What is the primary concern for an IS auditor evaluating EDI application controls?

The primary concern for an IS auditor evaluating EDI (Electronic Data Interchange) application controls is improper transaction authorization. This is critical because EDI systems facilitate the automated exchange of business documents between trading partners. Ensuring that transactions are properly authorized is pivotal in preventing unauthorized transactions that could lead to significant financial loss, fraud, or data integrity issues.

In an EDI environment, where transactions are often processed with little human intervention, robust authorization controls help ensure that only valid and approved transactions are executed. This includes verifying that the transaction meets pre-set criteria and that the entities involved in the transaction have the appropriate permissions.

While excessive transaction turnaround time, application interface failures, and non-validated batch totals are also significant aspects of EDI systems, they do not directly address the security and integrity of transactions in the same way that authorization does. Ensuring proper transaction authorization mitigates risks and helps maintain trust between parties involved in the EDI process.