When evaluating the controls of an EDI application, an IS auditor should PRIMARILY be concerned
with the risk of:
excessive transaction turnaround time.
application interface failure.
improper transaction authorization.
nonvalidated batch totals.
Foremost among the risks associated with electronic data interchange (EDI) is improper transaction
authorization. Since the interaction with the parties is electronic, there is no inherent authentication.
The other choices, although risks, are not assignificant.