An appropriate control for ensuring the authenticity of orders received in an EDI application is to:

A.
acknowledge receipt of electronic orders with a confirmation message.

B.
perform reasonableness checks on quantities ordered before filling orders.

C.
verify the identity of senders and determine if orders correspond to contract terms.

D.
encrypt electronic orders.

Explanation:
An electronic data interchange (EDI) system is subject not only to the usual risk exposures of
computer systems but also to those arising from the potential ineffectiveness of controls on the part
of the trading partner and the third-party service provider, making authentication of users and
messages a major security concern. Acknowledging the receipt of electronic orders with a
confirming message is good practice but will not authenticate orders from customers. Performing
reasonableness checkson quantities ordered before placing orders is a control for ensuring the

correctness of the company’s orders, not the authenticity of its customers’ orders. Encrypting
sensitive messages is an appropriate step but does not apply to messages received.