EDI Security, Control and Audit

Name: EDI Security, Control and Audit
Price: 121.27 USD
Availability: InStock
ISBN: 9780890066102

ISBN-10: 0890066108

ISBN-13: 9780890066102

Edition: 1993

Authors: Albert J. Marcella, Sally Chan, John Merriam

List price: $125.00

30 day, 100% satisfaction guarantee!

Marketplace

1 new & used from $121.27

what's this?

Rush Rewards U
Members Receive:

You have reached 400 XP and carrot coins. That is the daily max!

Description:

A comprehensive discussion of risks involved with electronic data interchange, the computer-to-computer mode by which more and more companies conduct business with each other worldwide. Identifies the possible control, security, and legal dangers, and suggests checklists and safety programs for managers who are implementing such systems, and for system auditors and analysts. Annotation copyright by Book News, Inc., Portland, OR

Book details

List price: $125.00
Copyright year: 1993
Publisher: Artech House, Incorporated
Binding: Hardcover
Pages: 234
Size: 6.25" wide x 9.25" long x 0.50" tall
Weight: 1.100
Language: English



Foreword


Preface


Acknowledgments



The Frontier: An EDI Overview



Exactly What Is EDI?



Growth of EDI



EDI Market Acceptance



The Costs and Benefits of Imppementing EDI



Who Should Use EDI?



EDI Operating Issues



EDI Risks



Management Control Concerns



General Controls in EDI Standards



ANSI



UN/EDIFACT



Acknowledgments



EDI Audit Implications



Summary



EDI Infrastructure and Standards



The Essential Components of EDI



Standards



Telecommunications Hardware and Software



Translation Software



Standards: Evolution of a Business Tool



The Development of North American Standards



The Development of International Standards



The Standards Controversy



ANSI ASC X12 Transaction Set Table, Segment Dictionary Format, and Data Element Definition



Networks and Telecommunications



Third-Party Networks



Benefits of Value-Added Networks



Interconnectability: VAN Versus Point-to-Point



Selecting a Third-Party Network



Internal Controls in Third-Party Networks



Access Control



Data Integrity



Transmission Security



Liability of Third-Party Network Vendors



Cross-Vulnerabilities in EDI Partnerships



What is Cross-Vulnerability in EDI?



Cross-Vulnerabilities Involving Security



Point-of-Sale and EDI Security



Limitations of Current Security Structures



Security Solutions



Cross-Vulnerabilities in Other Business Areas



Difficulties with Shared Standards



The Uncertain Legal Status of EDI Contracts



Conflicts in Partners' Competitive Profiles



More EDI-Related Exposures



Summary and Recommendations



Control Self-Assessment Worksheet and Summary



Managing Interenterprise Partnerships



Characteristics of Interenterprise Partnerships



Selecting Trading Partners



The Trading Partner Agreement



Other EDI Agreements



Third-Party Network Agreements



Application Software Agreements



Legal Issues, Lawyers, and Auditors



Fundamental Questions



Creating an Enforceable Contract



A Matter of Evidence



Managing Liability and Risk



Conventions, Guidelines, and Agreements



Summary



EDI Application Control Issues



Internal Controls in Information Systems



Application Controls



Security Controls



Environmental Controls



Project Controls



EDI Standard-Driven Controls



Other EDI-Specific Controls



Controls for Transaction Accuracy and Completeness



Inbound Transaction Control Considerations



Outbound Transaction Control Considerations



Transmission Control Considerations



Control Agreements Between Partners



EDI Management and Environmental Control



Environmental Controls: An Overview



Operations and Management



Computer Operations



Data and Program Security



Contingency Planning and Disaster Recovery



Project Management



Learn About EDI



Gain Executive Commitment and Management Buy-In



Establish Quality Project Plan



Review Business Processes and Internal Systems



Conduct Surveys



Review Standards and Documents to be Exchanged



Choose Translation Software



Choose a Network Provider



Design, Develop, and Test the System



Cut Over to and Implement the EDI System



Perform Postimplementation Review



Vendor-Supplied Translation Software



EDI and Records Retention



The Risks of Poor Records Retention



The Objectives of Good Records Retention



The Basic Principles of Records Retention



Paper Versus Electronic Copies



The Admissibility of Electronic Records



Key Considerations for an EDI Records Management Program



Storage Media



Auditability of Records



Records to Consider Keeping



Retention Requirements for EDI



The Control Dimensions of Financial EDI



What is Financial EDI?



ANSI ASC X12 Versus UN/EDIFACT Payment Formats



Financial EDI in Insurance



The Financial EDI Information Component



The Canadian Financial EDI Audit Trail



Uniform Commerical Code Article 4A: Funds Transfer



The Model Electronic Payments Agreement and Commentary



Canadian Inter-Financial Institution EDI Control and Audit Standards



Uniform Conduct for the Interchange of Trade Data by Teletransmission



Financial EDI Controls



The Payor's Perspective



The Payee's Perspective



The Financial Institution's Perspective



Evaluated Receipt Settlement and Financial EDI: An Application at the Macro Level



Summary



EDI Audit Considerations



The Auditor as Control Consultant



General Audit Implications for EDI



The External Auditor's Role



Knowledge of the Business



Assessment of Risk



Evaluation of General Controls



Evaluation of Processing Controls



Testing



Use of Computer-Assisted Audit Techniques



The Internal Auditor's Role



Final Thoughts on the Auditor's Changing Role


Epilogue



General Considerations for an EDI Audit



Management Control Concerns



Loss of the Paper Audit Trail



Business Continuity



Exposure of Data to Third Parties



Potential Legal Liability



Records Retention and Retrievability



Segregation of Duties



Managing Interenterprise Relationships



Implications for Information Systems Auditors



An EDI Implementation Audit Program



Audit Objective



Implementation Audit Program



A Financial EDI Audit Program



Overview



Audit Procedures for Generic Funds Transfer



Management and Administrative Controls



System Controls



User (Operational) Controls



Financial EDI-Specific Audit Procedures



Management Controls



Application Controls



Environmental Controls



Audit Considerations for Trading Partner Agreements



Review Model Trading Partner Agreements



Evaluate Controls to be Included in the Trading Partner Agreement



Evaluate Interorganizational Control Assurances



Audit Considerations for Third-Party Network Agreements



Complete Statement of Terms



Data Ownership



Confidentiality



Investigations and Audits



Liability for Errors



Amendments



Termination



Environmental Audit Considerations: Contingency Planning and Disaster Recovery



Telecommunications Services and Support



Additional Audit Considerations



Recommended Readings



General Readings



Management Topics



Standards



Audit and Control Issues



Security Issues



Legal Issues



Network and Telecommunications Issues



Software and Third-Party Network Vendors



Productivity Enhancements



Contingency Planning and Disaster Recovery



Association Addresses


Glossary


About the Authors


Index