CISA Certified Information Systems Auditor – Question2848 - CISA Certified Information Systems Auditor

An appropriate control for ensuring the authenticity of orders received in an EDI application is to:

A. acknowledge receipt of electronic orders with a confirmation message.
B. perform reasonableness checks on quantities ordered before filling orders.
C. verify the identity of senders and determine if orders correspond to contract terms.
D. encrypt electronic orders.

Correct Answer: C

Explanation:

Explanation:
An electronic data interchange (EDI) system is subject not only to the usual risk exposures of computer systems but also to those arising from the potential ineffectiveness of controls on the part of the trading partner and the third-party service provider, making authentication of users and messages a major security concern. Acknowledging the receipt of electronic orders with a confirming message is good practice but will not authenticate orders from customers. Performing reasonableness checks on quantities ordered before placing orders is a control for ensuring the correctness of the company’s orders, not the authenticity of its customers’ orders. Encrypting sensitive messages is an appropriate step but does not apply to messages received.