What area should the IS auditor improve if unauthorized transactions are discovered in EDI transactions?

When unauthorized transactions are discovered in Electronic Data Interchange (EDI) transactions, the most critical area for an IS auditor to focus on is the authentication techniques for sending and receiving messages. Effective authentication ensures that both parties in an EDI transaction are who they claim to be and that the data being exchanged is legitimate and unaltered.

In EDI environments, the risk of unauthorized access and transaction manipulation is heightened due to the automated nature of data exchange. By improving authentication mechanisms—such as using strong passwords, digital certificates, multi-factor authentication, or cryptographic techniques—the organization can significantly enhance the security of the transactions and reduce the likelihood of unauthorized actions.

Strengthening authentication helps to establish trust in the systems involved and mitigates the risk of fraud and data breaches, which is particularly vital in EDI where transactions can have immediate and far-reaching impacts on supply chains and business operations.

The other areas, while important for overall control and governance, would not directly address the immediate concern of unauthorized transactions in EDI. For instance, trading partner agreements set the terms for the relationship but do not ensure transaction security on their own, physical controls for terminals pertain more to the security of physical devices, and program change control procedures focus on software integrity rather than securing