as a service to their members.
In Conclusion
Although still in its infancy, electronic commerce shows extremely high potential for our economy and will undoubtedly be of huge benefit to small business given the relatively low cost of entry. It provides convenience and promotes efficient markets therefore stimulating economic growth. We believe CPA WebTrust allows this growth to be an opportunity the small business owner can be a part of. No doubt there will be both intentional abuses and unintentional errors affecting consumers and therefore decreasing trust in this new medium. However, we believe that, if its use becomes wide spread, CPA WebTrust will enhance consumer protection on the Internet, and will build the consumer trust and confidence that is needed for electronic commerce to achieve its full potential.
It is our goal that consumers around the world will look to those sites with the CPA WebTrust seal as the safe places to shop on the Internet. Small business will be able to effectively compete against large businesses once this factor of trust is established and in turn, promote a healthier economy. We believe CPA WebTrust will help to create a level playing field for those businesses that don't otherwise have name recognition or the resources necessary to create high visibility in the marketplace. Although Web sites that do not initially qualify for CPA WebTrust will need to make the necessary changes to their electronic commerce business practices to meet the WebTrust Principles and Criteria, we believe in the long run, that this will better position them for growth and sustainability on the Internet by providing a framework as to how sound electronic commerce is conducted.
We also believe that CPA WebTrust is an excellent model for implementing consumer protection and privacy in the private sector.
I would like to thank you once again for the opportunity to appear here today. It has been a privilege and an honor to participate.
I would be pleased to answer any questions that you or the Members of this subcommittee may have for me.
Should you desire, I would also be pleased to demonstrate CPA WebTrust live on one of the early Web sites that obtained the CPA WebTrust seal.
END
LOAD-DATE:
June 8, 1999
Document 231 of 261.
Search Terms: personal w/5 information w/5 privacy, House or Senate or Joint
To narrow your search, please enter a word or phrase:
Copyright © 2002, LEXIS-NEXIS®, a division of Reed Elsevier Inc. All Rights Reserved.
