- 15 Marks
Question
Electronic Data Interchange (EDI) systems allow electronic transmission of business documents, such as purchase orders, invoices, payroll information, etc.
Required: a. Explain FOUR major controls to be put in place to minimize the risks inherent in EDI systems. (8 Marks) b. Discuss THREE features of EDI Systems that may create additional problems for the auditor. (7 Marks)
Answer
- Controls to Minimize Risks in EDI Systems:
- Data Transmission Controls: Use of encryption, authentication codes, and acknowledgement codes to secure transmitted data and ensure it is both sent and received by the correct parties.
- Access Control: Ensure that only authorized personnel have access to the EDI system by using passwords, user profiles, and role-based access control.
- Monitoring and Output Control: Implement continuous monitoring of system outputs to verify accuracy and ensure any anomalies are promptly addressed.
- Virus Protection and Backup Plans: Install antivirus software and set up contingency plans, such as regular data backups, to protect against system failures or security breaches.
- Features of EDI Systems that May Create Problems for the Auditor:
- Lack of Paper Audit Trail: EDI transactions typically lack physical documentation, making it difficult for auditors to trace transactions manually.
- Increased Dependence on IT Systems: A failure in the computer system could result in significant disruptions, increasing audit risks if not properly managed.
- Security Risks: Unauthorized individuals could potentially intercept or alter transmitted data, compromising the reliability of the system.
- Tags: Audit risks, Computerized Audits, Controls, Data Transmission, EDI
- Level: Level 2
- Topic: Auditing in a Computerized Environment
- Series: MAY 2018
- Uploader: Kofi