2. ELECTRONIC INVOICEMENT DOCUMENT: Recommendations for businesses for the implementation or auditing of electronic invoicing processes Available documents in the area of document acquisition www.yourlegalconsultants.com [email_address]
3.
4. 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES 3.2. Access control 3.2.1. No access should be granted without prior identification of the person concerned 3.2.3. Access to systems 3.2.4. Access to data or logical access to information 3.3. Identification - Authentication 3.3.1. Physical in terms of the facility 3.3.2. Logical concerning identification and subsequent logical access to systems 3.3.3. Identification on line. With reference to the network 3.4. Registration 3.4.1. Physical registration of the facility 3.4.2. Registration of logical access to the systems 3.5. Audit 3.5.1. Physical security audit of the facility 3.5.2. Logical systems security audit www.yourlegalconsultants.com [email_address]
5. 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES 3.6. Confidentiality 3.6.1. Personal information should be identified 3.6.2. A system should be set up to classify information 3.6.3. Confidentiality for physical installations that host sensitive information (if applicable) 3.6.4. Logical confidentiality of information 3.7. Integrity 3.7.1. Physical integrity of installations and equipment 3.7.2. Logical integrity of systems and information 3.8. Availability 3.8.1. Physical availability of installations and equipment 3.8.2. Logical availability of systems and applications 3.9. Data interchange / communications 3.9.1. Physical interchanges 3.9.2. Logical interchanges 3.9.3. Data interchange or Access to information 3.10. Legal compliance 3.10.1. Installations 3.10.2. Systems and information www.yourlegalconsultants.com [email_address]
6. 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES 3.11. Personnel 3.11.1. Personnel should be selected in consideration of the security requirements of the job 3.11.2. Personnel should be recruited in consideration of the security requirements of the job 3.11.3. Personnel should be informed of the responsibilities expected of them in their job 3.11.4. Personnel should be trained in consideration of the security requirements of the job www.yourlegalconsultants.com [email_address]
7.
8. 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES 4.2. Process for carriage and logistic distribution of the dispatch. 4.2.1. Risk of using an e-invoicing system devoid of any clear, transparent identification 4.2.2. Risk of sending out e-invoices without prior acceptance on the part of the customer 4.2.3. Risk deriving from trading partners involved in the carriage of goods or services having access to the e-invoicing system without any prior agreement between the parties. 4.2.4. Risk of access to the electronic invoicing system on the part of the carrier without providing those responsible with any sort of preliminary training in the use of key functions of the invoice system. 4.2.5. Risk of incompatibility of the electronic invoicing systems, creating vulnerabilities in security throughout the process of exchanging information. 4.2.6. Risk of providing access to the electronic invoicing system without positive testing of the communication based on criteria that have been agreed upon previously by the parties concerned. 4.2.7. Risk of providing access to the electronic invoicing system without positive testing of the communication based on criteria that have been agreed upon previously by the parties concerned. 4.2.8. Risk of issuing electronic invoices in EDI format without the prior consent of the customer. 4.2.9. Risk deriving from suppliers using different structures in EDI format www.yourlegalconsultants.com [email_address]
9. 1. RECOMMENDATIONS FOR BUSINESSES FOR THE IMPLEMENTATION OR AUDITING OF ELECTRONIC INVOICING PROCESSES 4.3. Chain of custody and storage of electronic invoices and their auditing. 4.3.1. Risk of checking the validity of the certificate at the time of signature or when the receipt is issued for the electronic invoice. 4.3.2. Risk deriving from the impossibility of verifying the integrity of the electronic invoice 4.3.3. Risk deriving from not keeping the electronic invoices in the period set by the legislation in force 4.3.4. Risk of non-availability of the electronic invoices for a reasonable length of time. 4.3.5. Risk of amending the invoices within the retention period. 4.3.6. Risk that the information stored is not in a human-readable format as a result of computer processing. 4.3.7. Risk that the information contained in the electronic invoice might not be entirely accurate due to the continued existence of erroneous calculations, master data and encryption tables in the invoice application. 4.3.8. Risk of not retaining audit trails 4.4. Reception process to be followed with respect to the carriage of goods or services 4.4.1. Risk of very little control in transactions and storage of electronic invoices and delivery notes, preventing access by the competent authorities. 4.4.2. Risk of non-receipt or access to the original electronic invoice on the part of the customer. 4.5. Generic process for the carriage of data or messaging. 4.5.1. Risk of alteration or change in the data contained in the invoice or e-invoice during transmission. www.yourlegalconsultants.com [email_address]
10. Thank you for your interest [email_address] For personal queries, please contact: www.yourlegalconsultants.com [email_address]