Risks of Internal Control in eCommerce
By Osmond Vitez
Technology has greatly changed the way companies operate in today’s business world. Many companies have started eCommerce websites via the Internet to sell their goods and services to consumers and other businesses. Companies may only operate as eCommerce businesses, rather than the traditional brick and mortar storefronts. While eCommerce companies are a newer form of business, they are still susceptible to many of the typical internal control risks of traditional businesses. Internal controls are the safeguards companies implement to protect them from employees abusing financial and operational information.
ECommerce businesses collect many different types of sensitive personal information from customers when conducting business transactions. Credit card numbers, email addresses and physical addresses are some of the important types of information collected. Companies implement internal controls to ensure employees do not steal or sell this information to outsiders, creating dangerous legal issues for the eCommerce company. Credit card companies may also impose restrictions on companies that do not properly protect consumer information, since this increases the credit card company’s consumer liability. Typical internal controls include using encrypted websites and electronic shopping carts, not storing sensitive consumer information or limiting employee access to information.
Another internal control risk for eCommerce companies is the protection of their website from internal and external threats. Internal controls may be the daily testing of the website against viruses, how vulnerable the website is to hackers and how easy internal employees can access the website programs and functions. Because eCommerce companies may operate only via the Internet, any downtime caused by external threats to the website's operation is a critical issue for the eCommerce company. Website downtime quickly leads to lost sales and negative customer goodwill. This risk may also allow a competitor to enter the market place and take sales away from the company.
All companies face financial risk, even if they only operate via the Internet. ECommerce companies may face a harder time securing external financing because they may not have a lot of physical assets to use as collateral or indicate their long-term viability as a company. Banks and other lenders may require a higher level of personal capital involvement by owners and officers before lending money to the company.
Generating a positive daily cash flow may also be difficult because of the fees involved with website protection, hosting, electronic shopping carts and credit card companies. These fees are required by vendors of eCommerce companies and cannot be avoided.
To mitigate these risks, eCommerce companies must employ accountants or use a public accounting firm to ensure that no internal waste of cash is going on and all expenses are relevant to the operation of the company.