Top 13 Electronic Data Interface (EDI) Security Risk
1. Loss of business continuity/going-concern problem. Inadvertent or deliberate corruption of EDI-related applications could a. ect every EDI transaction entered into by an organization, impacting customer satisfaction, supplier relations, and possibly business continuity eventually.
2. Loss of confidentiality of sensitive information. Sensitive information may be accidentally or deliberately divulged on the network or in the mailbox storage system to unauthorized parties including competitors.
3. Increased exposure to fraud. Access to computer systems may provide an increased opportunity to change the computer records of both a single organization and that of its trading partners by sta. of the trading parties or by third-party network
4. Manipulation of payment. A situation where amounts charged by or paid to suppliers are not reviewed before transmission. A erefore, there is a risk that payments could be made for goods not received, payment amounts could be excessive, or duplicate payment could occur.
5. Loss of transactions. Transactions could be lost as a result of processing disruptions at thirdparty network sites or en route to the recipient organization, which could cause losses to the organization and inaccurate financial reporting.
6. Errors in information and communication systems. Errors in the processing and communications systems, such as incorrect message repair, can result in the transmission of incorrect trading information or inaccurate reporting to management.
7. Loss of audit trail. EDI eliminates the need for hard copy.
8. Concentration of control. A ere will be increased reliance on computer controls where they replace manual controls, and they may not be suficiently timely.
9. Application failure. Application or EDI component failures could have a significant negative impact on partner organizations within the respective business cycles
10. Potential legal liability. A situation where liability is not clearly de. ned in trading partner agreements, legal liability may arise due to errors outside the control of an organization or by its own employees. A ere is still considerable uncertainty about the legal status of EDI documents or the inability to enforce contracts in unforeseen circumstances.
11. Overcharging by third-party service providers. Third-party suppliers may accidentally or deliberately overcharge an organization that is using their services.
12. Manipulation of organization. An information available to the proprietors of third-party networks may enable them or competitors to take unfair advantage of an organization.
13. Not achieving anticipated cost savings. Happens where the anticipated cost savings from the investment in EDI are not realized for some reason by an organization.
source: IT Control & Audit, Sandra Senft
Popularity: 36% [?]
