Author(s)
  Rezaee, Zabihollah.,Aggarwal, Rajesh.

Source
  Internal Auditor Feb 1996, v53n1, p. 40-44 (5 pages)

Abstract:
  The success of an organization depends on its timely communication with vendors, customers, suppliers, and other external entities. Electronic data interchange (EDI), which many organizations a vital communications edge. The goal of risk assessment in an EDI environment is to determine the probability of undesirable events and their associated costs and to install control mechanisms to minimize risk to an acceptable level. The vulnerability of an EDI system is high because the failure of the system in any of it three stages - initiation, transmission, and destination - will corrupt transactions. The categories of inherent risk and related internal control activities include: 1. unauthorized intruder accessing information, 2. loss of data integrity, 3. lack of transaction completeness, 4. unavailability of the EDI system, 5. inability to transmit transactions, 6. lack of legal guidance.