Why Your Online Business Needs An Internal Audit
This is a guest post – Daniel Paull has been working with Auditor Training Centre since early 2015 where he has been working to improve their online presence and marketing. If you are interested in becoming an internal auditor the Auditor Training Centre offer internal audit courses around Australia. He enjoys working with them to provide the best online experience possible and makes their entire online presence stress free and seamless.
Welcome Daniel…
An online business is a very different entity to one that has a bricks and mortar presence. However despite their differences, businesses that conduct their work online and those that have a storefront, are cut from the same cloth and deal with many of the same challenges as one another.
Due to the relative youth of the internet as a medium in which to conduct business, there are some who might think that running a business online is free of the same checks and balances that are a part of a traditional venture’s operations. This is a misconception. In this article, we take a look at some of the reasons why conducting internal audits on your online business is just as important as conducting audits on a traditional offline business
What is an Internal Audit?
If you’ve found this guide, you probably have some idea of what an internal audit involves already. Let’s go over the main points briefly.
An internal audit:
- Identifies risks which require attention
- Identifies gaps in procedures and controls
- Tests whether the controls in place are working effectively
- Identifies recommendations for improvement
Audits should always cover these main points, whether the business is online or not. However, there are significant differences in how an online business conducts its operations. Therefore, there are significant differences to what an internal audit will cover for an online business as compared to its traditional counterpart.
Different Risks, but Risks Nonetheless
The important thing to remember about running a business online is that risks aren’t nonexistent: they aren’t mitigated or made obsolete by the fact that different technology is being utilised. The risks faced are indeed different, and create unique challenges that may slip under the radar of even the most observant business owner.
This is why internal auditing is still an extremely useful tool for maximising a business’s efficiency. Auditors who have undergone professional training should be able to pick up on inefficiencies, no matter the industry or the business’s physical footprint.
Let’s take a look at these unique online business risks, and see how an internal audit can help to stay on top of them, including some questions that an organisation may want to ask itself.
Bricks and Mortar
Having no physical presence is a risk for an online business as it makes it more difficult for the typical consumer to become aware of the business on their own. Good customer interaction to drive word of mouth and brand awareness is essential for the online business. Internal auditing can help to identify ways that a business can improve its brand awareness and improve customer relations.
Questions for the auditor…
- How do you capture customer feedback?
- Do you allow people to review your site and your service?
- How do you implement changes based on feedback of your service?
- Where do we rank in searches?
- Where do we rank? Google, Bing, Yahoo?
- Do you use social media? How do you know what is appropriate to post?
- Do you allow and encourage customers to share their experience?
- Do you capture how people found your business?
An easy to use, easy to find customer feedback tool like this one is a great tool to improve customer engagement.
24/7
The Web is always on: someone, somewhere, is always online. That means there can be no downtime for an online business: they must be aware of their brand and how it is presenting at all times. An internal audit can identify how a business can optimise its experience for all users, no matter their location in the world.
Questions for the auditor…
- Is the phone number prominent? And if it is, who is answering 24/7?
- How long should it take us to answer a request for information?
- What happens during the weekend?
- Are we capturing the right information from our potential customers?
- How many languages should our website be in?
Prominent navigation tools and contact details are great for customer engagement.
Competition
A customer who visits a physical store is far more likely to purchase from that store than a customer who visits an online store is, thanks to how easy the internet makes it to browse competitors. If an online business does not offer the very best experience to its customers, the likelihood that those customers will take their business elsewhere is massively increased.
The difficulty of traveling around to competitors makes it much easier for bricks and mortar stores to keep their customers within their doors. An internal audit can help identify ways in which a business’s online presence can be made more customer friendly.
Questions for the auditor…
- How easy is our site to navigate?
- Does our website clearly describe what we do?
- What are the benefits of buying from us?
- Do we have a returns policy?
- What is your competition saying?
Sites like this will hurt your brand more than help it. An internal audit can recommend ways to make a site easier to navigate.
Maintenance
One of the great myths of having an online business is that it requires no maintenance costs. True, there is no physical store to rent or maintain, but most online businesses will have to outlay to have someone permanently maintain their site instead. This is an essential process: if done improperly it could lead to customer frustration, reduced brand awareness, reduced competitiveness and reduced profits.
Internal auditing identifies shortcomings in site maintenance and recommends ways this can be improved.
Questions for the auditor to ask…
- Does your website work on all browsers?
- Does your website work on all devices? Is it responsive?
- Does your website scale automatically and correctly for devices and tablets?
- Do all the internal links work?
- Are your prices and details correct?
Security Fraud
There are several security risks faced by online businesses which are not such an issue with bricks and mortar stores. For example, how you take payment over the internet can be fraught with risk – unverified online payment methods can increase the exposure of a business to fraud.
Questions for the auditor to ask…
- Do you accept all types of Credit Card?
- Is your payment gateway secure?
- Does your payment gateway provider use the latest technology?
- What happens to customers credit card details?
Intellectual Property
Though online businesses are free from the risk of physical theft, they have an increased exposure to intellectual property theft. There are many cases of online businesses who have suffered intellectual property theft, and the nature of the internet often makes it difficult for justice to be served against the perpetrators.
Ensuring intellectual property is securely protected is an essential practice for any business, though it is magnified for those who conduct their operations online.
Questions for the auditor to ask…
- Have you engaged with a good legal advisor?
- Are you able to copyright or patent your goods and services?
- Is there information about your intellectual property on your website?
- Do you have a trigger for abnormal orders?
Data Attack
Commonly known as hacking, attacks on online business’s data is all too common, and can have serious consequences. One of the most famous data attacks in history was the 2011 PlayStation Network Outage, which exposed the personal details of 77 million users. Though attacks of this scale are rare, smaller operations are not, so it is still important for every online business to take steps to protect its encrypted data.
Questions for the auditor to ask…
- Do you keep information about individual customers?
- Is this information kept secure?
- If it is kept by a 3rd party provider – do they have appropriate controls in place?
- Do you have adequate virus protection? Is it up to date?
- Do any of your staff work from home? Do they have adequate virus protection?
Data Backup
The only reason to backup data is to reduce the risk of losing it. As most online businesses value is in their data, it is necessary to keep a backup to restore loss of data and damage to your business.
Questions for the auditor to ask…
- Does the organisation perform systematic backups?
- Is the backup protected? Where is it stored?
- What do you do to make sure that your backups are working?
- Do you test retrieving data from the backups?
Internal auditing will identify any security risks that may be present in a business’s online profile and recommend any necessary changes.
International Regulations
The internet is a worldwide institution, meaning that anyone from any country can access your site, barring government censorship. If your business operates with customers from different nations, it’s essential to remain on top of the differing local laws and regulations which may affect how your business operates.
Failings in this area are usually due to a lack of understanding from business owners regarding the differences between nation’s regulations. Internal auditing can show management where these differences lie, and how practices can be adapted to conform with them.
Questions for the auditor to ask…
- Is your website in the appropriate language for all your markets?
- Do you have correct domain name for the countries in which you operate?
- When your staff travel overseas, is your website and system easy to access?
- Do you analyse your website data to identify where your website traffic is coming from?
- Are your goods and services able to be legally sold in the countries that you operate?
- Are you liable for goods and services taxes in the countries that you sell to?
Information Accessibility
In order to sell a product or a service online, the customer needs all the information in front of them for them to decide on your product or service. Customers are unable to ask questions to staff in real time, and clarification may only be available via email which may take hours or days.
Procedures should be in place that ensures all information available is both thorough and accurate and that any changes to the service or product is promptly relayed to the website.
Questions for the auditor to ask…
- How do you make sure that the information provided on the website is up to date?
- Is all the information accessible on the website? If not, what criteria is used to know which information to put on?
- How do you ensure contact forms and emails are responded to quickly?
Keeping Your Online Business Safe
Keeping on top of practices to ensure efficiency is critical to the performance of any business. Unfortunately, the undoing of many online based ventures has been caused by a failure to understand and accept that online businesses need controls and procedures that are just as stringent as those used by bricks and mortar establishments.
Investing in an internal audit can help any business improve its bottom line, but several unique factors mean that the process can be even more critical for businesses whose primary presence is online.
About Daniel
Daniel Paull has been working with Auditor Training Centre since early 2015 where he has been working to improve their online presence and marketing. If you are interested in becoming an internal auditor the Auditor Training Centre offer internal audit courses around Australia. He enjoys working with them to provide the best online experience possible and makes their entire online presence stress free and seamless.
Bonus 33 Free Templates
Download the 33 free templates from Toby and Adam’s book.
Content Marketing Sales Funnel
Your content marketing sales funnel is all about getting people to know, like and trust you by nurturing them with the right information at the right time.