Hi Chris,
1. Should we accept the invitation? If we do, what should be our role? What approach should we take? Should our participation impaire our independence?
The role must be clearly understood by all parties. You have some choices:
- A Controls Expert - review of controls in all area and provide recommendations (Do not make any decision)
- A Specialized Consultant - involve in the whole project from design to post implementation from making recommendations during the course of the design process to evaluate performance post implementation.
- An Occupant of the "Extra Chair" - does not have much preparation but simply attends these meetings provides no real contributions. If problems occur in the future, they may say "yes, but the auditor was there!"
If your department have the expertise, the first or second role would be a choices for you. However, an auditor should act primarily as an independent reviewer not as a specialized consultant to ensure the independent would not be impaired. This would be a good opportunity for the audit to establish a more partnering relationship with the rest of the company.
2. Suggestions on resources to assist us in forming an approach on developing the case studies on implementations, mentioned in the second paragraph.
There are some factors that you can use to measure the performance of the ebusiness.
Revenue, Traffic, Comments, Questions from surfers, competitor's performance, resources used.
In general, milestones should be set up before the project starts, then use these established milestones to measure against the result.
I hope this email would be helpful to you.
Christopher h Chan
Internal Audit
Canada
------------------------------------------------------------
This e-mail may be privileged and/or confidential, and the sender does not waive any related rights and obligations. Any distribution, use or copying of this e-mail or the information it contains by other than an intended recipient is unauthorized. If you received this e-mail in error, please advise me (by return e-mail or otherwise) immediately.
Ce courriel est confidentiel et prot�g�. L'exp�diteur ne renonce pas aux droits et obligations qui s'y rapportent. Toute diffusion, utilisation ou copie de ce message ou des renseignements qu'il contient par une personne autre que le (les) destinataire(s) d�sign�(s) est interdite. Si vous recevez ce courriel par erreur, veuillez m'en aviser imm�diatement, par retour de courriel ou par un autre moyen.
============================================================
