3.

AUDITING ELECTRONIC DATA INTERGRATION

EDI stands for Electronic Data Interchange. EDI is the exchange of structured data
in electronic form direct from one computer system to another. The data is
transferred electronically between two parties, usually a supplier and a customer
A.EDI STANDARDS
Who writes the standards? A number of EDI standards bodies exist, whose purpose
is to develop and maintain sets of EDI messages (in EDI terminology, an EDI
document is usually referred to as a message). The standards bodies we shall refer
to in this document are EDIFACT, ODETTE, EAN (and its members), VDA and
ANSI. Each of these bodies has developed its own set of EDI messages.
1. EDIFACT
EDIFACT (Electronic Data Interchange for Administration, Commerce
and Transport) is the body which develops the United Nations rules for
EDI. EDIFACT usually publishes a new set of EDI messages each year,
incorporating any new messages and amendments to existing messages,
and calls each of its yearly publications a Dictionary. Each dictionary is
named according to the year of its publication, whether it is a draft
version (D) or the definitive standard (S), and whether it is published in
the first (A) or second (B) half of the year. So, for example, the dictionary
named D96A is a draft standard published in the first half of 1996. Quite
often, only the draft version of a dictionary is issued, but EDIFACT
standards are so robust that they are as good as a standard version and,
indeed, are used as such by many companies.
2. ODETTE
ODETTE (Organisation for Data Exchange by Tele-Transmission in
Europe) is an organisation formed by and for the automotive industry.
Originally it developed its own distinct set of messages but now only
develops subsets of those EDIFACT messages used by the automotive
industry. A subset is a smaller version of a full EDI standard, usually
developed for a specific business sector.
3. EAN
EAN stands for European Article Numbering. The EAN association is an
international standards body with members in individual countries. The
members may develop their own EDI standards for use within their own
country. The Tradacoms standard for the UK retail trade was developed
in this way.
4. VDA
VDA stands for Verband der Automobilindustrie (i.e. association of the
automobile industry). The VDA is a standards body set up by the German
automotive industry that has developed its own set of EDI messages for
use in that industry. The VDA messages are not strictly EDI, because
they do not have all the usual characteristics of EDI messages, but they
are accepted as EDI messages by the UK automotive supply industry. A
beginner's guide to EDI 5 1
5. ANSI X12
ANSI stands for American National Standards Institute. ANSI X12 is an
American standard, whose EDI messages are called Transaction Sets.
This standard is rarely used in the UK.
 6. Company standards
Although the standards bodies above provide comprehensive standards
that can be used by any company of the sector they were written for, it is
often the case that individual companies adopt these standards but issue
their own "Message Implementation Guidelines". These Guidelines
usually state explicitly what information is to be contained within
messages exchanged between the individual company and its trading
partners. The result of this may be, for example, that a supplier who
trades with two different automotive manufacturers may be required to
send the same message type to both manufacturers, but that the
contents of those messages will differ according to which manufacturer
they are intended for.

B.BENEFITS OF EDI
•It’s fast – streamlined business processes mean that documents can be exchanged in
minutes
•It’s accurate – manual data entry errors are eliminated
•It’s secure – you receive confirmation that your documents have arrived safely
•It cuts costs – of printing, copying, filing, storage and postage, and of repetitive, labour
intensive tasks, administration and disputes caused by data entry errors
•It happens in real-time – informing and speeding up business decisions and response
times
•It’s great for business – you’re part of a connected trading community and can build
more productive relationships with suppliers and customers alike
•It’s great for cash flow – payment schedules are shorter and more reliable
•It’s flexible – you can integrate your EDI system with your back office accounts,
warehouse or ERP systems for more business efficiencies
•It’s liberating! – you’re free to concentrate on high value tasks, like customer service,
sales and marketing and product development.
•For smaller businesses, EDI is all about speed and efficiency. Replacing, slow, labour-
intensive, repetitive, paper-based processes with a fast, accurate electronic system
speeds up payments and means that entrepreneurs can redeploy precious resources
for more valuable, business-building activities.
•Free from the administrative burden, agile firms can focus on what they do best,
building long-term relationships with customers, developing new products and services
and opening up new markets. EDI is a real game-changer.
•Larger businesses with an EDI-enabled supply chain benefit from streamlined,
consistent and integrated business processes. Real-time information about individual
suppliers helps inform management decisions and builds strategic partnerships,
encouraging buyers and suppliers to collaborate with each other.
•Improved supplier management also contributes to the achievement of corporate
social responsibility, sustainability and ethical trading goals, while the business
efficiencies and economies of scale that EDI delivers also reduces carbon footprint and
boosts environmental credentials.

C.FINANCIAL EDI
 Financial EDI (FEDI) is the computer-to-computer exchange of payment and
payment-related information between companies using a standard format. Unlike other
forms of EDI, such as exchange of price quotes or purchase orders, financial EDI
always involves a bank because a financial transaction (a payment) is being effected.
Due to this fact, a new business opportunity now exists for banks in the cash
management industry.

D.EDI CONTROLS
Transaction Authorization and Validation-Both the customer and the supplier
must establish that the transaction being processed is to (or from) a valid trading
partner and is authorized. This can be accomplished at three points in the
process.

Some VANs (Value Added Networks) have the capability of validating

passwords and user ID codes for the vendor by matching these against a valid
customer file. The VAN rejects any unauthorized trading partner transactions
before they reach the vendor’s system.

4.AUDITING PC-BASED ACCOUNTING SYSTEMS

A. PC SYSTEMS RISK AND CONTROLS
1.Segregation of Duties
PC systems tend to have inadequate segregation of duties. A single employee
may be responsible for entering all transaction data, including sales orders, cash
receipts, invoices, and disbursements. In a manual system, this degree of
authority would be similar to assigning accounts receivable, accounts
payable,cash receipts, and cash disbursements responsibilities to the same
person. The exposure is compounded when the individual is also responsible for
programming or tailoring the application he or she runs. Often little can be done
in small companies to avoid such conflicts of duties. Controlling the PC
environment requires a high degree of supervision, adequate management
reports (such as detailed listings of all transactions), and frequent independent
verification. For example, the supervisor should reconcile daily transaction
details with the affected subsidiary and control accounts.

2.Access Control
PC systems generally provide inadequate control over access to data files.
Although some applications achieve modest security through password control
to files, accessing data files directly via the operating system can often
circumvent this control. Solutions for dealing with the problem include data
encryption, disk locks, and physical security devices.

3.Accounting Records
Data losses that threaten accounting records and audit trails plague the PC
environment. Computer disk failure is the primary cause of data loss. When this
happens, recovery of data stored on the disk may be impossible. Formal
procedures for creating backup copies of data files and programs can reduce
this threat considerably. In the mainframe environment, backup is provided
automatically. Backup of PC data files relies on a conscious action by the users,
who too often fail to appreciate its importance.
 5.AUDITINF DATABASE SYSTEMS
1.DATABASE MANAGEMENT APPROACHES
A.FLAT FILE APPROACHES
A flat file database is a database that stores data in a plain text file. Each line of
the text file holds one record, with fields separated by delimiters, such as
commas or tabs. While it uses a simple structure, a flat file database cannot
contain multiple tables like a relational database can. Fortunately, most
database programs such as Microsoft Access and FileMaker Pro can import flat
file databases and use them in a larger relational database.
Flat file is also a type of computer file system that stores all data in a single
directory. There are no folders or paths used organize the data. While this is a
simple way to store files, a flat file system becomes increasingly inefficient as
more data is added. The original Macintos computer used this kind of file
system, creatively called the Macintosh File System (MFS). However, it was
soon replaced by the more efficient Hierarchical File System (HFS) that was
based on a directory structure.

B.DATABASE APPROACHES
• Through the database approach, we have data independence, that is, a separation of
the database and the applications that use it.
• The database approach represents a much more fundamental change than
‘computerising’ manual systems.
• The database approach provides many advantages, such as, increased data
shareability, data integrity, speed of developing applications, easing the access of data,
reducing program maintenance, improving standards as well as supporting
management in its decision-making role.
• Developing a database, which accurately reflects the organization it is meant to
represent, is complex and it is necessary to follow an appropriate methodological
framework.
• The modelling process, in particular, is complex, long term, costly and risky. One
approach is to implement the database through a series of modelling steps, from
coarse-grained to finegrained.