What additional or meaningful responses do you have on the paragraphs below regarding new opportunities e-commerce solutions like EDI present for internal and external perpetrators trying to defraud companies? See paragraphs below and provide an in-depth or detailed explanation.

Electronic Data Interchange (EDI) provides an efficient and effective way for customers to place orders as well as receive and pay invoices. However, there are also risks with implementing EDI.There is a greater risk that an employee with the right access could create false transactions and generate fraudulent payments from customers.There is also a risk of outside parties breaking into the system. There are two types of controls necessary for EDI:"1)network controls (inter-firm controls) and 2) member's internal controls (intra-firm controls). Inter-firm controls start with establishing a "network administrator," which could be a third party, to assist with establishing agreed upon network rules and enforcing them.In addition to administrative and technical items, the rules must include ethical elements as well, such as accessing competitor information.There should be set consequences for breaking these rules that should be consistently enforced. The administrator should provide unique access codes to users to monitor use.There should be system controls that only allow a certain number of attempts to access the system before contacting the administrator is required.The article recommends that once access is gained the system should disconnect and reconnect to the user's known system to prevent unauthorized intrusion.Of course, there should be an audit trail of all activity on the system.

Intra-firm controls should also be put in place per the article for each member of the system which are the same as the controls discussed in our text.The main controls necessary are separation of duties - restricting system access based on the job performed is important (access controls). Separating "authorization, execution and data processing" duties is required. Authorization - access to the system should be closely monitored, and there should be strict rules about protecting passwords and changing them often. Documentation - a record of every transaction and the related details about who created the transaction and when it was created is required. If employees know good records are being kept this can be a major fraud deterrent. Physical Control - this is not mentioned in the article, but in 1989 users were not as tech savvy and laptops and other portable devices where not as widely available as they are today. It is important that hardware is protected to help prevent the creation of unauthorized transactions. Independent review - audits should be performed as a preventative measure as well as to identify if fraud exists.