I'm conducting an E-Commerce internal audit for our bank, but am finding very little guidance surrounding auditing the administration of a "Bill Pay" program. In our case we have a third-party provider...so I'm looking at that contract, the SAS70 of the provider, the customer agreement and the electronic payment process and settlement (transaction funding, float, clearing, returns, etc).
Does anyone have a more comprehensive audit program that they've built/used for this product and would be willing to share...or even just other ideas of risks to address??
Thanks!!