EDI Systems Audit Program
A
Planning/Administrative
1
Review the Letter of Understanding and create the APM (Audit
Planning Memorandum) accordingly.
A-1
DB 02/03
2
Gain a high-level understanding of Auditee’s EDI environment through
discussions with Auditee IT Management and prepare a detailed audit
program.
A-2
DB 02/03
3
Prepare detailed client assistance list and send it to Auditee.
A-3
DB 02/03
B
Management & Organization
Review EDI management documents for evidence of executive
commitment and sound business strategy
1
Review and comment on the EDI Business Plan
2
Determine level of participation in EDI industry groups
3
Review for evidence of long term proactive EDI business planning
Covered
4
Obtain evidence of cooperative project management and relationship
building with trading partners
Covered
5
Assess viability of EDI compliance program or control self assessment
program
Covered
Assure the system development lifecycle procedures require the testing
and review of new EDI technology controls
6
Assure contractual arrangements with trading partners and
software/network vendors are well documented and reviewed by legal
counsel.
C
Application Level Accuracy and Completeness
1
Translation Software
• Verify translation software is capable of performing required syntax
checking
• Review test base cases and testing procedures (run own tests if
required)
Need more
info
2
Acknowledgement Levels
• Review criteria for various levels of acknowledgement
• Verify they are agreed to by the trading partner(s)
Need more
info
3
Special Editing Rules for Positive or Negative Acknowledgement
• Verify effective documentation exists for special editing rules
critical to positive or negative acknowledgment.
• Verify special editing rules are tested.
Need more
info
4
Assess the adequacy of application input/edit controls.
Need more
info
5
Verify completeness