| |
| |
Foreword | |
| |
| |
Preface | |
| |
| |
Acknowledgments | |
| |
| |
| |
The Frontier: An EDI Overview | |
| |
| |
| |
Exactly What Is EDI? | |
| |
| |
| |
Growth of EDI | |
| |
| |
| |
EDI Market Acceptance | |
| |
| |
| |
The Costs and Benefits of Imppementing EDI | |
| |
| |
| |
Who Should Use EDI? | |
| |
| |
| |
EDI Operating Issues | |
| |
| |
| |
EDI Risks | |
| |
| |
| |
Management Control Concerns | |
| |
| |
| |
General Controls in EDI Standards | |
| |
| |
| |
ANSI | |
| |
| |
| |
UN/EDIFACT | |
| |
| |
| |
Acknowledgments | |
| |
| |
| |
EDI Audit Implications | |
| |
| |
| |
Summary | |
| |
| |
| |
EDI Infrastructure and Standards | |
| |
| |
| |
The Essential Components of EDI | |
| |
| |
| |
Standards | |
| |
| |
| |
Telecommunications Hardware and Software | |
| |
| |
| |
Translation Software | |
| |
| |
| |
Standards: Evolution of a Business Tool | |
| |
| |
| |
The Development of North American Standards | |
| |
| |
| |
The Development of International Standards | |
| |
| |
| |
The Standards Controversy | |
| |
| |
| |
ANSI ASC X12 Transaction Set Table, Segment Dictionary Format, and Data Element Definition | |
| |
| |
| |
Networks and Telecommunications | |
| |
| |
| |
Third-Party Networks | |
| |
| |
| |
Benefits of Value-Added Networks | |
| |
| |
| |
Interconnectability: VAN Versus Point-to-Point | |
| |
| |
| |
Selecting a Third-Party Network | |
| |
| |
| |
Internal Controls in Third-Party Networks | |
| |
| |
| |
Access Control | |
| |
| |
| |
Data Integrity | |
| |
| |
| |
Transmission Security | |
| |
| |
| |
Liability of Third-Party Network Vendors | |
| |
| |
| |
Cross-Vulnerabilities in EDI Partnerships | |
| |
| |
| |
What is Cross-Vulnerability in EDI? | |
| |
| |
| |
Cross-Vulnerabilities Involving Security | |
| |
| |
| |
Point-of-Sale and EDI Security | |
| |
| |
| |
Limitations of Current Security Structures | |
| |
| |
| |
Security Solutions | |
| |
| |
| |
Cross-Vulnerabilities in Other Business Areas | |
| |
| |
| |
Difficulties with Shared Standards | |
| |
| |
| |
The Uncertain Legal Status of EDI Contracts | |
| |
| |
| |
Conflicts in Partners' Competitive Profiles | |
| |
| |
| |
More EDI-Related Exposures | |
| |
| |
| |
Summary and Recommendations | |
| |
| |
| |
Control Self-Assessment Worksheet and Summary | |
| |
| |
| |
Managing Interenterprise Partnerships | |
| |
| |
| |
Characteristics of Interenterprise Partnerships | |
| |
| |
| |
Selecting Trading Partners | |
| |
| |
| |
The Trading Partner Agreement | |
| |
| |
| |
Other EDI Agreements | |
| |
| |
| |
Third-Party Network Agreements | |
| |
| |
| |
Application Software Agreements | |
| |
| |
| |
Legal Issues, Lawyers, and Auditors | |
| |
| |
| |
Fundamental Questions | |
| |
| |
| |
Creating an Enforceable Contract | |
| |
| |
| |
A Matter of Evidence | |
| |
| |
| |
Managing Liability and Risk | |
| |
| |
| |
Conventions, Guidelines, and Agreements | |
| |
| |
| |
Summary | |
| |
| |
| |
EDI Application Control Issues | |
| |
| |
| |
Internal Controls in Information Systems | |
| |
| |
| |
Application Controls | |
| |
| |
| |
Security Controls | |
| |
| |
| |
Environmental Controls | |
| |
| |
| |
Project Controls | |
| |
| |
| |
EDI Standard-Driven Controls | |
| |
| |
| |
Other EDI-Specific Controls | |
| |
| |
| |
Controls for Transaction Accuracy and Completeness | |
| |
| |
| |
Inbound Transaction Control Considerations | |
| |
| |
| |
Outbound Transaction Control Considerations | |
| |
| |
| |
Transmission Control Considerations | |
| |
| |
| |
Control Agreements Between Partners | |
| |
| |
| |
EDI Management and Environmental Control | |
| |
| |
| |
Environmental Controls: An Overview | |
| |
| |
| |
Operations and Management | |
| |
| |
| |
Computer Operations | |
| |
| |
| |
Data and Program Security | |
| |
| |
| |
Contingency Planning and Disaster Recovery | |
| |
| |
| |
Project Management | |
| |
| |
| |
Learn About EDI | |
| |
| |
| |
Gain Executive Commitment and Management Buy-In | |
| |
| |
| |
Establish Quality Project Plan | |
| |
| |
| |
Review Business Processes and Internal Systems | |
| |
| |
| |
Conduct Surveys | |
| |
| |
| |
Review Standards and Documents to be Exchanged | |
| |
| |
| |
Choose Translation Software | |
| |
| |
| |
Choose a Network Provider | |
| |
| |
| |
Design, Develop, and Test the System | |
| |
| |
| |
Cut Over to and Implement the EDI System | |
| |
| |
| |
Perform Postimplementation Review | |
| |
| |
| |
Vendor-Supplied Translation Software | |
| |
| |
| |
EDI and Records Retention | |
| |
| |
| |
The Risks of Poor Records Retention | |
| |
| |
| |
The Objectives of Good Records Retention | |
| |
| |
| |
The Basic Principles of Records Retention | |
| |
| |
| |
Paper Versus Electronic Copies | |
| |
| |
| |
The Admissibility of Electronic Records | |
| |
| |
| |
Key Considerations for an EDI Records Management Program | |
| |
| |
| |
Storage Media | |
| |
| |
| |
Auditability of Records | |
| |
| |
| |
Records to Consider Keeping | |
| |
| |
| |
Retention Requirements for EDI | |
| |
| |
| |
The Control Dimensions of Financial EDI | |
| |
| |
| |
What is Financial EDI? | |
| |
| |
| |
ANSI ASC X12 Versus UN/EDIFACT Payment Formats | |
| |
| |
| |
Financial EDI in Insurance | |
| |
| |
| |
The Financial EDI Information Component | |
| |
| |
| |
The Canadian Financial EDI Audit Trail | |
| |
| |
| |
Uniform Commerical Code Article 4A: Funds Transfer | |
| |
| |
| |
The Model Electronic Payments Agreement and Commentary | |
| |
| |
| |
Canadian Inter-Financial Institution EDI Control and Audit Standards | |
| |
| |
| |
Uniform Conduct for the Interchange of Trade Data by Teletransmission | |
| |
| |
| |
Financial EDI Controls | |
| |
| |
| |
The Payor's Perspective | |
| |
| |
| |
The Payee's Perspective | |
| |
| |
| |
The Financial Institution's Perspective | |
| |
| |
| |
Evaluated Receipt Settlement and Financial EDI: An Application at the Macro Level | |
| |
| |
| |
Summary | |
| |
| |
| |
EDI Audit Considerations | |
| |
| |
| |
The Auditor as Control Consultant | |
| |
| |
| |
General Audit Implications for EDI | |
| |
| |
| |
The External Auditor's Role | |
| |
| |
| |
Knowledge of the Business | |
| |
| |
| |
Assessment of Risk | |
| |
| |
| |
Evaluation of General Controls | |
| |
| |
| |
Evaluation of Processing Controls | |
| |
| |
| |
Testing | |
| |
| |
| |
Use of Computer-Assisted Audit Techniques | |
| |
| |
| |
The Internal Auditor's Role | |
| |
| |
| |
Final Thoughts on the Auditor's Changing Role | |
| |
| |
Epilogue | |
| |
| |
| |
General Considerations for an EDI Audit | |
| |
| |
| |
Management Control Concerns | |
| |
| |
| |
Loss of the Paper Audit Trail | |
| |
| |
| |
Business Continuity | |
| |
| |
| |
Exposure of Data to Third Parties | |
| |
| |
| |
Potential Legal Liability | |
| |
| |
| |
Records Retention and Retrievability | |
| |
| |
| |
Segregation of Duties | |
| |
| |
| |
Managing Interenterprise Relationships | |
| |
| |
| |
Implications for Information Systems Auditors | |
| |
| |
| |
An EDI Implementation Audit Program | |
| |
| |
| |
Audit Objective | |
| |
| |
| |
Implementation Audit Program | |
| |
| |
| |
A Financial EDI Audit Program | |
| |
| |
| |
Overview | |
| |
| |
| |
Audit Procedures for Generic Funds Transfer | |
| |
| |
| |
Management and Administrative Controls | |
| |
| |
| |
System Controls | |
| |
| |
| |
User (Operational) Controls | |
| |
| |
| |
Financial EDI-Specific Audit Procedures | |
| |
| |
| |
Management Controls | |
| |
| |
| |
Application Controls | |
| |
| |
| |
Environmental Controls | |
| |
| |
| |
Audit Considerations for Trading Partner Agreements | |
| |
| |
| |
Review Model Trading Partner Agreements | |
| |
| |
| |
Evaluate Controls to be Included in the Trading Partner Agreement | |
| |
| |
| |
Evaluate Interorganizational Control Assurances | |
| |
| |
| |
Audit Considerations for Third-Party Network Agreements | |
| |
| |
| |
Complete Statement of Terms | |
| |
| |
| |
Data Ownership | |
| |
| |
| |
Confidentiality | |
| |
| |
| |
Investigations and Audits | |
| |
| |
| |
Liability for Errors | |
| |
| |
| |
Amendments | |
| |
| |
| |
Termination | |
| |
| |
| |
Environmental Audit Considerations: Contingency Planning and Disaster Recovery | |
| |
| |
| |
Telecommunications Services and Support | |
| |
| |
| |
Additional Audit Considerations | |
| |
| |
| |
Recommended Readings | |
| |
| |
| |
General Readings | |
| |
| |
| |
Management Topics | |
| |
| |
| |
Standards | |
| |
| |
| |
Audit and Control Issues | |
| |
| |
| |
Security Issues | |
| |
| |
| |
Legal Issues | |
| |
| |
| |
Network and Telecommunications Issues | |
| |
| |
| |
Software and Third-Party Network Vendors | |
| |
| |
| |
Productivity Enhancements | |
| |
| |
| |
Contingency Planning and Disaster Recovery | |
| |
| |
| |
Association Addresses | |
| |
| |
Glossary | |
| |
| |
About the Authors | |
| |
| |
Index | |