Organisations continuously have to question traditional thinking and implement state of the art systems to control e-commerce applications. A Public Key Infrastructure (PKI) has established itself as the generally accepted method to control e-commerce transactions. This infrastructure comprises complex technology supported by specific manual and electronic control procedures. In the e-commerce realm, auditing professionals are increasingly challenged with new technologies and different methodologies such as PKI. This article examines the inherent risks associated with implementing a PKI and gives guidance on control appropriate control measures.