CH APT E R  

14

E-Commerce and E-Business

Introduction to E-Commerce
STUDY OBJECTIVES
and E-Business
This chapter will help you
gain an understanding of the (Study Objective 1)
following concepts:
The Real World example on the next page will help you
1. An introduction to e-commerce
understand the context of many concepts covered in this
and e-business
chapter. Please read the Real World example to begin effec-
2. The history of the Internet tive reading and studying of this chapter.
3. The physical structure and Organizations use information technology (IT) to improve
­standards of the Internet efficiency and effectiveness of their operations. As presented
4. E-commerce and its benefits in the Real World example on the next page, Walmart transi-
tioned to Internet EDI to save costs and to take advantage of
5. Privacy expectations in
the new EDI technology. For Walmart and in many other
e-commerce
cases, this transition resulted in major changes, not only for
6. E-business and IT enablement the newly IT-enabled organizations, but also for their trading
7. E-business enablement partners, the entire business world, and other aspects of the
examples economy. The Walmart decision caused 10,000 Walmart sup-
8. Intranets and extranets to pliers to invest in new IT systems and resulted in major
­enable e-business changes in the demand for EDIINT.
Walmart’s EDIINT transition is an example of e-business.
9. Internal controls for the Internet,
E-business is the use of electronic means to enhance business
intranets, and extranets
processes. E-business encompasses all forms of online elec-
10. XML and XBRL as e-business tronic trading, consumer-based e-commerce, and business-to-
tools business electronic trading and process integration, as well as
11. Ethical issues related to the use of IT and related technologies for process integration
e-­business and e-commerce inside organizations.
“E-business” is a term used widely in business and in the
mass media. However, there are sometimes misunderstandings
about e-business and e-commerce, and any differences between
the two. In addition, the sheer number of acronyms in use in e-business and the tech-
nological nature of some of the acronyms can make it difficult to understand
e-­business. The first purpose of this chapter is to define and clarify many of the terms
and concepts related to e-business and ­e-commerce. In addition, this chapter describes
the advantages, disadvantages, security issues, and controls related to e-business.

502
 Introduction to E-Commerce and E-Business (Study Objective 1)  503

The Real World

were adequate. It announced that its 10,000
small and mid-size suppliers had one year to
begin using Internet EDI (EDIINT AS2). This was a
tremendous change from its traditional EDI and
value-added networks, and it had a dramatic
© José Luis Gutiérrez/iStockphoto
impact not only on Walmart’s suppliers but on
many other large companies and their suppliers
A few years ago, Walmart effected a huge worldwide. Some call Walmart the market maker
change in the EDI (Electronic Data Interchange) for Internet EDI. Its change to EDIINT led to a
approach to business-to-business transactions. revolution of adoption of Internet EDI around the
Although EDI had been around for many years, world. Since the buyer and seller have to use the
the technology had advanced to allow it to same EDIINT AS2 protocol, Walmart forced a huge
be conducted cost-free over the Internet. Yet number of companies to switch to EDIINT, and
many were concerned about the lack of secure in turn, those suppliers used EDIINT with other
transmission over the Internet. By 2002, Walmart business customers.
felt the new security standards, called AS2,

There is some overlap between e-commerce and e-business, and this leads some
to confuse the two concepts. E-commerce is electronically enabled transactions
between a business and its customers. E-business is a broader concept that includes
not only electronic trading with customers, but also servicing customers and ven-
dors, trading information with customers and vendors, and electronic recording
and control of internal processes. These internal processes include electronic
employee services such as access to personnel records and fringe benefits informa-
tion, travel and expense reporting, and purchases of office supplies and other items.
Exhibit 14-1 shows the differences and the overlap between the two concepts.
E-commerce is the sale of goods or services from a business to an end-user or
consumer. Since e-commerce involves selling to consumers, the usual sale will be a
relatively small dollar amount when only a few items are sold. The company making
the sale will strive for high-volume sales to many consumers to generate a profit. Its
customers will use a user-friendly interface, such as a Web browser, to place the
order and pay with a credit card. Amazon.com, Inc., is a well-known example of an
e-commerce enterprise. The sales between Amazon.com and its customers are sales
between a company and end-user customers.

E-Business
Systems

Technology E-Commerce
Suppliers THE INTERNET Customers
Infrastructure Systems

EXHIBIT 14-1 
E-Business and E-Commerce
504  Chapter 14  E-Commerce and E-Business

On the other hand, e-business is a broader concept that encompasses many busi-
ness processes, using IT systems to enhance or streamline these processes. A part of
e-business includes company-to-company sales, including the sale of goods, services,
or raw materials between companies in a supply chain, as well as internal processes
like product design and production. An example of a supply chain sale is a manu-
facturer that buys raw materials from a vendor, using the Internet as the electronic
network. These e-business sales tend to be large in dollar value and each order is
likely to include many items. The buyer and seller will use common business docu-
ments such as purchase orders and invoices, but in electronic form. The software
interface between buyer and seller will usually involve more than just a Web browser.
The vendor’s and buyer’s computer systems may be linked, and the vendor may
actually be able to access and monitor the buyer’s inventory systems.
For a majority of e-business enabled companies, the infrastructure that supports
e-business and e-commerce includes software systems such as ERP, CRM, and SCM.
The details of this infrastructure was described in Chapter 6.
The most common method of conducting e-commerce and e-business is to use
the Internet to electronically exchange data. The next section presents the histori-
cal development of the Internet, which provides insight into its widespread applica-
tion in the business world.

The History of the Internet

(Study Objective 2)
Much of the technology foundation upon which the Internet is based was devel-
oped by university and military researchers over 50 years ago. To understand the
current status of the Internet, it is useful to briefly review the historical development
of the Internet and the underlying technology. In 1965, a researcher at MIT con-
nected a computer in Massachusetts to a computer in California, using dial-up tel-
ephone lines. During this time, the U.S. military needed a method of sharing data
and research among universities that were working on defense research projects. In
1969, the large computers at four major universities were connected via leased tel-
ephone lines. This network, used by the United States Defense Advanced Research
Project Agency, grew into a network called ARPANET. The purpose of the network
was to share military research data among UCLA, UC Santa Barbara, Stanford, and
the University of Utah. Over a period of only a few months, NASA, the Rand
Corporation, and many other universities were connected to this network.
Two of the technologies developed for ARPANET form the basic foundation of
today’s Internet. Packet switching and routers are necessary to send data over the
network. Packet switching sends data over a computer network. Computer data is
divided into packets (small packages of data). Each packet is sent individually over
the network, with each packet possibly transmitted via a different route. When the
packets arrive at the destination, they are reassembled into the correct order to
recreate the original data. When data is sent packet switched, small parts of the data
are transmitted, next they are verified for correctness, and then more information
is sent toward the destination.
A router is an electronic hardware device that is located at the gateway between
two or more networks. The router forwards the packets of data along the best route
so the data reaches its destination. The ARPANET used both of these technologies,
which have continued to be used in the Internet of today.
 The History of the Internet (Study Objective 2)  505

The ARPANET was developed during the height of the Cold War and nuclear
weapon proliferation. Thus, the network was designed so that if any of the sites were
destroyed by a nuclear attack, the other sites could still function and share the mili-
tary research data. Therefore, routers were designed to direct the network traffic via
many possible alternative routes.
E-mail, which is simply another form of data that can be transmitted over a net-
work, was adapted to ARPANET in 1972. Ray Tomlinson of BBN Technologies devel-
oped the idea of using the @ symbol to separate the user name from the address.
BBN Technologies has been involved in much of the development of the Internet.
BBN Technologies also developed a communication protocol for ARPANET that is
still used today. Since there were several different brands and types of computers in
the network ARPANET, a common communication protocol was necessary to allow
different types of computers to communicate. A protocol is a standard data com-
munication format that allows computers to exchange data. Computers must have
a common communication method to be linked together in a network. As an anal-
ogy, consider what might happen if a foreign exchange student from Japan met a
foreign exchange student from Spain in the hallway of the business building at your
college. They would be completely unable to communicate in their native lan-
guages. However, if both were accompanied by an English translator, their native
languages could be translated into English, communicated between the translators
(the network), and then translated into the language of either student. Likewise, a
common and standard communication protocol allows computers with different
operating systems to communicate on a network. Thus, a UNIX computer, or Digital
Equipment Company’s (DEC) OpenVMS, can communicate with a Windows or
Apple computer.
In the 1970s, BBN Technologies helped develop the TCP/IP protocol that con-
tinues to be used in the Internet today. TCP/IP is an abbreviation for transmission
control protocol/Internet protocol.
Through the 1970s and 1980s, the ARPANET continued to grow, adding universi-
ties, research organizations, and libraries to its network. However, other than uni-
versities, libraries, and research organizations, there were no other users of
ARPANET. In 1986, the National Science Foundation (NSF) funded and began
developing a backbone set of servers, gateways, and networks that eventually became
what we now call the Internet. The NSF also set rules for the use of the Internet by
government, university, and research users. Throughout its history of development
and until the early 1990s, the Internet was not user friendly and was not used by the
general public. The Internet is the global computer network, or “information super-
highway.” The term “Internet” comes from the concept of interconnected networks.
Thus, the Internet evolved from a variety of university- and government-sponsored
computer networks built largely for research. That network became the Internet
and now consists of millions upon millions of computers and subnetworks through-
out the world. The Internet serves as the backbone for the World Wide Web (WWW).
In 1993, Marc Andreessen developed the first graphical user interface (GUI)
browser, which he named Mosaic. Using the ideas and concepts in the Mosaic
browser, Andreessen developed the Netscape® Navigator Web browser. Netscape
became a phenomenon and fueled the use of the Internet by the general public.
A GUI browser made the Internet user-friendly so that it could be used by the gen-
eral public. During this period, more commercial enterprises became involved in
adding to the network backbone of servers, routers, and gateways. In 1992, com-
mercial enterprises such as Delphi Corporation and America Online (AOL) began
offering Internet access to subscribers. This was the first time that the general public
506  Chapter 14  E-Commerce and E-Business

Total number of websites (Iogarithmic scale)

Hostnames
10,000,000,000
Active sites
1,000,000,000 S T U
K L M NO PQ R
100,000,000 J
I
10,000,000 GH
EF
D
1,000,000 C
B
100,000 A

10,000

1,000
5 6 7 9 0 1 2 3 4 6 7 8 9 0 1 3 4 5
99 99 99 99 00 00 00 00 00 00 00 00 00 01 01 01 01 01
u g 1 ct 1 ec 1 eb 1 pr 2 un 2 ug 2 ct 2 ec 2 eb 2 pr 2 un 2 ug 2 ct 2 ec 2 eb 2 pr 2 un 2
A O D F A J A O D F A J A O D F A J
EXHIBIT 14-2  Chart of the Number of Websites (Source of data: news.netcraft.com/archives/2016/)

could access the Internet by buying a monthly subscription account with an Internet
­service provider. In 1994, the first business transaction occurred on the Internet.
In 1995, the NSF relinquished control of the Internet backbone to commercial
enterprises, and the NSF funded backbone was separated from the Internet and
returned to a research network. Since that time, all Internet traffic has been routed
through commercial networks. The latter half of the decade of the 1990s saw explo-
sive growth of the Internet. Retailers and other organizations began conducting
business via the Internet, and many new Internet-based companies were formed.
Companies such as Amazon.com, eBay, Webvan, and Pets.com were started during
this time. These are only a few examples of the so-called dot-com firms of the 1990s,
some of which did not survive beyond the beginning of the next decade.
As the Internet grew, the backbone was continually updated and improved to add
servers, routers, and networks that transmit data much faster. The speed and amount
of network traffic grew very rapidly as new technologies fueled improvements. The
exponential growth of the Internet throughout its life can be seen in Exhibit 14-2.
As you will note by looking at Exhibit  14-2, there have been a few periods of
decline in the number of websites, such as during economic downturns in 2002 and
2009. However, Exhibit 14-2 shows that the number of websites has continued to
grow rapidly, and the overall trend shows exponential growth since the Internet was
commercialized.

The Physical Structure and Standards

of the Internet (Study Objective 3)
The Network
Exhibit 14-3 shows the types of organizations that make up the interconnected net-
works of the Internet. The Internet includes backbone providers, network access
points, regional Internet service providers (ISPs), local ISPs, and Internet subscrib-
ers. The Internet is a hierarchical arrangement: there are a few large backbone
providers, many more regional and local ISPs, and millions of Internet subscribers.
Internet subscribers are the individual users of the Internet.
 The Physical Structure and Standards of the Internet (Study Objective 3)  507

Local ISP

Regional ISP

National Backbone Provider

NAP NAP

National Backbone Provider

Regional ISP

Local ISP EXHIBIT 14-3  Architecture

of the Internet

A backbone provider is an organization which supplies access to high-speed

transmission lines that make up the main network lines of the Internet. Much like
the way that your spinal bones, or backbone, support all the skeletal systems of your
body, the Internet backbone is the main trunk line of the Internet that is a fiber
optic trunk. The backbone has extremely high capacity and high-speed network
lines. The actual speed and capacity of the backbone lines continually increase as
the technology is upgraded, and the speed of the U.S. backbone is 100–200 giga-
bytes per second. This means that up to 200 billion bits of data could be transmitted
over the network lines in one second. The backbone providers connect to each
other either directly through private lines or through network access points (NAPs).
Major backbone providers in the United States are companies such as Level 3
Communications, TeliaSonera International Carrier, NTT, Cogent, GTT, Tata
Communications, AT&T Inc., MCI, Sprint, and CenturyLink.
Regional ISPs connect to the backbone through lines that have less speed and
capacity than the backbone. The network lines used to connect regional ISPs to
the backbone are usually T3 lines. A T3 line carries data at 44.476 megabits per
second (44 million bits per second). Local ISPs connect to regional ISPs by either
T3 or T1 lines. A T1 line carries data at a speed of 1.544 megabits per second
(mbps). Regional and local ISPs usually use several T3 or T1 lines simultaneously.
You might envision how this works by thinking about water hoses. If you squirt one
water hose at a house fire, only a small volume of water reaches the fire. However,
the use of four water hoses, all aimed at the same fire, will send four times the vol-
ume of water.
Local ISPs connect individual users to the Internet. These Internet subscribers
are connected to local ISPs using either digital subscriber lines (DSL), or cable TV
lines. DSL speed is usually 5–20 mbps and cable broadband speeds are 10–100 mbps.
Examples of local ISPs are local telephone and cable companies.
At each of these organizations and gateways, there are computers that function
as Web servers. A Web server is a computer and hard drive space that stores Web
pages and data. These Web servers respond to requests for Web pages or data, and
transmit the Web pages or data over the network. Through these interconnected
networks and Web servers, any computer connected to the Internet can communi-
cate with any other computer on the Internet. This system enables e-business,
e-commerce, and e-mail to function as we know it today.
508  Chapter 14  E-Commerce and E-Business

The Common Standards of the Internet

Since any computer can theoretically link to any other computer on the Internet,
there must be common and standard methods to display and communicate the data
transmitted via the Internet. Each computer on the Internet uses the TCP/IP pro-
tocol to communicate with the network. While all computers connected to the
Internet could possibly be part of the World Wide Web, every such computer is not
necessarily part of the Web. The World Wide Web is an information-sharing network
that uses the Internet as the network to share data.
Web pages that are part of the World Wide Web are available to anyone using a
Web browser. However, a common way to present and read the data on a Web page
is also necessary. The language invented to present data on websites is HTML, a
hypertext markup language. Nearly all websites use HTML to format the words,
data, and pictures that you see on a Web page. Exhibit 14-4 shows a very simple Web
page and the HTML source code that formats and presents the words and the arrow
symbol on this Web page. There are many users of the Internet throughout the
world, using different types of computers with different operating systems. The
common formatting language HTML for Web pages allows any computer to display
the Web page the way it was intended to be displayed. HTML has evolved over the
years to increase functionality and security. The current standard, HTML 5, allows
much richer use of video and audio, as well as better security than the previous ver-
sions. These enhancements make the Internet user-friendly for browsing, and also
increase its usefulness for e-commerce or e-business.
In addition to a standard communication protocol and a standard formatting
language for Web pages, there must also be a common addressing method to
store and locate Web pages. The addresses of websites and Web pages use a uni-
form resource locater (URL) address. A URL is the address you type in to reach
a website. For example, the URL address of the Google search engine is http://
www.google.com. The “http” in a URL address stands for “hypertext transmission
protocol.” When you type in a URL, your Web browser actually sends an http
command to a Web server, directing the server to find and transmit the Web page
you requested.
In a URL address such as http://www.google.com, the google.com part is called
the domain name—the unique name that identifies the Internet site. Organizations
must register a domain name to own its exclusive use. For example, The Coca-Cola
Company has registered and pays a monthly fee to own and use the domain name
coke.com. Domains have a suffix indicating the type of organization owning the
rights to that domain name. In the United States, some of the common suffix por-
tions of domain names are as follows:

Suffix Organization Type

.com commercial business
.edu educational institution
.org nonprofit organization
.gov governmental organization or unit
.mil military organization
.net network or commercial business

For domains outside the United States, the suffix indicates the country. For ­example,
.ca is Canada and .au is Australia.
 The Physical Structure and Standards of the Internet (Study Objective 3)  509

<html>
<head>
<title>A Simple Web Page</title>
</head>
<body>
<h1><center>A Simple Web Page</center></h1>
This is a simple Web page to demonstrate the following concepts:
<ol>
<li>The view of a Web page in a browser.</li>
<li>The underlying <b>HTML code</b>.</li>
<li>The <i>linking</i> of one Web page to another.</li>
</ol>
<center>To return to the home page, <a href=“www.simplesite.com/index.htm”>click
here</a>.</center>
</body>
</html>
EXHIBIT 14-4  A Simple Web Page and the HTML Source Code
510  Chapter 14  E-Commerce and E-Business

The URL addressing system actually uses IP addresses rather than domain names
that are spelled out. An IP address is an Internet protocol address. A given domain
name is associated with a single IP address. In the same way that your postal address
allows your mail carrier to locate your exact home, an IP address contains the
unique information that allows a specific website or server to be located.
There are specialized servers on the Internet called domain name servers (DNS),
which function to store, index, and provide IP addresses for each domain name.
When a domain name such as coke.com is typed into a Web browser, a request is
sent to a DNS to find the IP address of the domain, and the website is located on the
basis of the IP address.
Since the Internet is an open network system that anyone can access, there are
those who misuse the Internet for illegal and fraudulent activity. Examples of such
risks are hackers, identity thieves, password sniffers, and denial of service attacks.
Without an extra layer of protection, any data exchange between a user and a Web
server is open for anyone to read. This means if you enter your credit card number
on an e-commerce website, your credit card number and other data can possibly be
intercepted. Therefore, the majority of e-commerce sites use common forms of
encryption and data protection.
The standard form of encryption embedded in e-commerce sites and in Web
browser software is secure sockets layering (SSL), an encryption system in which the
Web server and the user’s browser exchange data in encrypted form. The Web
server uses a public encryption key, and only the browser interacting with that Web
server can decode the data. Web browsers in use today use 128-bit encryption.
Persons using a Web browser will know they are connected to a secure encrypted
site that uses SSL by seeing two things in their Web browser. First, a website using
SSL will have a URL address that begins with https://. The extra “s” at the end of
the http denotes a secure site. Also, most browsers show a picture of a locked pad-
lock in the lower bar of the Web browser. SSL and encryption allow the general
public to conduct e-commerce over websites with less risk of exposing credit card or
other private information.
The Internet network, the World Wide Web, and the common standards used
allow the general public to browse the Web, share data, send e-mail, and conduct
e-commerce. The next section describes e-commerce.

E-Commerce and its Benefits

(Study Objective 4)
There has never been complete agreement on an exact definition of e-commerce.
However, most would agree that e-commerce is a transaction between a business
and customer, in which the transaction information is exchanged electronically.
Under such a broad definition, there are many forms of exchange that could be
called e-commerce. The use of a credit card at a department store, ATM transac-
tions with a bank, EDI transactions between a vendor and a buyer, and Web-based
transactions all fit into this definition of e-commerce. With the explosive growth of
“Web-based” commerce in the last decade, e-commerce has widely come to be
thought of as Web-based. That is, the average person thinks that e-commerce is
Web-based commerce. Since Web-based commerce is the most common form of
e-commerce, this section will focus on the Web-based form of e-commerce.
 E-Commerce and its Benefits (Study Objective 4)  511

Hereafter, the references to e-commerce will be to Web-based e-commerce.

Also, e-commerce will refer to business-to-consumer sales. The common term for
business-to-consumer e-commerce is B2C. Conversely, the term e-business will
­
include business-to-business electronic transactions. The common term for
­business-to-business electronic sales is B2B.
B2C sales are transactions between a business and a consumer, which usually
involve a retail or service company whose customers are end-user consumers. While
there are literally thousands of different types of B2C transactions, some examples
are as follows:
1. Buying various products on Amazon.com
2. Buying clothes at L.L. Bean online
3. Buying an airline ticket on Expedia.com
4. Buying a computer at Dell.com
The common aspect in these transactions in that the consumer interacts with the
business via the business’s website.
There are many advantages of B2C sales to the business and to the customer.
Both parties benefit from the increased access to the market, the speed and con-
venience of e-commerce, and the ability to share information.

Benefits and Disadvantages of E-Commerce

for the Customer
For a customer buying products or services, the major benefits of e-commerce relate
to the increased access, speed, convenience, and information sharing mentioned
previously. More specifically, the benefits to the customer are the following:
1. E-commerce provides access to a very broad market for goods and services. By
using e-commerce, a customer is not constrained by geography or geographic
boundaries. If a customer wishes to buy a shirt, he can access any number of
websites selling shirts, some of which may be in other states or countries. The
customer need not physically visit a store to make a purchase.
2. E-commerce provides convenient times for shopping. Orders can be placed
24 hours a day, 7 days a week. As mentioned in item 1, an e-­commerce cus-
tomer does not need to go to a store to make a purchase, and is not limited
by location or hours of operation as he would be when shopping at a store.
3. Wider access to the marketplace provides more choices to the cus­tomer.
This may enable the customer to more easily find the same product at a
lower price. In addition, the wider market access may allow the customer
to find a product with better features at a more competitive price.
4. E-commerce is likely to provide lower prices for many reasons. Businesses that
sell via e-commerce can reduce many costs, and these cost savings can be
passed on to the customer. (The details of the cost savings will be discussed
later.) In addition, the customer may not be required to pay sales taxes for
e-commerce purchases. However, in many cases, the savings may be offset by
shipping or delivery costs.
5. The information-sharing aspect of the Internet and World Wide Web allows
the customer to exchange information with businesses before, during, and
after the purchase. Some e-commerce websites have live chat sessions with
product or service specialists to answer questions.
512  Chapter 14  E-Commerce and E-Business

6. E-commerce can provide quick delivery of the product, enabled by fast

­processing time. To fill an order, the business does not have to undertake
time-consuming steps such as entering order information into the computer
system. As soon as the customer enters the order via the website, order pro-
cessing can begin.
7. Customers can receive targeted marketing from businesses and websites
where they shop. For example, Amazon.com analyzes customer buying pat-
terns and can recommend specific products that may be of interest to
the customer.
While there are significant advantages to e-commerce to the customer, there are
also disadvantages. The free and open nature the World Wide Web allows the oppor-
tunity for fraud, theft of assets, or theft of data. Customers may have concerns about
the privacy and security of personal information shared with businesses during
e-commerce transactions. Hackers and identity thefts can potentially steal credit
card information, banking information, and private data. Security concerns may
prevent some customers from purchasing via e-commerce. Businesses that wish to
benefit from E-commerce need to respond by trying to ensure the security and pri-
vacy of customer data. The details of privacy principles are covered later in
this chapter.
The other disadvantage for the customer is the inability to handle or try out the
product before making a purchase decision. Compared with an in-store shopping
experience, it is more likely that e-commerce customers will not be satisfied with
their purchases.

Benefits and Disadvantages of E-Commerce

for the Business
Advantages to the business are as follows:
1. E-commerce provides access to a much broader market, including the poten-
tial of a global market for even small businesses. Traditional geographic
boundaries are no longer a constraint if the business uses e-commerce.
2. Dramatically reduced marketing costs are a typical result of the expanded
market. While a business may still spend for advertising, such as for Web-
based ads, the cost per customer reached is usually substantially less than for
traditional forms of marketing. For example, suppose that an electronics
store can place a local television advertisement at a cost $10,000 to reach
10,000 customers. That same amount spent on a Web-based ad could possibly
reach millions of potential customers.
3. E-commerce provides the potential for richer marketing concepts that
include video, audio, product comparisons, product testimonials, and prod-
uct tests. On its website, a business can provide links to these marketing tools.
4. Companies can quickly react to changes in market conditions. For example,
if market changes lead to price drops, a company can quickly change prices
on its website, and all customers can see the new price immediately. If a com-
pany uses mail-order catalogs instead of e-commerce, price changes can occur
only when a new catalog is printed. If a store such as Walmart wishes to change
prices in all of its stores in a specific region or state, it would be somewhat
time-consuming to update the signs and systems to make these price changes.
 E-Commerce and its Benefits (Study Objective 4)  513

5. Companies using e-commerce are likely to experience reduced order-­

processing and distribution costs. Order-processing costs are low because
e-commerce automates all or most of the order processing. Rather than
employees taking sales orders by phone or mail and keying them into the IT
system, the customer enters all order information. Distribution costs are low
simply because e-commerce uses a much different model than traditional
retail businesses. Many e-commerce businesses do not maintain stocks of
inventory in stores or warehouses. The business may instead order only when
a customer orders, and have the product drop-shipped directly from the sup-
plier to the customer.
6. Due to the customer convenience aspect of e-commerce, the business will
likely have more sales and receive higher customer satisfaction ratings.
7. Higher sales coupled with reduced marketing, order processing, and distribu-
tion costs can lead to much higher profits.
Businesses may also realize some disadvantages to e-commerce. The IT systems
­necessary to conduct e-commerce are usually much more complex and costly. The
e-commerce software and systems must also be implemented in a way that
­integrates the existing general ledger, inventory, and payment IT systems. (The IT
software and hardware infrastructure that supports e-commerce and e-business is
discussed in Chapter 6.) In addition, the free and open nature of the World Wide
Web makes a business more vulnerable to potential fraud, hackers, and compro-
mised customer privacy.

The Combination of E-Commerce

and Traditional Commerce
Much of the preceding discussion focused on the comparison of e-commerce with
traditional forms of commerce, namely, catalog and store commerce. However, in
today’s business environment, most retailers or service businesses use a combina-
tion of traditional commerce and e-commerce. For example, Walmart, Target, and
Kohl’s are traditional store-based retailers that also offer Web-based shopping.
Local, regional, and national banks all used to depend on customers’ walking, rid-
ing, or driving to a bank branch office. Today, banks also offer Web-based banking
and mobile device (smartphone) banking apps. So, traditional forms of commerce
have changed to incorporate e-commerce. However, the converse is true also. Many
e-commerce retailers that began purely as e-commerce businesses have found that
they must add the traditional customer interaction in the form of stores or offices.
For example, E*TRADE Financial Corp., a Web-based brokerage firm, found that it
needed some physical office locations to better service its customers. E*TRADE
opened offices around the country and placed a link on its website called “Find a
Branch”. The Web page that customers access by clicking on that link presents the
addresses of regional E*TRADE offices in large cities.
This merging and melding of forms of commerce led to new terminology in the
world of commerce. Companies that work from purely traditional stores are called
bricks and mortar retailers. At one point in the evolution of e-commerce, businesses
that were purely Web-based were called e-tailers. As businesses merged the two, the
resulting combined forms are referred to as clicks and mortar businesses.
Alternatively, some call this form of business bricks and clicks. These terms are less
frequently used today because the underlying practices are so well-known.
514  Chapter 14  E-Commerce and E-Business

Privacy Expectations in E-Commerce

(Study Objective 5)
Chapter  4 described the relationship between IT risks and controls, using the
AICPA’s Trust Services Principles and criteria as the framework to examine risks and
controls. That section of Chapter 4 provided details regarding four (items 1, 2, 3,
and 5) of the five risk areas identified in the Trust Services Principles. The fourth
risk area of IT systems described in the AICPA Trust Services Principles is “online
privacy.” Regarding this risk area, the Trust Services Principles states that the “online
privacy principle focuses on protecting the personal information an organization
may collect from its customers, employees, and other individuals”1 through its
e-commerce systems. This personal information consists of many different kinds of
data. The Trust Services Principles provide the following partial list of personal
information to be protected:
• Name, address, Social Security number, or other government ID numbers
• Employment history
• Personal or family health conditions
• Personal or family financial information
• History of purchases or other transactions
• Credit records
In the course of conducting business with customers, organizations may have legiti-
mate reasons to collect and keep customer data. However, to conduct e-commerce,
organizations must provide to customers a level of confidence in the privacy and
security of the personal information that is shared. To engender such confidence,
the organization must demonstrate that it has taken appropriate steps to ensure
privacy. The Trust Services Principles explain 10 privacy practices that help an
organization to ensure adequate customer confidence regarding privacy of infor-
mation, as follows2:
1. Management. The organization should assign a specific person or persons,
the responsibility for the organization’s privacy practices. That responsible
person should ensure that the organization has defined and documented its
privacy practices and communicated them to both employees and customers.
Management should also be held responsible for ensuring that privacy prac-
tices are followed by employees.
2. Notice. The organization should have policies and practices to maintain pri-
vacy of customer data. Notice implies that the company communicates the
privacy practices to customers in some manner. At the time that data is to be
collected, a notice should be available to the customer that describes the pri-
vacy policies and practices. Many e-commerce organizations accomplish this
by providing a link on their website to privacy policies. Notice should include
information regarding the purpose of collecting the information, and how
that information will be used.
3. Choice and consent. The organization should provide options to its custom-
ers regarding the collection of data, and should ask for consent to collect,
retain, and use the data. Customers should be informed of any choices they
1
“Suitable Trust Services, Criteria and Illustrations, American Institute of Certified Public Accountants
and Canadian Institute of Chartered Accountants, 2009 (www.aicpa.org).
2
Ibid.
 E-Business and IT Enablement (Study Objective 6)  515

may have to opt out of providing information. Also, customers should have
access to descriptions about the choices available and the organization’s pri-
vacy policies. As in “Notice” in Point 2, these descriptions usually are in the
form of a link to the applicable areas of the organization’s website where the
information is provided.
4. Collection. The organization should collect only the data that is necessary for
the purpose of conducting the transaction. In addition, the customer should
have provided implicit or explicit consent before data is collected. Explicit
consent might be in the form of placing a check mark by a box indicating
consent. Implicit consent occurs when the customer provides data that is
clearly marked as voluntary, or when the customer has provided data and has
not clearly stated that it cannot be used.
5. Use and retention. The organization uses customers’ personal data only in
the manner described in “Notice” in Point 2. The use of this data occurs only
after the customer has given implicit or explicit consent to use the data. Such
personal data is retained only as long as necessary.
6. Access. Every customer should have access to the data provided so that the
customer can view, change, delete, or block further use of the data.
7. Disclosure to third parties. In some cases, e-commerce organizations forward
customer information to third parties. Before this forwarding of data occurs,
the organization should receive explicit or implicit consent from the cus-
tomer. Personal data should only be forwarded to third parties that have
equivalent privacy protections.
8. Security for privacy. The organization has necessary protections to try to
insure that customer data is not lost, destroyed, altered, or subject to unau-
thorized access. The organization should put internal controls in place to
prevent hackers and unauthorized employees from accessing customer data.
9. Quality. The organization should institute procedures to insure that all cus-
tomer data collected retains quality. Data quality means that the data remains
“accurate, complete, current, relevant, and reliable.”
10. Monitoring and enforcement. The organization should continually monitor
to insure that its privacy practices are followed. The organization should have
procedures to address privacy related inquiries or disputes.
In summary, these practices require that a company establish, enforce, monitor, and
update policies and practices that protect the privacy and security of customer infor-
mation. The company should consider not only its own privacy practices and poli-
cies, but also the practices and policies of any third parties who will share information.
Companies that fail to establish good policies or that fail to enforce their policies
have violated the ethical standards that customers expect when conducting
e-­commerce. The ethics-related aspects of privacy are addressed at the end of
this chapter.

E-Business and IT Enablement

(Study Objective 6)
As discussed previously, e-business is a very broad, encompassing term for the elec-
tronic enabling of business processes. The business processes enabled by IT systems
can be internal and external. Examples of internal processes are the movement of
raw materials within a company, the timekeeping and labor management of ­workers,
516  Chapter 14  E-Commerce and E-Business

the dissemination of employee information such as health and retirement b ­ enefits,

and the sharing of data files among workers. These types of internal processes can
be streamlined and enhanced by incorporating electronic forms of processing
through the use of IT systems. Likewise, there are many external business pro-
cesses—such as those involving suppliers and distributors—that can be streamlined
and enhanced through the use of IT systems.
The supply chain is the set of linked processes that take place from the initial
acquisition and delivery of raw materials, through the manufacturing, distribution,
wholesale, and delivery of the product to the customer. The supply chain includes
vendors, manufacturing facilities, logistics providers, internal distribution centers
(such as warehouses, distributors, and wholesalers), and any other entities that are
involved, up to the final customer. In some cases, the supply may be larger at both
ends because of the inclusion of secondary suppliers and the customers of the com-
pany’s immediate customers. Exhibit 14-5 illustrates the entities in a sample supply
chain for a manufacturer and the relationships between those entities. Service firms
have a less complex supply chain.
To gain an understanding of the supply chain, it may be helpful to begin in the
middle of the exhibit. A manufacturer makes products. Upon completion of the
manufacturing, the finished products are sent to and stored in warehouses. As those
products are needed, they are shipped to distributors or wholesalers. The distribu-
tors or wholesalers eventually ship the products to retail companies, and the retail
companies sell the products to end-user consumers.
However, before a manufacturing company can produce products, it must buy the
raw materials that are the ingredients of the products. For example, a wine maker
must buy grapes. In some instances, a manufacturing company’s supply chain may
include secondary suppliers. For example, a company that manufactures personal
computers (PCs) may buy components such as graphics cards from a supplier. The
supplier, however, makes the graphics cards after buying chips and circuit boards
from secondary suppliers. While there may not be direct exchanges between the man-
ufacturer (maker of the PC) and the secondary supplier’s (the chip maker), the sec-
ondary supplier’s performance and product quality have a dramatic effect on the
manufacturer. For example, if the chip maker runs out of chips, the graphics card
maker is prevented from making graphics cards on time, which causes the PC maker
to be unable to make and ship PCs. Similarly, poor quality chip production by the chip
maker affects the quality of the graphics board, and therefore the quality of the PC.
This interdependency of entities in the supply chain means that companies
should be interested in enhancing and streamlining the processes and exchanges
that occur throughout the supply chain. Poor quality, slow performance, or process
bottlenecks anywhere in the supply chain affect other parts of the supply chain.
There is an old saying that a chain is only as strong as its weakest link. Similarly, a
supply chain is only as efficient as its weakest, or most inefficient, link.
Many interactions between entities and many business processes must occur to
complete the steps that result in raw materials being converted into products and
eventually sold to customers. Any of these processes or linkages between entities can
be enabled or enhanced by the use of IT systems. Further, any processes that are
enabled by IT become a part of e-business. This view of the supply chain shows how
broad the scope of e-business is in comparison with e-commerce. E-commerce, or
B2C sales, includes only the extreme right-hand side of the diagram in Exhibit 14-5,
when the sale is between a company and the end-user customer. E-business includes
the entire supply chain, and there is overlap between e-business and e-commerce.
E-commerce is a subset of e-business.
 E-Business and IT Enablement (Study Objective 6)  517

Potential B2B Transactions Potential B2C

Retailers Customers

Distributors

Secondary Warehouses
Suppliers

Suppliers

Manufacturer

Logistics
EXHIBIT 14-5  The Supply Chain for a Manufacturing Company

Some companies choose to be involved in many parts of their supply chain. For
example, a vertically integrated company may have its own related subsidiaries so
that each of the interactions within the supply chain is conducted with an organiza-
tion that is owned or controlled by the larger corporate entity. Vertical integration
occurs when a single company owns all of the entities that make up its supply chain,
from the movement of raw materials to the delivery of finished products to customers.
518  Chapter 14  E-Commerce and E-Business

Other companies may choose to focus on only a small part of the supply chain.
For example, a company could choose to conduct only the manufacturing portion
of the supply chain, while all other entities within the supply chain—suppliers, dis-
tributors, wholesalers, and retailers— are separate, unrelated companies. These dif-
fering levels of integration within the supply chain mean that the processes which
occur within a supply chain may be internal to a company or may involve exchanges
with external entities. In either case, internal or external, those processes and
exchanges can be streamlined or enhanced through e-business.
The “Logistics” label in Exhibit 14-5 illustrates that there are entities within the
supply chain whose function is to provide the physical support that moves materials
and goods from one part of the supply chain to the next. For example, a manufac-
turer must have a means of moving raw materials from the supplier to the manufac-
turing plant and of moving finished goods from the plant to the warehouse and
distributor. Logistics are the types of services provided by entities such as trucking
companies, air and rail freight companies, and freight expediting companies.
Any of the interactions between the entities within the supply chain may be a
point at which e-business can be applied to streamline or reduce costs. The next
section describes a smaller subset of e-business interactions within the supply chain:
B2B, or business-to-business electronic transactions.

B2B: A Part of E-Business

B2B is the sale of products or services between a business buyer and a business seller
that is electronically enabled by the Internet. In B2B sales, neither buyer nor seller is
an end-user consumer. Much of what you studied in Chapters 8–12 were e-business
processes. For example, sales between businesses occur through EDI or EDIINT;
shipments and inventory can be tracked using RFID; billing and payment occur
through Electronic Invoice Presentment and Payment (EIPP). All of these are exam-
ples of IT enablement that enhance, streamline, and reduce the cost of business-to-
business transactions. Although there are many ways to conduct business electronically
between businesses, this chapter focuses on Internet based e-business. As in the case
of e-commerce, both parties benefit from the increased access to the market, the
speed and convenience of e-business, and ability to share information. There are also
many differences between B2C and B2B transactions, as illustrated in Exhibit 14-6.
When comparing B2B with B2C, B2B has the following differing characteristics:
• The transaction or exchange is between businesses.
• The order would have many line items, and the dollar amount of each sale is
usually large.
• While a B2C sale might be a single book purchased from Amazon, a B2B sale
might be tons of raw materials, as in the case of grapes to make wine.
• The B2B sale will have specific shipping details such as type of carrier used,
delivery dates, and locations of delivery to different plants within the company.
• The B2B transaction can involve electronic forms of standard business docu-
ments such as purchase order and invoice.
• The B2C transaction is between the company and any potential customer on
the Internet. There need not be any preexisting relationship. The B2B transac-
tion is between the buyer and the supplier, and the parties usually have a pre-
existing relationship. The buyer knows which suppliers it will use, and the
supplier knows that the buyer will be buying raw materials or services. The
buyer and the supplier would have already negotiated many of the details of
the transaction, such as prices, discounts, payment terms, credit limits, delivery
dates, and locations of delivery.
 E-Business Enablement Examples (Study Objective 7)  519

EXHIBIT 14-6 
E-commerce B2C vs. E-Business B2B3
Differences between E-Commerce and E-Business
E-COMMERCE, or B2C E-BUSINESS, or B2B
• Business-to-consumer • Business-to-business
• Few line items per order • Many line items per order
• Large order volume • Very specific shipping data
• Geared to consumer’s ease of use • User-selected information content and
interaction tools, deeper functionality
• Use of credit card purchasing • Use of purchase orders
• Sophisticated transaction protocols
• No necessity of a preexisting • Buyer and seller usually have a pre-existing
relationship between buyer relationship and negotiated prices and
and seller delivery details

When conducted via the Internet, B2B transactions between supplier and buyer
offer many advantages to both parties. Many of the advantages are similar to those
described in the e-commerce section of this chapter. Internet-based transactions
offer a wider potential market, reduced transaction cost, and higher profits. B2B
will also result in faster cycle times for the purchases from suppliers. The cycle time
is the time from the placement of an order for goods to the receipt of, and payment
for, the goods. The faster cycle time results from the increased efficiency of process-
ing transactions via the Internet. In B2B transactions between suppliers and buyers,
the two IT systems exchange data through the Internet network. The Internet allows
companies to reduce or eliminate manually keying the order into the computer
system, mailing documents to initiate the order, entering receipt of goods, and key-
ing in documents to initiate payment. The fact that the two IT systems communicate
eliminates data errors, since data may no longer be manually keyed into the system.

E-Business Enablement Examples

(Study Objective 7)
There is much more to e-business than just B2B transactions. The Internet can be
used in so many different ways to streamline business processes, reduce operational
costs, and enhance efficiency that it is difficult to describe the entire range of
e-business possibilities. But for any company engaging in e-business, its internal
­processes, or processes within its supply chain, must be put on the Internet. The
following pages show real business examples of the ways in which businesses adopt
e-business strategies. These Real World examples illustrate the broad nature of
e-business, even though they do not encompass all the ways that e-business is used
to streamline processes, reduce costs, and improve relationships with suppliers, dis-
tributors, wholesalers, retailers, and customers.
To gain the advantages available in e-business, organizations must utilize various
levels of networks within and attached to the Internet. Companies must use the
Internet network to interact electronically with the entities in the s­ upply chain. The

3
Adapted from Janet Gould, “What’s the Difference between E-Commerce and E-Business? And Why
Should You Care?” ID Systems, vol. 19, issue II, November 1999.
520  Chapter 14  E-Commerce and E-Business

The Real World

General Electric Company (GE) Internet communication within the company
On April 26, 2000, Jack Welch, the well-known to expedite and track orders, reducing manual
CEO of General Electric Company, spoke at processes.
the GE annual meeting of shareholders and
described how e-business affects four aspects of General Motors Corporation (GM)
business at GE. He called these four areas “buy, Ecommerce indicated the following about a new
make, sell, and strategy.” Regarding these four GM e-business initiative called eGM.5
areas, he said the following4:
eGM has been charged with the task of
On our “buy” side, we now measure the transitioning GM’s traditional automotive
number of auctions on line, the percentage of operations into a global e-business enterprise.
the total buy on line and the dollars saved. Under the plan, GM expects to improve upon
On the “make” portion, the Internet is all customer service, efficiency and slash costs
about getting information from its source to via eGM’s integration of business develop-
the user without intermediaries. The new ment, strategic e-marketing, e-sales, e-product
measurement is how fast information gets management and technology and operations
from its origin to users and how much unpro- units to one central unit.
ductive data gathering, expediting, tracking
Again, notice that GM’s e-business strategy
orders and the like can be eliminated. This
included much more than sales. GM expected
tedious work in a typical big company is the
to apply Internet and IT systems to reduce costs
last bastion—the Alamo—of functionalism and
through e-business–based marketing and
bureaucracy. Taking it out improves both
e-business management of products and parts.
productivity and employee morale.
Mark Hogan, the division president in charge
On the “sell” side, the new measurements
of eGM, expected that this e-business initiative
are number of visitors, sales on line, percent-
would reduce internal costs by 10 percent.6
age of sales on line, new customers, share,
To achieve this goal, GM planned to “webify”7
span, and the like.
the design, engineering, and manufacture
Strategically, the breadth of our business
of vehicles. The internal processes of tracking
portfolio exposes us to a very wide range of
parts and the manufacture of cars was to be
emerging companies, many of them Internet
enhanced by the use of internal websites to
based. This intimate knowledge has enabled
reduce or eliminate the manual processes and
us to make successful strategic investments in
paper processing the company previously used
over 250 companies.
to track and order parts, to move those parts
Mr. Welch was indicating that GE uses e-business between warehouses to plants, and to more
to improve how it buys, makes, sells, and efficiently track the manufacturing process.
strategically positions the company. The buy In addition, GM intended to use e-business to
and sell concepts of e-business are somewhat reduce the cost and improve the effectiveness
evident and have been described here. However, of marketing efforts. Two examples of this were
notice that Mr. Welch indicates that e-business e-mail newsletters sent to customers and Web-
can be used within the company in internal based advertisements that potential buyers
processes such as manufacturing. GE uses could click on as they surfed the Internet.

4
“GE and the Internet: An Executive Speech Reprint” http://callcentres.com.au/GE2_Jack_Welch.htm
5
“GM Launches E-com Drive,” Ecommerce, August 10, 1999, http://www.internetnews.com/ec-news/arti-
cle.php/179701
6
“eGM head pursues broad e-commerce plan,” Infoworld, March 6, 2000, p. 18.
7
Ibid.
 Intranets and Extranets to Enable E-Business (Study Objective 8)  521

Komatsu Ltd. generate part inventory orders automatically

Komatsu is one of the world’s largest when the parts need to be reordered.
manufacturers of construction, mining, and utility
3M
equipment such as dump trucks, bulldozers,
In addition to enhancing existing business,
skid loaders, and backhoe loaders. Komatsu
e-business can help build entirely new product
sells this equipment through distributors. To
or service lines. Using advanced software and
assist distributors, Komatsu uses an e-business
cloud computing, 3M developed a revenue-
application that allows distributors online access
generating service called Visual Attention Service
to price quotations for warranties. This enables
(VAS). 3M allows its customers to scientifically
distributors to quickly answer customer inquiries.
analyze how humans react to visual designs
Kenworth Truck Company such as banner ads, print ads, signage, and retail
Kenworth Truck Company is a leading space. The customer uploads to a cloud-based
manufacturer of heavy- and medium-duty storage a visual design, such as a print ad for
trucks. Kenworth has established an e-business a magazine. 3M’s VAS scientifically analyzes the
application, which they named PremierCare® visual design to determine the likely eye path
Connect, that allows Kenworth dealers to provide when a human sees the ad and highlights the
better service to customers who buy Kenworth areas that will most likely draw attention. This
trucks. This Internet link between the customer, allows 3M customers to design more effective
dealer, and Kenworth enables the customer to visual advertising or retail space.

levels of the Internet network structure that enable e-business are the Internet,
extranets, and intranets. These levels of the network serve as the platform to con-
nect parties throughout the supply chain.

Intranets and Extranets to Enable E-Business

(Study Objective 8)
In many cases, interactions within the supply chain occur between entities that are
part of the same company. As an example, in the eGM vignette, GM was using
e-­business to enhance the engineering and manufacturing of vehicles. Therefore,
engineers and plant personnel interact electronically. This interaction within the
company would use an intranet. Exhibit  14-7 depicts the three levels of network
platforms—intranets, extranets, and the Internet—that are used in e-business.
An intranet is a private network accessible only to the employees of a company. The
intranet uses the same common standards and protocols of the Internet. An intranet

INTERNET

EXTRANET

Virtual Company
Suppliers Buyers Virtual
Environment INTRANET

Everyone with access to the Internet EXHIBIT 14-7  Internet,

Extranet, and Intranet
522  Chapter 14  E-Commerce and E-Business

uses TCP/IP protocol and the same type of HTML Web pages as the Internet. However,
the computer servers of the intranet are accessible only from internal computers
within the company. The purposes of an intranet are to distribute data or information
to employees, to make shared data or files available, and to manage projects within the
company. For example, GM engineers located in several different offices across the
United States may collaborate on the design of a new car. Those engineers can share
project files and information by the use of the internal network, the intranet.
To engage in B2C e-commerce, a company must access the Internet, since it is the
network platform that gives a wide range of customers access to B2C sales. For exam-
ple, Amazon.com could not exist as it currently does if it were not able to reach
customers anywhere and anytime over the Internet. However, when an organization
engages in B2B e-business and e-business throughout the supply chain, it is not inter-
ested in reaching the general public. Instead, e-business activities require network
access to entities such as suppliers, distributors, logistics providers, and wholesalers.
When communicating with these entities, the company in fact needs to exclude
access by the general public. For example, if Dell, Inc., is buying computer hard
drives from a supplier, Western Digital Corporation, it would be more appropriate
for these two businesses to use a network that does not allow the general public to
have access. Rather than using the Internet, this type of exchange may use an extranet.
An extranet is similar to an intranet except that it offers access to selected outsid-
ers—buyers, suppliers, distributors, or wholesalers in the supply chain. Extranets are
the networks that allow business partners to exchange information through limited
access to company servers and data. The external parties have access only to the data
necessary to conduct supply chain exchanges with the company. For example, sup-
pliers would need access to raw material inventory levels of the company they sell to,
but they would not need access to finished product inventory levels. Conversely, a
wholesaler within the value chain may need access to the manufacturer’s finished
product inventory, but would not need access to raw material inventory levels.

The Real World

An Extranet Example of B2B yet at the same time allow the company to
Staples, Inc., the office supply company, provides restrict the type and amount of office supplies
a good example of an organization using an purchased. Employees of a company using
extranet to link to large companies to facilitate StaplesAdvantage can order supplies online
sales of office supplies. StaplesAdvantage at anytime and at a pricing structure that
(www.staplesadvantage.com) is the extranet is advantageous to the StaplesAdvantage
available only to established customers of customer. The StaplesAdvantage customer can
Staples who have 50 or more employees. With also block its employees from purchasing certain
a proper company ID, user ID, and password, items. For example, a company may block the
an employee of a company can log into purchase of furniture, printers, or fax machines.
StaplesAdvantage to purchase office supplies. Through such an agreement, Staples has
This e-business arrangement offers advantages assured itself of an ongoing customer as long
to both the company buying supplies and to as it continues to satisfy the agreement terms.
Staples. The company will have negotiated Therefore, Staples increases its volume of sales
prices, acceptable products that employees can by accepting a slightly smaller profit margin
order, and payment terms. These agreements on each sale. The extranet provides benefits
give company employees convenience and to both Staples and the companies that use
control over their office supply purchases, StaplesAdvantage.
 Internal Controls for the Internet, Intranets, and Extranets (Study Objective 9)  523

Internal Controls for the Internet, Intranets,

and Extranets (Study Objective 9)
The Internet, intranets, and extranets are all networks that are intended for the shar-
ing of information and the conducting of transactions. In all three networks, con-
trols must be in place to limit access and prevent hackers and other network break-ins.
As illustrated in Exhibit  14-7, extranets must have more limited access than the
Internet, and intranets must limit access to those inside the company. For all three
network levels, a company must establish the correct level of controlled access. In the
case of intranets, only internal employees are given access to the network and infor-
mation. Extranet access should be limited to those parties in the supply chain who
will be sharing information or engaging in exchanges with the company. The gen-
eral public must be prevented from gaining access to these intranet and extranet
networks. The Internet connections of a company must also be controlled. When a
company uses the Internet for exchanges such as B2C transactions, it must by default
give access to all potential customers. However, controls must still exist to limit those
customers’ access. For example, a potential customer of Amazon.com would need to
know whether a particular book was in stock and available for immediate shipment,
but would not need to know the number of units in stock of that book. On the other
hand, a supplier in the supply chain of Amazon.com would probably need access to
inventory levels by virtue of being a part of the extranet of Amazon.com. The point
of this illustration is that a company must establish and maintain controls that limit
access to the appropriate level for related parties. Customers, suppliers, and employ-
ees need different levels of access, as well as access to different types of data.
Therefore, a company must carefully implement and maintain proper controls over
Internet, extranet, and intranet network connections.
Access is limited by establishing appropriate internal controls such as firewalls
and user authentication. The establishment and use of user authentication is
intended to prevent login to the intranet or extranet by unauthorized users. Firewalls
prevent external users from accessing the network and data on the extranet or
intranet. Chapter 4 described in detail risks and controls for IT systems. Two of the
categories of risks and controls that can limit access to intranets and extranets are
reproduced in Exhibit 14-8.

EXHIBIT 14-8 

Controls to Limit Access to Intranets and Extranets

Controls to establish authentication of users:
User ID
Password
Security token or smart card
Biometric devices
Login procedures
Access levels
Computer logs
Authority tables

(continued )
524  Chapter 14  E-Commerce and E-Business

EXHIBIT 14-8 (Continued )

Controls to prevent and detect hacking and other network break-ins:
Firewall
Encryption
Security policies
Security breach resolution
Secure socket layers (SSL)
Virtual private network (VPN)
Wired equivalency privacy (WEP)
Service set identifier (SSID)
Antivirus software
Vulnerability assessment
Penetration testing
Intrusion detection

XML and XBRL as Tools to Enable E-Business

(Study Objective 10)
Within the environment of the Internet, intranets, and extranets, two languages
have emerged as important tools to enable e-business: XML and XBRL. Both lan-
guages have important uses.
XML, short for eXtensible Markup Language, is designed specifically for Web
documents. Using XML, designers create customized tags for data that enable the
definition, transmission, validation, and interpretation of data between applications
and between organizations. XML is a rich language that facilitates the exchange of
data between organizations via Web pages.
XBRL, short for eXtensible Business Reporting Language, is an XML-based
markup language developed for financial reporting. XBRL provides a standards-
based method to prepare, publish, reliably extract, and automatically exchange
financial statements. In XBRL, dynamic financial statements can be published and
manipulated on websites. The next sections explain the uses of XML and XBRL.

XML IN INTERNET EDI

Chapter  9 described EDI (electronic data interchange) as a method to conduct
purchase transactions electronically. Traditional EDI is a technology that companies
began to implement in the late 1960s. EDI was especially popular in industries such
as rail and road transportation, auto manufacturing, and health care. Over the
years, EDI came to be the form of conducting electronic business for large compa-
nies. However, two limiting factors have made it difficult for small to medium-size
businesses to implement EDI. First, traditional EDI requires establishing very expen-
sive networks such as private leased lines or value added networks (VANs), and small
and medium-sized companies in many cases could not justify the cost. Usually, small
to medium-sized businesses adopt EDI only when forced to by a large company in
 XML and XBRL as Tools to Enable E-Business (Study Objective 10)  525

their supply chain. For example, if a small company were a supplier to Ford Motor
Company, it would have no choice but to implement an EDI system, since Ford con-
ducts purchases only via EDI. The second limiting factor is that traditional EDI in
the United States is based on an old document standard (ANSI X.12) that limits the
kind of data that can be exchanged via EDI. The ANSI X.12 standard for EDI defines
standards for common business documents such as purchase orders and invoices.
However, the standard was never intended to cover the more extensive and complex
exchange of information, such as shared files or databases, that occurs when com-
panies collaborate on a project. Given these limitations, traditional EDI was never
widely adopted by small to medium-sized businesses.
The growth of the Internet over the last two decades has provided a powerful and
inexpensive alternative to traditional EDI. Internet EDI uses the Internet to trans-
mit business information between companies. Internet EDI is also referred to as
EDIINT. There are several advantages to using the Internet or extranets to transmit
EDI, compared with private leased lines or VANs. By far the biggest advantage is that
the Internet or extranets allow cost-free exchange of data. The companies using the
Internet or extranets avoid the cost of leasing private lines and paying fees to VANs.
This allows any business, including small and medium-sized businesses, to employ
EDI at a relatively low cost.
The Internet EDI method of transmission is a relatively new development, but
some companies have implemented it throughout their supply chain. A partial list
of companies using Internet EDI extensively includes General Electric, Procter &
Gamble, Walmart, Kohl’s, and Meijer. Exhibit  14-9 summarizes the advantages of
Internet EDI in comparison with traditional EDI employing value added networks.
A value-added network is expensive because a company must pay monthly fees or
transaction fees to use the VAN. Internet EDI is much less costly because the Internet
network can be used without fees. In addition, the hardware and IT systems neces-
sary to support traditional EDI via a VAN are very complex and expensive. Much
computer hardware and software must be dedicated to providing traditional EDI.
Internet EDI is much less complex and requires only minimal computer hardware
and software. Internet EDI can be operated with only a PC or network of PCs that
are Internet connected. This allows the easy adoption of Internet EDI by small and
medium-sized businesses.

EXHIBIT 14-9 
Traditional EDI Using VAN versus Internet EDI
VAN Internet EDI
Expensive Low-cost
Transaction fees Zero transaction fees
Complicated Easy to use
Heavy infrastructure Minimal infrastructure
Proprietary Industry standard
Batch-related store and forward Real-time
Limited usage Entire supply chain
Limited data transport All data transport
Limited access Web browser
526  Chapter 14  E-Commerce and E-Business

Traditional EDI is a batch-oriented system that processes transactions in batches.

This means there is some delay while transactions are batched, temporarily stored,
and then finally transmitted when the batch is complete. Internet EDI operates in a
real-time environment, just as B2C commerce is in real time. The real-time process-
ing of EDI transactions often results in traditional EDI being limited to larger
organizations and to the type of data included in standard business documents. The
low cost and communication capabilities of the Internet, however, remove those
limitations for Internet EDI. All companies in the supply chain are more likely to be
able to afford Internet EDI, and they will be able to transmit more types of data than
simply standard business documents. The Walmart example at the beginning of this
chapter is an example of a company changing from traditional EDI to Internet EDI.
The network of computers connected to the Internet does allow for more types
of data to be communicated between business partners. However, the traditional
EDI data format of ANSI X.12 would not accommodate more rich data types such
as graphics or spreadsheets. Therefore, Internet EDI can be more flexible if a differ-
ent data format is used to transmit data. The format used in Internet EDI is eXten-
sible Markup Language, or XML.
Traditional EDI is capable of transmitting many standard business documents
between companies, such as purchase orders, invoices, and even payments by elec-
tronic funds transfer (EFT). However, given the capabilities of the Internet and
extranets for sharing information, this traditional EDI data format is too limited. In
addition to business documents, companies may need to transmit or share product
descriptions, pictures of products, or even databases of information. Traditional
EDI cannot accomplish such sharing of data. Internet EDI provides the capability of
sharing much richer forms of data through the use of XML. XML is a metalan-
guage, which means that it is a computer language that defines a language. XML is
a tagged data format in which each data piece is preceded by a tag that defines the
data piece. The same tag then marks the end of that piece of data. Thus, a tag sur-
rounds each piece of data. XML is the standard markup language utilized in
Internet EDI.
XML allows businesses to exchange transaction data over the Internet in a rich
format. As XML becomes the accepted standard in Internet EDI, it will enable com-
panies to exchange more than standard business documents. Spreadsheets, graphs,
and databases could all be exchanged between businesses by the use of XML docu-
ments to tag the data and the manner in which the data should be presented. Those
who predict the future of the IT environment predict that XML will revolutionize
the way in which businesses share data with each other.
Although EDI through a value-added network or Internet EDI provide significant
cost savings and efficiency, not every company uses EDI. There are still businesses
that use paper purchase orders or invoices. The number of companies using EDI is
on the rise, yet some estimate that as much as 35 percent of purchase orders pro-
cessed in the United States are still paper-based. In addition, some companies still
use value-added-networks to facilitate EDI communication rather than Internet EDI.

XBRL for Financial Statement Reporting

A special variant of XML called eXtensible Business Reporting Language, or XBRL,
is predicted to revolutionize business reporting to creditors, stockholders, and gov-
ernment agencies. In 2009, the Securities Exchange Commission (SEC) began
requiring the largest companies to provide annual reports and financial statements
in XBRL format. Over the next few years, the SEC phased in smaller companies.
 Ethical Issues Related to E-Business and E-Commerce (Study Objective 11)  527

Since 2014, every public company that is required to file financial reports with the
SEC must provide the reports in XBRL format. The idea behind XBRL is that finan-
cial data is tagged in a computer readable format that allows the users to readily
obtain, analyze, exchange, and display the information.
XBRL financial statements have two major advantages over paper-based finan-
cial statements. Financial statements that are coded in XBRL can easily be used in
several formats. They can be printed in paper format, displayed as an HTML Web
page, sent electronically to the SEC, and transmitted to banks or regulatory agen-
cies as an XML file. When a financial statement is prepared in XBRL, a computer
program such as a Web browser can extract pieces of information from the XBRL
file. The underlying financial data can be loaded into spreadsheets or other finan-
cial analysis software. This is not possible with an HTML file. For example, while a
financial statement in HTML format can be viewed on a website, the computer
cannot extract sales. However, a XBRL financial statement would tag the dollar
amount of sales with the tag that names that number sales. The computer can then
extract specific pieces of data. This capability allows investors and creditors to more
easily analyze financial statements, which should result in better investment and
credit decisions.
For XBRL to be implemented widely, common standards regarding the tags that
identify data must be developed and accounting software vendors must use these
tags within the software.

Ethical Issues Related to E-Business and

E-Commerce (Study Objective 11)
Companies that engage in e-commerce have the same kind of obligations to con-
duct their business ethically as companies transacting business any other way. Yet
the lack of geographic boundaries and the potential anonymity of Web-based com-
merce suggest that B2C companies have an even greater necessity to act ethically. A
customer who orders merchandise or services on a website may not be able to easily
assess the ethics or trustworthiness of a company who sells online. For example, if
you buy a defective or spoiled product from your local grocery store, you can simply
return it quickly. Your grocery store has a local presence, and you buy there because
you know the company is real and trustworthy. However, anyone can establish a
website that looks like a bona fide company, but may be just a false storefront used
to defraud customers. In B2C e-commerce, customers do not have the same capabil-
ity to visit and become familiar with the company as they do when they are buying
from a local store.
In a previous section of this chapter, the “Online Privacy” section of the AICPA
Trust Services Principles was described. For the most part, these types of practices
are an ethical obligation, but not necessarily a legal requirement. For example,
there is no legal requirement to disclose privacy policies on a company’s website.
However, ethical obligations would suggest that customers should be so informed
regarding customer privacy. The practices described in the Trust Services Principles
are more than good business practices. The online privacy policies represent ethical
obligations to customers. As a reminder, the privacy practices include the follow-
ing concepts:
1. Management
2. Notice
528  Chapter 14  E-Commerce and E-Business

3. Choice and consent

4. Collection
5. Use and retention
6. Access
7. Onward transfer and disclosure
8. Security
9. Quality
10. Monitoring and enforcement
These principles can be distilled into the ethical concept that management has
an obligation to treat customer information with due care. Companies should hon-
estly and fully disclose to customers the information they will collect and how they
will protect it, use it, and share it. Management has an ethical obligation to create
and enforce policies and practices which ensure that private customer data is not
misused. Unfortunately, the profit motive sometimes leads management to focus
too much on potential revenue and not enough on customer privacy.
When a customer engages in e-commerce, she is sharing data such as name,
address, e-mail address, credit card number, and buying habits. This data has poten-
tial value to many other companies and is sometimes sold to other companies. You
may have even received a mail or e-mail solicitation and wondered how that company
ever came to know your name and address. This might mean that your name and
address have been sold to another company or shared with a related company or
subsidiary. There are many, many examples of companies that have compromised
customer privacy to earn revenue. Customer lists or other private data about custom-
ers are a valuable resource. Too often, companies are willing to sell or share customer
lists or customer data. In some cases, companies have no policies about the privacy of
customer data and are thus willing to sell or share the data. In other cases, companies
with policies regarding the privacy of customer data have violated their own policies.
While there is no requirement to disclose a privacy policy on a website, it is an
ethical obligation to disclose and follow the policy. Moreover, when a policy is dis-
closed, the Federal Trade Commission holds companies to a legal standard of fol-
lowing their stated policy.
There are also regulations passed by the U.S. government regarding the privacy
of medical information. The Health Insurance Portability and Accountability Act of

The Real World

Gateway Learning Corporation, the company customer information such as name, address,
behind Hooked on Phonics®, was charged by the phone number, age, and gender of children. A
Federal Trade Commission with deceptive and unfair retroactive change was posted to the company’s
practices between 1996 and 2010. Starting in the privacy statement on its website.
year 2000, Gateway disclosed a privacy policy on To settle this charge out of court, Gateway was
its www.hop.com website stating that it would not required to pay a fine, was restricted from using
share customers’ personal information with any third deceptive claims regarding its privacy policy,
parties without explicit consent from the customer. and cannot materially change its privacy policy
In April 2003, Gateway allegedly began without customers’ consent.8
violating this policy by renting to telemarketers

Parry Aftab, “Hooked on Phonics Gets Hooked,” Information Week, August 2, 2004.
8
 Summary of Study Objectives  529

1996 (HIPAA) includes a section on the security of health care information. The
Act requires health care providers, health plans, hospitals, health insurers, and
health clearinghouses to follow regulations that protect the privacy of medical-
related information.
As the issue of consumer privacy continues to become more important, there
may be new regulations and requirements affecting companies. Even if there were
no new regulations, ethical obligations would dictate that companies take adequate
care to guard the security and privacy of data collected through e-commerce.

Summary of Study Objectives

An introduction to e-commerce and e-business. E-business is the use of electronic
means to enhance business processes. E-business encompasses all forms of online
electronic trading, consumer-based e-commerce, business-to-business electronic
trading and process integration, as well as the internal use of IT and related tech-
nologies for process integration inside organizations. There is an overlap between
e-commerce and e-business, which leads some to confuse the two concepts.
E-commerce is electronically enabled transaction between a business and its cus-
tomers. E-business is a broader concept that includes e-commerce, as well as all
forms of electronic means of servicing customers and vendors, trading information
with customers and vendors, and recording and control of internal processes.

The history of the Internet. The Internet of today evolved from an early govern-
ment research network called ARPANET. Many of the network standards were
developed in the period of ARPANET. Routers, TCP/IP, and e-mail all came about
during this time. ARPANET gradually evolved into a fully commercial network
called the Internet. After the Internet became available for commercial transactions
in 1994, it experienced tremendous and rapid growth.

The physical structure and standards of the Internet. Backbone providers, regional
Internet service providers, and local Internet service providers make up the physical
structure of the Internet that connects global users. The common standards that
allow computers to communicate with each other over the Internet are TCP/IP,
HTML, domain names, addresses based on uniform resource locater (URL), and
SSL encryption.

E-commerce and its benefits. The most well-known form of e-commerce is business-
to-consumer (B2C) transactions using the World Wide Web. B2C sales transactions
offer many benefits to both the consumer and the business.

Privacy expectations in e-commerce. Businesses have an ethical obligation to estab-

lish systems and procedures to protect the privacy of customers. The AICPA Trust
Services Principles establish 10 privacy practices that companies should follow: man-
agement, notice, choice and consent, collection, use and retention, access, onward
transfer and disclosure, security, quality, and monitoring and enforcement.

E-business and IT enablement. E-business is the use of IT to enable processes within

the supply chain. The supply chain is the set of linked processes that take place
from  the acquisition and delivery of raw materials through the manufacturing,
distribution,­wholesale, and delivery of the product to the customer. There are
530  Chapter 14  E-Commerce and E-Business

many ­benefits to the IT enablement of processes within the supply chain. E-business
includes business-to-business (B2B) electronic transactions.

E-business enablement examples. There are many forms of e-business. This section
provides examples of ways that businesses streamline business processes, reduce
operational costs, and enhance efficiency through e-business.

Intranets and extranets to enable e-business. An intranet is a private network acces-

sible only to the employees of that company. The intranet uses the same common
standards and protocols of the Internet. An intranet uses TCP/IP protocol and the
same type of HTML Web pages as the Internet. However, the computer servers of
the intranet are accessible only from internal computers within the company. An
extranet is similar to an intranet, except that it offers access to selected outsiders,
such as buyers, suppliers, distributors, or wholesalers in the supply chain. Extranets
are the networks that allow business partners to exchange information. These busi-
ness partners will be given limited access to company servers and data.

Internal controls for the Internet, intranets, and extranets. The Internet, intranets,
and extranets are all networks that are intended to share information and conduct
transactions. In all three networks, controls must be in place to allow the intended
users access, but also limit access to unauthorized users. Therefore, proper user
authentication and hacking controls must be implemented in these networks.

XML and XBRL as e-business tools. XML and XBRL are markup languages that
allow designers to create customized tags for data that enable the definition,
transmission, validation, and interpretation of data between applications and
­
between organizations. XML is a rich language that facilitates the exchange of
data between organizations via Web pages. XML is used in Internet EDI. XBRL is a
­business reporting language that allows businesses to provide dynamic financial
statements to users over the World Wide Web.

Ethical issues related to e-business and e-commerce. The online privacy policies of
the AICPA Trust Services Principles represent ethical obligations to customers.
These are ethical, but not necessarily legal, obligations. However, if a company does
choose to disclose privacy practices on its website, it is then legally obligated to
­follow those practices.

KEY TERMS
B2B Domain name Internet EDI Secure sockets layering
B2C E-business Intranet Supply chain
Backbone E-commerce Local ISP TCP/IP
Backbone provider E-tailer Packet switching URL
Bricks and clicks Extranet Protocol Web server
Bricks and mortar HTML Regional ISP XBRL
Clicks and mortar Internet Router XML
 End of Chapter Material  531

End of Chapter Material

Concept Check customer. This describes which of the AICPA Trust
1 Which of the following statements is true? Services Principles online privacy practices?
a. E-business is a subset of e-commerce. a. Consent
b. E-commerce is a subset of e-business. b. Use and retention
c. E-business and e-commerce are exactly the c. Access
same thing. d. Onward transfer and disclosure
d. E-business and e-commerce are not related. 8 Which of the following processes within a supply
2 An electronic hardware device that is located at the chain can benefit from IT enablement?
gateway between two or more networks is a a. All processes throughout the supply chain
a. packet switch b. Only internal processes within the supply chain
b. URL c. Only external processes within the supply chain
c. router d. Exchange processes between a company and
d. protocol its suppliers
3 The type of organization that serves as the main 9 When a company has an e-business transaction with a
trunk line of the Internet is called a supplier, it could be using
a. local ISP a. the Internet
b. regional ISP b. an intranet
c. global ISP c. an extranet
d. backbone provider d. either the Internet or an extranet
4 Which of the following is not a direct advantage for 10 Intranets are used for each of the following
the consumer from e-commerce? except
a. Access to a broader market a. communication and collaboration
b. More shopping convenience b. business operations and managerial monitoring
c. Reduced order-processing cost c. Web publishing
d. Information sharing from the company d. customer self-service
5 Each of the following represents a characteristic of 11 When there is no necessity for a preexisting relation-
B2B commerce except ship between the buyer and the seller, that transac-
a. electronic data interchange tion is more likely to be classified as

b. electronic retailing a. B2B

c. data exchanges b. B2C
d. preexisting business relationships c. B2E
6 Each of the following represents an application of d. either B2B or B2C
B2C commerce except 12 Which of the following IT controls would not be
a. software sales important in an extranet?
b. electronic retailing a. Encryption
c. data exchanges b. Password
d. stock trading c. Antivirus software
7 Before forwarding customer data, an organization d. Penetration testing
should receive explicit or implicit consent of the e. All of the above are important IT controls.
532  Chapter 14  E-Commerce and E-Business

13 A company’s computer network uses Web servers, 30 (SO 6) Which functions within the supply chain can
HTML, and XML to serve various user groups. Which be enhanced through the use of e-business?
type of network best serves each of the following users? 31 (SO 6) How are activities in the supply chain
Employees Suppliers interdependent?
a. Intranet Extranet 32 (SO 6) In what ways are the characteristics of
b. Intranet Internet e-business different from those of e-commerce?
c. Internet Extranet 33 (SO 8) What are the three levels of network platforms
that are utilized in e-business, and which groups use
d. Internet Internet
each level?
14 An extensible markup language designed specifically
34 (SO 8) Which type of users should have access to
for financial reporting is
an intranet?
a. Internet EDI
35 (SO 8) Which type of users should have access to
b. XML an extranet?
c. XBRL 36 (SO 9) What types of controls should be used to
d. XFRL properly limit access in intranets and extranets?
37 (SO 10) Why is the use of XML advantageous in
Discussion Questions Internet EDI?
15 (SO 1) How do e-commerce and e-business differ? 38 (SO 10) In what ways are XBRL financial statements
16 (SO 2) What was the original purpose of the network advantageous compared with traditional paper
of computers that eventually became the Internet? financial statements?
17 (SO 2) Why was ARPANET designed with many 39 (SO 11) What are some of the ethical obligations of
different alternative routes for network traffic? companies related to e-commerce?
18 (SO 2) Why is a standard protocol necessary in 40 (SO 11) Is there a difference between ethical
computer networks? obligations and legal obligations with regard to
19 (SO 2) How quickly did Internet usage by the public online privacy?
grow after the Internet was opened to business
transactions in 1994? Brief Exercises
20 (SO 3) Describe the relationship between national 41 (SO 1) Much of the e-business and e-commerce
backbone providers, regional ISPs, and local ISPs. conducted by companies uses the Internet as the form
21 (SO 3) What is the importance of a standard format- of electronic communication. Describe other elec-
ting language for Web pages and a standard address- tronic means to conduct e-business or e-commerce.
ing system? 42 (SO 3) How does the use of HTML, URLs, domain
22 (SO 4) Which types of costs can be reduced when a names, and SSL contribute to an Internet that can be
company decides to engage in B2C e-commerce on used worldwide?
the Internet? 43 (SO 4) Describe the benefits to the consumer of
23 (SO 4) What are the differences between bricks-and- B2C sales.
mortar retailers and clicks-and-mortar retailers? 44 (SO 4) Describe the benefits to the company of
24 (SO 5) According to the Online Privacy section of the B2C sales.
AICPA Trust Services Principles, what types of 45 (SO 6) Describe the benefits to a company that
personal information should be protected? engages in B2B transactions via the Internet.
25 (SO 5) If you could condense the ten areas of Online 46 (SO 5) What are the ten areas of privacy practices
Privacy in the AICPA Trust Services Principles, into a described in the Online Privacy section of the AICPA
shorter list (three-, four-, or five-point list), how Trust Services Principles?
would you word that list? 47 (SO 6) Describe the activities that take place in the
26 (SO 5) What is meant by “monitoring and enforce- supply chain of a manufacturing firm.
ment” regarding online privacy practices? 48 (SO 6) Describe the differences between B2C
27 (SO 6) How is e-business a broader concept than and B2B.
e-commerce? 49 (SO 9) Explain the importance of user authentica-
28 (SO 6) Describe the concept of a supply chain. tion and network break-in controls in extranets.
29 (SO 6) Why is it important to ensure an efficient flow 50 (SO 10) What are the advantages of Internet EDI
of goods throughout the supply chain? over traditional EDI?
 Cases  533

Problems
51 (SO 2) Explain the hardware and technology 55 (SO 5) Enter the website of a popular retail
standards that were developed during the ARPANET company that sells a large volume of goods or
that were an important foundation for the services on the Internet. Search for the company’s
Internet of today. “Privacy Policies” on that website. If you do not find any
52 (SO 4) Sweet Susanna’s is a local chain of bakeries in privacy policies, continue visiting other company
Austin, Texas. The chain has 18 locations throughout websites until you do find privacy policies. Once you
the city and its suburbs. The management is consider- have found a company with privacy policies, describe
ing opening a website to conduct e-commerce with how the company policies do or do not meet the
customers. Describe any benefits that might be privacy practices in the AICPA Trust Services Principles.
derived from this move. 56 (SO 8) EDIPipeline is an Internet EDI solution for
53 (SO 5) Using a search website, enter the term small to mid-size companies. View the Web page at
“privacy seal” and search. Answer the following http://www.edipipeline.com. Click on the link called
questions: “Trading Partners.” Examine two or three company
names you recognize. Describe how this EDI system
a. What is the purpose of a Web privacy seal?
might be advantageous for a small or mid-size
b. Which organizations provide Web privacy seals to company seeking to be a vendor to a large corpora-
Web-based companies? tion such as Coca-Cola.
c. What are the advantages to a company that 57 (SO 10) Read the article at https://xbrl.us/wp-
maintains a Web privacy seal? content/uploads/2013/12/20131023-RobertHurt.
d. What are the benefits to a consumer of shopping pdf. Briefly describe what this article says about how
from a website that has a privacy seal? XBRL has affected financial reporting.
54 (SO 5) Visit the website www.cpawebtrust.org and 58 (SO 5) List and describe the privacy practices
answer the following questions: recommended by the AICPA Trust Services Principles
a. What is a WebTrust seal? Privacy Framework. If you have ever made a purchase
online, you have likely seen these practices in use.
b. Which organization sanctions the WebTrust seal?
Provide any examples from your own personal
c. What kind of professional can provide a WebTrust experience.
seal to a company?
59 (SO 5) Describe the ethical obligations of
d. What must this professional do before providing a companies to their online customers.
WebTrust seal?

Cases
60 Trudy’s Trendy Threads (TTT) is a regional whole- maintain files consisting of each customer’s e-mail
saler of women’s casual attire. The company is orders, accompanied by a printout of the sales orders
located in Jacksonville, Florida, and it sells to retail entered in the computer. All deliveries are sent via
stores in resort communities in Florida, Georgia, and common carrier from the Jacksonville headquarters to
the Carolinas. TTT employs six salespeople, with each of the customer locations.
each one having responsibility for collecting sales Recently, TTT has experienced delivery problems.
orders from one of the following territories: Southern Namely, a few retail stores located on the eastern
Florida, Florida Gulf Coast, Eastern Florida, Georgia, Georgia seaboard have claimed that they never
South Carolina, and North Carolina. received their deliveries. Helen Bain, TTT’s control-
Each sale representative mails seasonal catalogs to ler, has been investigating these problems along with
the customers in his or her territory. Online catalogs Aaron Shulz, the Georgia sales representative.
are also provided via the company’s website. Sales Through her review of the shipping records, Helen
orders are obtained directly by the sales representatives discovered that each of the problem scenarios
via e-mail. On a daily basis, the sales representatives involved shipment to a warehouse rather than to the
submit orders to the corporate office via the Internet; a customer’s retail store. Interestingly, the sales order
Web browser client is used to enter the e-mail orders files maintained by Aaron indicate that shipment
into a dedicated Web server. The sales representatives should have been set up for delivery to the respective
retail store locations.
534  Chapter 14  E-Commerce and E-Business

Upon further investigation, Helen reviewed the firm’s clients. Direct queries are prepared by Clouse’s
company’s access log and verified that Aaron’s and staff accountants, and the resulting presentation
the other sales representatives’ authorized passwords reports are prepared by the staff and reviewed by
were the only ones used to access the company’s Clouse. This is a time-consuming process, and many
Web server. of Clouse’s clients have demanded more current
Required: information. This problem recently led Clouse to
investigate the possibility of developing a software
a. Speculate as to potential causes of this problem.
package that could produce the financial analyses
b. What additional information would be needed to and reports automatically.
determine the actual cause of this problem?
As Clouse considers the significant investment
c. What controls could be implemented to avoid that would be required to program a new system,
repeated instances of this problem? he is concerned about the loss of control that
61 Clouse Analytics is a financial services consulting firm may be inherent in an automated system. For
that assists its clients with financial analyses surround- instance, he worries about the accuracy and
ing proposed business ventures. John Y. Clouse is the completeness of analyses and reports prepared
firm’s founder and project director. As such, he is automatically.
responsible for preparing most of each client firm’s
Required:
financial analyses and reports, as well as presenting the
results to each client’s management. Due to the varying Perform an online research of XBRL at www.xbrl.org
numbers of managers who may make up a client’s top and determine whether or not XBRL would be
management, Clouse always prepares at least a dozen appropriate for Clouse’s business. Would XBRL be
report copies so that there are plenty to distribute to all more effective and reliable? Why, or why not? Your
persons in attendance at the presentation. response should focus on the existence of any
enhancements or concerns that are likely to result in
Data for financial analyses is obtained directly from
terms of the timeliness of information, internal
the accounting and production databases of the
controls, and security.

Solutions to Concept Check

1 (SO 1) The following statement is true: b. E-commerce 6 (CIA Adapted) (SO 4) Each of the options represents
is a subset of e-business. E-business is a broader an application of B2C commerce except c. data
concept that includes e-commerce, as depicted in exchanges, which are a characteristic of B2B.
Exhibit 14-1. 7 (SO 5) Before forwarding customer data, an organiza-
2 (SO 2) An electronic hardware device that is located tion should receive explicit or implicit consent of the
at the gateway between two or more networks is a customer. This describes d. onward transfer and
c. router. A router is a hardware device that connects disclosure of the AICPA Trust Services Principles online
networks at a network gateway. privacy practices. When an organization will be forward-
3 (SO 3) The type of organization that serves as the ing customer data to third parties, it should provide a
main trunk line of the Internet is called a d. backbone policy to consumers to disclose the onward transfer.
provider. Backbone providers provide and maintain 8 (SO 6) a. All processes throughout the supply chain
the main trunk lines of the Internet, as shown in can benefit from IT enablement. Any process
Exhibit 14-3. throughout the supply chain is a potential process
4 (SO 4) c. Reduced order-processing costs is not a that could benefit from IT enablement.
direct advantage for the consumer from e-commerce. 9 (SO 8) When a company has an e-business transaction
Reduced order processing cost is a direct benefit with a supplier, it could be using d. either the Internet
to the seller, not the consumer. Lower cost may or an extranet. Two companies could transact business
lead to lower prices for the consumer also, but using either the Internet or an extranet. An intranet is
this would be an indirect advantage to the con- usually limited to those inside a company, therefore
sumer. The other answers are direct benefits to excluding other trading partners.
the consumer. 10 (CMA Adapted) (SO 8) Intranets are used for each
5 (CIA Adapted) (SO 4) Each of the options represents of the options except a. customer self-service.
a characteristic of B2B commerce except b. electronic Customers would not access the intranet, as it is for
retailing, which is a characteristic of B2C. internal use.
 Solutions to Concept Check  535

11 (SO 4) When there is no necessity for a preexisting various user groups. The following type of network
relationship between the buyer and the seller, that best serves the following user:
transaction is more likely to be classified as b. B2C.
This is a characteristic of business to consumer. Employees Suppliers
Business-to-business transactions presume a preexist- a. Intranet Extranet
ing relationship. An intranet and extranet are similar; however, an
12 (SO 8) Of the given IT controls in an extranet, e. all intranet aids in internal communication, whereas an
are important IT controls. Each option is either a extranet facilitates communication (and trading)
user authentication or hacking IT control that should externally with the company’s business partners.
be implemented to protect an extranet. 14 (SO 10) An extensible markup language designed
13 (CIA Adapted) (SO 8) A company’s computer specifically for financial reporting is c. XBRL. XBRL
network uses Web servers, HTML, and XML to serve stands for eXtensible Business Reporting Language.