EDI Systems Audit Program
Review the Letter of Understanding and create the APM (Audit
Planning Memorandum) accordingly.
Gain a high-level understanding of Auditee’s EDI environment through
discussions with Auditee IT Management and prepare a detailed audit
Prepare detailed client assistance list and send it to Auditee.
Management & Organization
Review EDI management documents for evidence of executive
commitment and sound business strategy
Review and comment on the EDI Business Plan
Determine level of participation in EDI industry groups
Review for evidence of long term proactive EDI business planning
Obtain evidence of cooperative project management and relationship
building with trading partners
Assess viability of EDI compliance program or control self assessment
Assure the system development lifecycle procedures require the testing
and review of new EDI technology controls
Assure contractual arrangements with trading partners and
software/network vendors are well documented and reviewed by legal
Application Level Accuracy and Completeness
• Verify translation software is capable of performing required syntax
• Review test base cases and testing procedures (run own tests if
• Review criteria for various levels of acknowledgement
• Verify they are agreed to by the trading partner(s)
Special Editing Rules for Positive or Negative Acknowledgement
• Verify effective documentation exists for special editing rules
critical to positive or negative acknowledgment.
• Verify special editing rules are tested.
Assess the adequacy of application input/edit controls.