Learning objective 4

Understand the nature of WebTrust and SysTrust assurance services.

 WebTrust Services
• Clients are engaged a CPA to provide reasonable assurance that a
company’s website compliance with certain Trust Services principles
and criteria for one or more aspects of e-commerce activity.
• It is also a specific services developed under the broader Trust
Services principle and criteria jointly issued by the AICPA and CICA.
• When performing WebTrust assurance services, CPA will make sure
that the company’s website complies with the Trust Services principle
• Trust Services principle represent broad statements of objectives and
the company must meet the criteria stated to obtain and maintain its
WebTrust seal.
 Five Trust Services Principle
• Security
To ensure that the system is protected against unauthorized access
• Availability
To ensure that the system is available for operation and use as committed or agreed
• Processing Integrity
To ensure that the system processing is complete, accurate, timely, and authorized
• Online Privacy
To ensure that personal information obtained as result of e-commerce is collected, used,
disclosed, and retained as committed or agreed
• Confidentially
To ensure that information designated as confidential is protected as committed or agreed
 SysTrust Services
• Provides assurances to management, the board of director, or third parties
about the reliability of information systems used to generate real-time
information.
• In a SysTrust engagement, the SysTrust licensed CPA evaluates a company’s
computer system using Trust Services principle and criteria to determine
whether controls over the system exist.
• CPA will test to determine whether those controls were operating effectively
during a specified period.
• If system meets the requirement of Trust Services principle and criteria, an
examination – level unqualified attestation report is issued under AICPA
attestation standards.