Here is the practice question for the CISA exam 2007. The question deals with authentication techniques.

Q). An IS auditor who has discovered unauthorized transactions during a review of EDI transactions is likely to recommend improving the:

A. EDI trading partner agreements.
B. physical controls for terminals.
C. authentication techniques for sending and receiving messages.
D. program change control procedures.

Answer: The correct answer is "C". Electronic data interchange is a service which provides communications for business transactions. ANSI standard X.12 defines the data format for EDI. When an auditor is faced with unauthorized transactions, the most key aspect is to identify how the unauthorized transactions occured. Going to the source of the transactions is essential. The authentication techniques used for sending and receiving the EDI messages are the first things that need to be improved. All the other answers are not as close as the best option which is "C".

Related Posts

Quantitative Risk Analysis
Statistical Sampling
Retention Date for Files
Disaster Recovery Hot Site