ELECTRONIC COMMERCE

NETWORKS
A network is a system of computers, peripherals, terminals, and databases connected by
communications lines. One way of distinguishing between types of networks is the geographic area
covered by their distributed sites.

TYPES
 LANs – Local area networks are often confined to a single room in a building, or they may link
several buildings within a close geographic area. However, a LAN can cover distances of several
miles and connect hundreds of users. Typically privately owned and controlled.
 WANs – When networks exceed the geographic limitations of LAN, they are called wide area
networks. WANs typically employ common-carrier facilities between remote nodes because of
distances and the high cost of interconnections. The WAN may be used to link together
geographically dispersed segments of a single organization or connect multiple organizations in
a trading partner arrangement.
 Internet/Internet-Works – With the advent of the internet, networks expanded beyond WANs
to a global “network of networks.”
NETWORK TOPOLOGY – the physical arrangement of components (terminals, servers, and
communication links) in a network
 Star Topology – a network of computers with a large central computer (the host) at the hub that
has direct connections to a periphery of smaller computers. Communications between the
nodes in the star are managed and controlled from the host site. If one or more nodes in a star
network fail, communication between the remaining nodes is still possible through the central
site. However, if the central site fails, individual nodes can function locally but cannot
communicate with the other nodes.
 Hierarchical Topology – a host computer is connected to several levels of subordinate smaller
computers in a master-slave relationship. This structure is applicable to firms with many
organizational levels that must be controlled from a central location.
 Ring Topology – this eliminates the central site. All nodes in this configuration are of equal
status; thus, responsibility for managing communications is distributed among the nodes. The
ring topology is a peer-to-peer arrangement in which all nodes are of equal status.
 Bus Topology – nodes are all connected to a common cable—the bus. Communications and file
transfers between workstations are controlled centrally by one or more servers.
ARCHITECTURES – this refers to either hardware or software, or a combination of both. The architecture
of a system always defines its broad out-lines, and may define precise mechanisms as well.
 Peer-to-peer (P2P) – this is a type of network in which each workstation has equivalent
capabilities and responsibilities. This architecture differs from client-server architectures, in
which some computers are dedicated to serving the others.
 Client-server – This is often misused to describe any type of network arrangement. This model
distributes the processing between the user’s (client) computer and the central file server. Both
computers are part of the network, but each is assigned functions that it performs best.
PROTOCOLS
Network protocols are the rules and standards governing the design of hardware and software
that permits users of networks manufactured by different vendors to communicate and share data.
Function of protocols:
 they facilitate the physical connection between the network devices. Through protocols, devices
are able to identify themselves to other devices as legitimate network entities and thus initiate a
communication session.
 synchronize the transfer of data between physical devices.
 provide a basis for error checking and measuring network performance.
 promote compatibility among network devices.
 promote network designs that are flexible, expandable, and cost-effective.
COMPONENTS
 Network Operating System – manages the functions and data across the network. NOS controls
communications between the physical devices connected to the network. There are three basic
methods for managing and controlling these transmissions:
1. Polling – the most popular technique for establishing communication sessions. In here,
the master node polls the slave nodes to determine if they have data to transmit.
2. Token Passing – this involves transmitting a special signal—the token—around the
network from node to node in a specific sequence. Only the node possessing the token
is allowed to transmit data.
3. Carrier Sensing – this is a random access technique that detects collisions when they
occur. The node wishing to transmit listens to the bus to determine if it is in use. If it
senses no transmission in progress, the node transmits its message to the receiving
node.
 Nodes/Terminals – any input-output device connected by a communications line to a computer
is a node. Many users interact with computers via terminals, which come in numerous varieties
and are produced by scores of vendors
1. Dumb Terminals – they can only send and receive data. All processing capability is
centralized in the host computer.
2. Smart Terminals – they can support user applications under the control of the host
computer. Most smart terminals provide local storage of data and permit data editing
before transmission.
3. Programmable Terminals – personal computer is used as a programmable terminal
 Transmission Channels
1. Asynchronous transmission – there is no continuous synchronization between the
sending and receiving devices
2. Synchronous transmission – this method uses a separate timing signal to keep the
receiving end’s device in constant synchronization with the transmitting device
3. Simplex transmission – allows transmission in one direction only
4. Half duplex transmission – allows signal to be sent in both directions but not
simultaneously
5. Full duplex transmission – signals can be sent and received simultaneously
  Server(s) – LAN nodes often share common resources such as programs, data, and printers,
which are managed through special-purpose computers called servers.

INTERNET
TYPES
 Intranet – this is designed to be accessible only by the organization’s members and employees,
or others who have proper authorization. Like the internet, intranets are used to share
information.
 Extranet – this internet-work is a password-controlled network for private users rather than the
general public. Extranets are used to provide access between trading partner internal databases.
COMPONENTS
 Client-server architecture – the foundational structure of the internet technologies used for the
internet
 Web Browser – the universal user interface to not only the internet and web, but many of the
newer systems and networks based on internet technologies as well
 Web Development Technologies – the tools used to build, maintain, and manage Web sites.
 Email
 File Transfer Protocol (FTP) – used to transfer files across the internet
 TCP/IP protocol suite – enables disparate systems and computers to communicate seamlessly
with each other

ELECTRONIC DATA INTERCHANGE

To coordinate sales and production operations and to maintain an uninterrupted flow of raw
materials, many organizations enter into a trading partner agreement with their suppliers and
customers. This agreement is the foundation for a reengineered and fully automated business process
called electronic data interchange. A general definition of EDI is: the intercompany exchange of
computer-processible business information in standard format.
The definition reveals several important features of EDI:
 It is an intercompany endeavor. A firm cannot engage in EDI on its own.
 The transaction is processed automatically by the information systems of the trading partners.
 Transaction information is transmitted in a standardized format so that the firms with different
internal systems can interface and do business
BENEFITS OF EDI
 Data Keying Reduction – EDI reduces or even eliminates the need for data entry
 Error Reduction – Firms using EDI see reductions in data keying errors, human interpretation
and classification errors, and filing (lost document) errors.
 Paper Reduction – The use of electronic envelopes and documents reduces drastically the paper
forms in the system
 Postage Reduction – mailed documents are replaced with much cheaper data transmissions
 Procedure Automation – EDI automates manual activities associated with purchasing, sales
order processing, cash disbursements, and cash receipts
 Inventory Reduction – by ordering directly as needed from vendors, EDI reduces the lag time
that promotes inventory accumulation
EDI AUDIT TRAIL
The absence of source documents in EDI transactions disrupts the traditional audit trail and
restricts the ability of accountants to verify the validity, completeness, timing, and accuracy of
transactions. One technique of restoring the audit trail is to maintain a control log, which records the
transaction’s flow through each phase of the EDI system.

ELECTRONIC COMMERCE
TYPES
 Business-to-Business (B2B) – encompasses all electronic transactions of goods or services
conducted between companies. Producers and traditional commerce wholesalers typically
operate with this type of electronic commerce.
 Business-to-Consumer (B2C) – distinguished by the establishment of electronic business
relationships between businesses and final consumers. It corresponds to the retail section of e-
commerce, where traditional retail trade normally operates.
 Consumer-to-Consumer (C2C) – encompasses all electronic transactions of goods or services
conducted between consumers. Generally, these transactions are conducted through a third
party, which provides the online platform where the transactions are actually carried out.
 Consumer-to-Business (C2B) – there is a complete reversal of the traditional sense of
exchanging goods. This type of e-commerce is very common in crowdsourcing based projects. A
large number of individuals make their services or products available for purchase for
companies seeking precisely these types of services or products.
 Business-to-Administration (B2A) - encompasses all transactions conducted online between
companies and public administration. This is an area that involves a large amount and a variety
of services, particularly in areas such as fiscal, social security, employment, legal documents and
registers, etc. These types of services have increased considerably in recent years with
investments made in e-government.
 Consumer-to-Administration (C2A) – encompasses all electronic transactions conducted
between individuals and public administration.
RISKS
Internal:
• Accidents or System/Infrastructure Failure – most common reason for problems
• Ineffective Accountability – in making sure the procedures are actually working. This creates the
same risk as if no policy or procedure were ever developed.
• Malicious Activities – from entity’s own employees (e.g., a fired employee might seek revenge
by an act of cyber terrorism or fraud.
• Fraud – by entity’s own employees
External:
• Intruders – hackers, crackers, script kiddies
• Viruses
• Cyber Terrorism/ Cyber-Crime
CONTROLLING INTERNET/ E-COMMERCE
CONTROLS
• Policies and Procedures – Once the risk assessment team identifies a risk, they should develop a
policy to state the organization’s intents regarding the risky event, which will lead to a choice of
procedures to prevent and detect the event.
• SDLC Techniques – practices such as documentation, involvement of end-users, testing of
systems offline before implementing them operationally, etc. have proven to be effective
• Anti-Virus Systems – AVS alone is not sufficient. It is necessary to also be a part of some alert
system or early warning system for emerging viruses.
• Message Sequence Numbers – a sequence number is inserted in each message, and any
attempt to delete a message, change the order of messages received, or duplicate a message by
an intruder in the communications channel will become apparent at the receiving end.
• Logs – all incoming and outgoing messages, as well as attempted (failed) access, should be
recorded in a message transaction log. The log records the ID, time of access, and the terminal
location or telephone number from which the access originated.
• Monitoring Systems – when combined with graphs that are conscientiously read, any malicious
activity could be spotted by radical changes in the trend line of the graph.
• Access Control Systems – used to authorize and authenticate users.
1. Call Back Systems – requires the dial-in user to enter a password and be identified. If the
caller is authorized, the call-back device dials the caller’s number to establish connection
2. Challenge-Response Systems – a control message from the sender and a response from
the receiver are sent at periodic, synchronized intervals.
3. Multifaceted Password Systems – combine passwords with other access controls such as
biometrics, dynamic PIN systems, advances security tools, etc.
4. Biometrics – automated measuring of one or more specific attributes of a person, with
the objective of being able to distinguish that person from all others.
5. Firewalls – consists of both software and hardware that provide a focal point for security
by channelling all network connections through a control gateway. It has two types:
network-level firewall and application-level firewall.
6. Intrusion Detection Systems – inspects all inbound and outbound network activity and
identifies suspicious patterns that may indicate a network or system attack from
someone attempting to break into or compromise a system.
7. Controlling Denial-of-Service Attacks
8. Encryption – conversion of data into a secret code for storage in databases and
transmission over networks.

AUDIT OBJECTIVES
• Verify the security and integrity of the electronic commerce transactions by determining that
controls (1) can detect and correct message loss due to equipment failure, (2) can prevent and
detect illegal access both internally and from the Internet, and (3) will render useless any data
that are successfully captured as a perpetrator.
 • Verify that backup procedures are sufficient to preserve the integrity and physical security of the
databases and other files connected to the network.
• Determine that (1) all EDI transactions are authorized, validated, and in compliance with the
trading partner agreement; (2) no authorized organizations accessed database records; (3)
authorized trading partners have access only to approved data; and (4) adequate controls are in
place to ensure a complete audit trail of all EDI transactions.
Backup Control for Network
• Verify that backup is performed routinely and frequently to facilitate the recovery of lost,
destroyed or corrupted data.
• Production databases should be copied at regular intervals.
• Verify that automatic backup procedures are in place and functioning, and copies of files and
databases are stored off-site for further security.
Test of Validation Controls
1. Review agreements with the VAN facility to validate transactions and ensure that information
regarding valid trading partners is complete and correct.
2. Examine the organization’s valid trading-partner file for accuracy and completeness.
Test of Access Controls
1. The auditor should determine that access to the valid vendor or customer file is limited to
authorized employees only. The auditor should verify that access to this file is controlled by
password and authority tables and that the data are encrypted.
2. The degree of access a trading partner should have to the firm’s database records will be
determined by the trading agreement. The auditor should reconcile the terms of the trading
agreement against the trading partner’s access privileges stated in the database authority table.
3. The auditor should simulate access by a sample of trading partners and attempt to violate
access privileges.
Test of Audit Trail Controls
1. The auditor should verify that the EDI system produces a transaction log that tracks transactions
through all stages of processing.

AUDIT PROCEDURES
1. Select a sample of messages from the transaction log and examine them for garbled contents
caused by line noise. The auditor should verify that all corrupted messages were successfully
retransmitted.
2. Review the message transaction log to verify that all messages were received in their proper
sequence.
3. Test the operation of the call-back feature by placing unauthorized call from outside the
installation.
4. Review security procedures governing the administration of data encryption keys.
5. Verify the encryption process by transmitting a test message and examining the contents at
various points along the channel between the sending and receiving locations.
 6. Review the adequacy of the firewall in achieving the proper balance between control and
convenience based on the organization’s business objectives and potential risks. Criteria for
assessing the firewall effectiveness include flexibility, proxy services, filtering, segregation of
systems, audit tools, probe for weaknesses, and review password control procedures.

IT ENVIRONMENTS – ON-LINE COMPUTER SYSTEMS (IAPs 1002)

These are computer systems that enable users to access data and programs directly through
terminal devices. Such systems may comprise mainframe computers, minicomputers or a network of
connected PCs. When the entity uses an on-line computer system, the technology is likely to be complex
and linked with the entity's strategic business plans. The audit team may require special IT skills to make
enquiries and to understand the implications of the responses obtained.
TYPES – classified according to how information is entered into the system, how it is processed, and
when the results are available to the user
 On-Line/Real-Time Processing – the classic online systems where transactions update the
master file immediately. Individual transactions are entered at terminal devices, validated and
used to update related computer files immediately.
 On-Line/Batch Processing – those with online data capture but batch updates. Individual
transactions are entered at a terminal device, subjected to certain validation checks and added
to a transaction file that contains other transactions entered during the period. Later, during a
subsequent processing cycle, the transaction file may be validated further and then used to
update the relevant master-file.
 On-Line/Memo Update – also known as shadow update, it combines on-line/real time
processing with on-line batch processing. The transactions only update a copy of the master file,
without affecting the actual master file. The master file is affected only when the transactions
are posted later. For all intents and purposes, this form of online system is really a batch system.
 On-Line/Inquiry - restrict the user to perform queries only of master files.
 On-Line Downloading/ Uploading Process – refers to the transfer of data from a master-file to
an intelligent terminal device for further processing by the user.
INTERNAL CONTROL IN AN ON-LINE COMPUTER SYSTEM
An entity's security infrastructure plays an important part in ensuring the integrity of the
information produced. The auditors, therefore, consider the security infrastructure before examining
the general and application controls. The entity may need to establish suitable general controls to
mitigate the risks of viruses, unauthorized access and the potential destruction of audit trails.
These controls may include the use of passwords and specialized access control software,
authorization tables, passwords, files and programs that users are permitted to access. They may also
include physical controls such as the use of key locks on terminal devices, locked computer rooms and
inactivity timeouts. Other important aspects of control in an on-line computer system include:
 Controls over passwords – procedures for the assignment and maintenance of passwords
 System development and maintenance controls – additional procedures to ensure that controls
essential to on-line applications are included in the system during its development and
maintenance
 Programming controls
 Transaction logs
 Firewalls
Certain application controls are particularly important to on-line processing:
 Pre-processing authorization – authorization to initiate a transaction
 Terminal device edit, reasonableness and other validation tests – programmed routines that
check the input data and processing results for completeness, accuracy and reasonableness
 Input error reporting and handling – procedures to ensure that all input errors are properly
reported, identified and rejected from further processing, corrected and resubmitted for
processing in a timely manner
 Cut-off procedures – ensure that transactions are processed in the proper accounting period
 File controls – procedures that ensure the correct data files are used for on-line processing
 Master file controls – changes to master-files are controlled by procedures similar to those used
for controlling other input transaction data. More stringent enforcement of these control
procedures may be necessary because master file data may have a pervasive effect on
processing results
 Balancing – these controls are important to monitoring completeness and accuracy controls in a
real-time processing environment
EFFECT OF ON-LINE COMPUTER SYSTEMS ON THE ACCOUNTING SYSTEM & RELATED INTERNAL
CONTROLS
The effect of an on-line computer system on the accounting system and the associated risks will
generally depend on:
 The extent to which the on-line system is being used to process accounting applications
 the type and significance of financial transactions being processed
 the nature of files and programs the applications use
Factors such as the following may reduce the risk of errors occurring because of the entity's use of on-
line systems:
 Performing data entry at or near the point where transactions originate reduces the risk that the
transactions will not be recorded
 Immediate correction and re-entering of invalid transactions reduces the risk that such
transactions will not be corrected and resubmitted quickly
 Data entry performed by individuals who understand the nature of the transactions involved
may be less prone to error than when performed by individuals unfamiliar with the nature of
the transactions
 Processing transactions immediately reduces the risk that they will be processed in the wrong
accounting period
 Authentication and authorization carried out at or near the point where transactions originate
reduces the risk of impersonation or other unauthorized access to or manipulation of data
The risk of errors in on-line computer systems may be increased for the following reasons:
 Locating terminal devices throughout the entity increases the opportunity for unauthorized use
of a terminal device and the entry of unauthorized transactions.
 On-line terminal devices may provide easier opportunity for unauthorized uses.
 If on-line processing is interrupted for any reason, for example, due to faulty
telecommunications, there may be a greater chance that transactions or files may be lost and
that the recovery may not be accurate and complete.
  On-line access to data and programs from remote sites through telecommunications may
provide greater opportunity for access to data and programs by unauthorized persons.
Organizations that have links to the Internet require greater controls, such as firewalls, to
manage the risk of unauthorized access to data and programs.
 The use of electronic commerce and EDI for the exchange of documents between two
organizations results in the loss of traditional paper audit trails, including invoices and purchase
orders.
EFFECTS OF ON-LINE OMPUTER SYSTEMS ON AUDIT PROCEDURES
The following matters are of particular importance to the auditor in an on-line computer system:
 authorization, completeness and accuracy of on-line transactions through the implementation
of appropriate controls at the time when the transaction is accepted for processing
 integrity of records and processing, due to many users and programmers having on-line access
to the system
 necessary changes in the performance of audit procedures, including the use of CAATs due to
matters such as:
1. the need for audit team with technical skills in on-line computer systems
2. the effect of the on-line computer system on the timing of the audit procedures
3. the lack of visible transaction trails
4. procedures carried out during the audit planning stage
5. audit procedure performed concurrently with on-line processing
6. procedures performed after processing has taken place
Procedures carried out during the planning stage may include:
 the participation on the audit team of individuals with technical proficiency in on-line computer
systems and related controls
 identification of any new remote access facilities
 preliminary determination, during the risk assessment process, of the impact of the system on
the audit procedures
Procedures performed after processing has taken place may include the following:
 tests of controls over transactions logged by the on-line system for authorization, completeness
and accuracy
 substantive procedures covering transactions and processing results rather than tests of control,
where the former may be more cost-effective or where the system is not well-designed or
controlled
 reprocessing transactions as either a test of control or a substantive procedure

ELECTRONIC COMMERCE – EFFECT ON THE AUDIT OF FINANCIAL STATEMENT (PAPs

1013)
The purpose of this Philippine Auditing Practice Statement is to provide guidance to assist
auditors of financial statements where an entity engages in commercial activity that takes place by
means of connected computers over a public network.
SKILLS AND KNOWLEDGE
The level of skills and knowledge required to understand the effect of ecommerce on the audit
will vary with the complexity of the entity’s e-commerce activities. The auditor considers whether the
personnel assigned to the engagement have appropriate IT and Internet business knowledge to perform
the audit.
In some circumstances, the auditor may decide to use the work of an expert. When the work of
an expert is used, the auditor obtains sufficient appropriate audit evidence that such work is adequate
for the purposes of the audit. The auditor also considers how the work of the expert is integrated with
the work of others on the audit, and what procedures are undertaken regarding risks identified through
the expert’s work.
KNOWLEDGE OF THE BUSINESS
The auditor’s knowledge of the business is fundamental to assessing the significance of e-commerce to
the entity’s business activities and any effect on audit risk. In obtaining or updating knowledge of the
entity’s business, the auditor considers, so far as they affect the financial statements:
 entity’s business activities and industry
 entity’s e-commerce strategy
 extent of the entity’s e-commerce activities
 entity’s outsourcing arrangements
RISK IDENTIFICATION
Management faces many business risks relating to the entity’s e-commerce activities, including:
 loss of transaction integrity
 pervasive e-commerce security risks
 system availability risks
 loss of information privacy, leading to loss in customer confidence in transacting business over
the entity’s website
 improper accounting policies
 noncompliance with taxation and other legal and regulatory requirements
 failure to ensure that contracts evidenced only by electronic means are binding
 over reliance on e-commerce
The entity addresses certain business risks arising in e-commerce through the implementation of an
appropriate security infrastructure and related controls, which generally include measures to:
 verify the identity of customers and suppliers,
 ensure the integrity of transactions and business processes,
 ensure that information and information systems are available during the periods disclosed by
the entity,
 obtain agreement on terms of trade, including agreement of delivery and credit terms and
dispute resolution processes, which may address tracking of transactions and procedures to
ensure a party to a transaction cannot later deny having agreed to specified terms
(nonrepudiation procedures),
 obtain payment from, or secure credit facilities for, customers, and establish privacy and
information protection protocols.
INTERNAL CONTROL CONSIDERATIONS
 Security - The security infrastructure and related controls may include an information security
policy, an information security risk assessment, and standards, measures, practices, and
procedures within which individual systems are introduced and maintained, including both
physical measures and logical and other technical safeguards such as user identifiers, passwords
and firewalls.
 Transaction Integrity - The auditor considers the completeness, accuracy, timeliness and
authorization of information provided for recording and processing in the entity’s financial
records (transaction integrity). Audit procedures regarding the integrity of information in the
accounting system relating to e-commerce transactions are largely concerned with evaluating
the reliability of the systems in use for capturing and processing such information.
 Process Alignment - refers to the way various IT systems are integrated with one another and
thus operate, in effect, as one system. In the e-commerce environment, it is important that
transactions generated from an entity’s web site are processed properly by the entity’s internal
systems, such as the accounting system, customer relationship management systems and
inventory management systems.
EFFECT OF ELECTRONIC RECORDS ON AUDIT EVIDENCE
There may not be any paper records for e-commerce transactions, and electronic records may
be more easily destroyed or altered than paper record without leaving evidence of such destruction or
alteration. The auditor considers whether the entity’s security of information policies, and security
controls as implemented, are adequate to prevent unauthorized changes to the accounting system or
records, or to systems that provide data to the accounting system.
The auditor may test automated controls, such as record integrity checks, electronic date
stamps, digital signatures, and version controls when considering the integrity of electronic evidence.
Depending on the auditor’s assessment of these controls, the auditor may also consider the need to
perform additional procedures such as confirming transaction details or account balances with third
parties.

SEALS OF ASSURANCE
E-commerce assurance seal services are defined as web assurance services (WASSs) for internet
e-retailers’ sites provided by third-party. The third-party web assurance seal is one strategy where
vendors can signal trust-worthiness to the online shopper, especially for smaller vendors. The online
symbols are usually displayed on the front page of the vendor’s website and vendors see the investment
as an enhancement of trustworthiness to the consumer.
Three functions are most commonly served by these web assurance seals: transaction security,
consumer privacy, and transaction integrity.
TYPES
 Privacy assurance – a promise from the vendor to the consumer to not share consumer’s
personal information with a third party.
 Security assurance – has the objective of making online transactions safer through the use of
encryption; it stops the unauthorized access to the private information without the consent of
either the consumer or vendor. This prevents the use of credit data for personal or nefarious
gains by the hacker.
PROS
 Ease of recognition of vendor credentials – consumers turn to third party seal programs to
verify credentials of online vendors
 Signal of trustworthiness of online vendors – web assurance seals play an important role in
increasing the perceived trustworthiness of vendors for consumers who perceive a high risk in
conducting online purchases
 Brand enhancement – web assurance seals are also used as a co-branding strategy to signal to
consumers that the site has achieved a certain high standard
 Role of risk reliever – the presence of an assurance seal on a website is essential form of
guarantee to the customers
 Price premium seal protected websites – Firms that display security seals charge a higher price
for their product than competitors without a seal. However, the premium disappears when
many vendors are all sealed.
CONS
 Weakening effects of seals when combined – the privacy assurance function, when combined
with other security assurance, can have less impact on consumers’ initial trust on a per-seal
basis. This means that customers can become desensitized when there are too many seals
displayed simultaneously on a website.
 Potential breach of customer trust – since a seal represents all its e-retailors that use the seal
on their website, if a potential e-retailor breaches a seal standard, it may significantly impact the
reputation of that seal for all the vendors who carry that seal
 Information asymmetry – if consumers are unfamiliar with the role of seals and are not able to
distinguish the seals that require a rigorous verification process from those that are weak, then
seals do not provide useful information to users and users remain distrustful towards the site
 Lack of guarantee – obtaining a seal merely means that a business is able to pass certain
predesigned monitoring tests on an ongoing basis; there is no guarantee that a security breach
would not occur in the future

Benitez, Ralph
Felices, Jeanette
Iral, Jean Nicole