Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options

Printer Friendly View

Infotech Home > Resources > System Security & Reliability > System Reliability > Trust Services > WebTrust > FAQs About WebTrust
FAQs About WebTrust

WebTrust is a professional service. WebTrust is designed primarily to build trust and confidence among customers and businesses doing business on the Internet. WebTrust builds customer confidence by addressing areas such as: Security, Privacy, Availability, Confidentiality, and Processing Integrity.

 

How Do I Know That a Web Site Meets the WebTrust Standards?

What Does a WebTrust Seal Signify?

Is There a Trust Services Seal Usage Guide?

Why Should I Offer WebTrust?

I Work in Industry. How Can I Use WebTrust?

How Do I Begin Offering WebTrust?

What Competencies Are Required to Offer WebTrust?

Are There Any Costs Incurred by a CPA Firm in Order to Offer WebTrust Services?

What Are the Professional Liabilities and Management Risks of WebTrust?

Does My CPA Firm's Web site Need to Earn a WebTrust Seal?

How Often Must I Examine the Client’s Web Site to Ensure Compliance With the Principles and Criteria?

Can My Firm’s Right to Issue WebTrust Seals Be Revoked?

How Do I Control the Client's Use of the WebTrust Seal?

Why Are CPAs Most Qualified to Offer Assurance Services Like WebTrust?

 

Using the Trust Services Principles and Criteria, a CPA firm can provide a wide range of advisory and assurance services to businesses, including everything from strategic planning, readiness assessments, and diagnosis of problems to system design, implementation, monitoring programs and assurance.  If a CPA firm provides assurance, that assurance must be represented by the auditor’s report to management and may also be represented by a WebTrust seal on the business’ Web site.

 

CPAs in business and industry can also use the Trust Services Principles & Criteria as a framework for internal control self-assessments, benchmarking, implementation and monitoring programs. They cannot, however, provide independent verification that the Principles and Criteria have been met.

 

WebTrust is designed to meet a number of different needs for e-commerce businesses. As a result, online businesses can also choose from a number of defined service offerings for WebTrust, including WebTrust for Consumer Protection, WebTrust for Online Privacy and WebTrust for Certification Authorities. WebTrust for Consumer Protection incorporates the principles and criteria for Online Privacy and Processing Integrity. WebTrust for Online Privacy is for those businesses that want to demonstrate to consumers that they provide effective privacy protection to customers. WebTrust for Certification Authorities incorporates a specialized set of technical standards that govern the organizations that issue digital certificates on the Internet.

 

Developed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA), WebTrust is currently being offered by licensed CPAs in the United States, and their international equivalents in several other countries around the world.

 

How Do You Know That a Web site Meets the WebTrust Standards?

 

A Web site that has met the Trust Services principles and criteria is eligible to display the WebTrust seal for that subject matter area on its site. Clicking on the seal allows customers to link to the CPA's examination report, the site's business practices and policies, and the Trust Services principles and criteria used to examine the business. The customer can also review the date on which the seal was granted, its expiration date and links to other e-commerce sites with active WebTrust seals.

 

Back to top

 

What Does a WebTrust Seal Signify?

 

A WebTrust seal demonstrates that a Web site has been examined by a qualified, independent CPA who has verified that the site complies with the criteria in the particular subject matter area—e.g., online privacy, security etc.

 

Back to top

 

Is There a Trust Services Seal Usage Guide?

 

The AICPA and CICA have developed a seal usage guide which highlights the standards for the use and display of the SysTrust and WebTrust seals (the "Marks"). It sets out the parameters for the display of the seal on practitioners' sites in support of the program and by clients that have successfully undergone a SysTrust or WebTrust audit. It also covers the use of the various Marks by licensees and their clients in promotional materials. 

 

Back to top

 

Why Should I Offer WebTrust?


WebTrust is a strategic opportunity for CPAs to extend their core competencies and skills to existing and potential new clients. WebTrust positions a CPA firm for emerging opportunities in technology as well as affords them some protection from the erosion of other more traditional service lines.

 

WebTrust also provides CPAs with additional tools to protect the public interest as well as to help businesses enhance their corporate governance tools.

 

Back to top

 

I Work in Industry. How Can I Use WebTrust?


AICPA members in industry can benefit from WebTrust in several ways. Use the principles and criteria:

 

·         As a guideline to setting up appropriate controls and systems that will instill confidence and trust. 

 

·         As a method of evaluating an existing electronic commerce system to determine whether it meets certain principles and criteria and employs best practices.

 

·         As an internal method of assurance and self-assessment that management, the Board, and others can rely upon

 

 

Back to top

 

How Do I Begin Offering WebTrust?


CPA firms whose owners are each members in good standing of the AICPA are eligible to be licensed as providers of Trust Services. To maintain the WebTrust program’s quality and goal of building public confidence in e-commerce, CPA firms are asked to sign a licensing agreement that prescribes some readily attainable requirements necessary for the program's success. These requirements include agreeing to follow the program's professional standards and participating in a quality assurance program.

 

Back to top

 

What Competencies Are Required to Offer WebTrust?


Most of the skills required for WebTrust services are based on expertise that CPAs who provide attest services in computerized environments already possess. At a minimum, additional skills, which can be readily attained if the CPA does not already possess them, include the following: 1) a working knowledge of Internet technologies, protocols and security techniques and 2) specific controls and best practices a company should implement. Final determination of a CPA's competency must be made by that CPA and based on requirements within professional standards.

 

Back to top

 

What Costs Are Incurred by a CPA Firm When Offering WebTrust Services?


When a firm chooses to offer assurance services in the WebTrust program, there will be some costs incurred, including:

 

·       Licensing fee. This fee will be used to provide on going promotion for the program.

·       Per-seal charges. A seal management and maintenance fee is charged for access to the Internet-based seal issuance system.  This system can be used remotely to issue and update seals.

 

Back to top

 

What Are the Professional Liabilities and Management Risks of WebTrust?

 

Each practitioner needs to evaluate this service opportunity in accordance with the firm's own professional liability and risk management policies.

 

Back to top

 

Does My CPA Firm’s Web site Need to Earn a WebTrust Seal?

 

Not necessarily. If your firm’s Web site engages in e-commerce, the firm can certainly benefit by earning and displaying the WebTrust seal. Of course, an independent third party must perform the WebTrust examination.

 

Back to top

 

How Often Must I Examine the Client’s Web Site to Ensure Compliance With the Principles and Criteria?


As with all engagements, professional judgment must exercised. Considerations include: terms of the engagement, type of Web site, report content, changes which may affect the control environment, and other matters which may come to the practitioner's attention. However, at a minimum, the report must be refreshed every year.

 

Back to top

 

Can My Firm’s Right to Issue WebTrust Seals Be Revoked?


Yes, if a CPA firm fails to substantially comply with the WebTrust program's requirements, their license to issue WebTrust seals may be revoked. The primary goal of WebTrust is to protect the public interest and instill confidence in the Web as an electronic commerce medium. This requires all CPAs to be in full compliance with the license agreement.

 

Back to top

 

How Do I Control the Client's Use of the WebTrust Seal?


Under the WebTrust program, CPA firms are required to revoke the WebTrust seal on Web sites that fall out of compliance with the Trust Services principles and criteria.   Using the seal management process, the practitioner can revoke the seal, disabling the functionality of the reporting process. You can also provide a copy of the Trust Services Seal Usage Guide to your client.

 

Back to top

 

Why Are CPAs Most Qualified to Offer Assurance Services Like WebTrust?


CPAs are recognized as independent parties that provide assurance as to the accuracy and fairness of many types of financial and nonfinancial information. CPAs must meet strict ethical, educational, and other professional requirements. They bring their independence, objectivity, and in-depth knowledge of business and technical expertise to the Internet with WebTrust.

 

Back to top 

Copyright © 2003 by the American Institute of Certified Public Accountants, Inc., New York, New York.