indexelectronicinvoicement
DESCRIPTION
Index of the document: Implementation process of electronic invoiceTRANSCRIPT
www.yourlegalconsultants.com
Internet:Electronic invoicement
Process implementation for companies
ELECTRONIC INVOICEMENT
DOCUMENT: Recommendations for businesses for the implementation or auditing of electronic invoicing processes
Available documents in www.yourlegalconsultants.com
www.yourlegalconsultants.com
1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES
INDEX OF THE DOCUMENT
GUIDELINES FOR AUDITING AND IMPLEMENTING E-INVOICING SYSTEMS
INTRODUCTION
1.SCOPE OF APPLICATION
2.IDENTIFICATION OF ASSETS IN A STANDARD INVOICING PROCESS
2.1. Organisation and role of the CDO in the Invoice Department
3.ORGANISATIONAL ENVIRONMENT FOR SECURITY (EXAMPLE OF A DEFINITION OF A SECURITY POLICY)
3.1. Organisation for security
3.1.1. There should be a security policy3.1.2. The security policy should be approved by the Management3.1.3. The security policy should be supported by the Management3.1.4. The correct use of each system should be specified and duly documented3.1.5. Written procedures should be produced for all operational security processes (administrators, operators and users)
3.1.6. There should be a security board to centralise decisions regarding the security of installations and systems3.1.7. All of the system's assets should be inventoried3.1.8. All issues should be taken into account3.1.9. A catalogue of metrics should be established to ascertain the security status
www.yourlegalconsultants.com
1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES
3.2. Access control
3.2.1. No access should be granted without prior identification of the person concerned3.2.3. Access to systems3.2.4. Access to data or logical access to information
3.3. Identification - Authentication
3.3.1. Physical in terms of the facility3.3.2. Logical concerning identification and subsequent logical access to systems3.3.3. Identification on line. With reference to the network
3.4. Registration
3.4.1. Physical registration of the facility3.4.2. Registration of logical access to the systems3.5. Audit
3.5.1. Physical security audit of the facility3.5.2. Logical systems security audit
www.yourlegalconsultants.com
1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES
3.6. Confidentiality
3.6.1. Personal information should be identified3.6.2. A system should be set up to classify information3.6.3. Confidentiality for physical installations that host sensitive information (if applicable)3.6.4. Logical confidentiality of information
3.7. Integrity
3.7.1. Physical integrity of installations and equipment3.7.2. Logical integrity of systems and information
3.8. Availability
3.8.1. Physical availability of installations and equipment3.8.2. Logical availability of systems and applications
3.9. Data interchange / communications
3.9.1. Physical interchanges3.9.2. Logical interchanges3.9.3. Data interchange or Access to information3.10. Legal compliance3.10.1. Installations3.10.2. Systems and information
www.yourlegalconsultants.com
1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES
3.11. Personnel
3.11.1. Personnel should be selected in consideration of the security requirements of the job3.11.2. Personnel should be recruited in consideration of the security requirements of the job3.11.3. Personnel should be informed of the responsibilities expected of them in their job3.11.4. Personnel should be trained in consideration of the security requirements of the job
www.yourlegalconsultants.com
1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES
4. ANALYSIS OF THE RISKS TO BE TAKEN INTO ACCOUNT IN E-INVOICING PROCESSES FROM THE POINT OF VIEW OF THE PROVIDER AND FROM THE POINT OF VIEW OF THE CUSTOMER
4.1. General Processes
4.1.1. General risk in Information Systems4.1.2. Risk in third-party invoicing service provider4.1.3. Audit risk due to lack of current documentation on general processes and procedures
www.yourlegalconsultants.com
1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES
4.2. Process for carriage and logistic distribution of the dispatch.
4.2.1. Risk of using an e-invoicing system devoid of any clear, transparent identification
4.2.2. Risk of sending out e-invoices without prior acceptance on the part of the customer
4.2.3. Risk deriving from trading partners involved in the carriage of goods or services having access to the e-invoicing system withoutany prior agreement between the parties.
4.2.4.Risk of access to the electronic invoicing system on the part of the carrier without providing those responsible with any sort of preliminary training in the use of key functions of the invoice system.
4.2.5.Risk of incompatibility of the electronic invoicing systems, creating vulnerabilities in security throughout the process of exchanging information.
4.2.6.Risk of providing access to the electronic invoicing system without positive testing of the communication based on criteria that have been agreed upon previously by the parties concerned.
4.2.7.Risk of providing access to the electronic invoicing system without positive testing of the communication based on criteria that have been agreed upon previously by the parties concerned.
4.2.8. Risk of issuing electronic invoices in EDI format without the prior consent of the customer.
4.2.9. Risk deriving from suppliers using different structures in EDI format
www.yourlegalconsultants.com
1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES
4.3. Chain of custody and storage of electronic invoices and their auditing.
4.3.1. Risk of checking the validity of the certificate at the time of signature or when the receipt is issued for the electronic invoice.4.3.2. Risk deriving from the impossibility of verifying the integrity of the electronic invoice4.3.3. Risk deriving from not keeping the electronic invoices in the period set by the legislation in force4.3.4. Risk of non-availability of the electronic invoices for a reasonable length of time.4.3.5. Risk of amending the invoices within the retention period.4.3.6. Risk that the information stored is not in a human-readable format as a result of computer processing.4.3.7.Risk that the information contained in the electronic invoice might not be entirely accurate due to the continued existence of erroneous calculations, master data and encryption tables in the invoice application.
4.3.8. Risk of not retaining audit trails
4.4. Reception process to be followed with respect to the carriage of goods or services
4.4.1.Risk of very little control in transactions and storage of electronic invoices and delivery notes, preventing access by the competent authorities.
4.4.2. Risk of non-receipt or access to the original electronic invoice on the part of the customer.
4.5. Generic process for the carriage of data or messaging.
4.5.1.Risk of alteration or change in the data contained in the invoice or e-invoice during transmission.
www.yourlegalconsultants.com
Thank you for your interest
[email protected] personal queries, please contact:
www.yourlegalconsultants.com