Sangjae Lee

Fuzzy cognitive map for the design of EDI controls

Abstract EDI control design is ill-structured and demands consideration of the complex causal relationships among various components of the controls, which may be broadly classified into formal, informal, and automated types. Each of these can, in turn, be categorized as internal or external. However, it is difficult even for EDI experts to predict the causal effects of one control on another. In order to aid the design of EDI controls, the application of a fuzzy cognitive map, EDIFCM (EDI-Control Design using a Fuzzy Cognitive Map), was developed. Structural equation modeling was used to identify relevant relationships among the components and indicate their direction and strength. A standardized causal coefficient from structural equation modeling was then used to create a fuzzy cognitive map, through which the state or movement of one control component was shown to have an influence on the state or movement of others. Thus, EDI auditors were able to enhance their understanding of the causal relationship of controls and effectively design them.

Security threats to internet: a Korean multi-industry investigation

Abstract In recent years, a number of security problems with the Internet became apparent. New and current Internet users need to be aware of the likelihood of security incidents and the steps they should take to secure their sites. Before designing a secure system, it is advisable to identify the specific threats against which protection is required. The threats may be classified into interruption, interception, modification, and fabrication. The extents of these threats are examined across four industries in Korea — manufacturing, banking/financial, research institution/university, and distribution/service. Banking/financial firms generally perceive the four categories of threats more seriously than other industries. The companies in the manufacturing industry consider interruption to be the most serious. Research institutions/universities and distribution/service companies regard modification and interruption as critical threats. The appropriate security technique is recommended for each threat.

The impact of organizational contexts on EDI controls

Abstract The growing popularity of electronic data interchange (EDI) in business operations has led to a growing recognition of the need to implement proper control procedures. The requirements for control systems vary according to organizational context. A research model proposes that the organization, technological, and task characteristics as well as partner attributes affect formal, informal, and automated controls, each of which can be categorized as internal and external controls. Data were gathered from 110 companies that had adopted EDI. IS sophistication and task routineness were significantly associated with the use of formal and automated — both internal and external — controls. Decentralization and partner trust affected the use of internal and external informal controls. The results of this study could help EDI managers or auditors decide the necessary mode of controls for a certain organizational context. In addition, this study would be of interest to EDI practitioners in designing control systems.

The design of EDI controls using case‐based reasoning: EDICBR

This paper gives a description of EDICBR (EDI Controls design using Case-Based Reasoning), a case-based reasoning model for generating recommendations of EDI controls. The case base of EDICBR is composed of slots that include environmental and EDI controls. This system makes it possible to propose the EDI controls most needed in certain organizational contexts. This is performed by the following two steps. First, it suggests that the most probable level of controls from the cases be retrieved. Second, it determines the required controls that have the highest performance among the retrieved cases. EDICBR uses past cases to remind EDI auditors of similar cases and provides control recommendations. As a method to evaluate the effectiveness of EDICBR, the predictive power of the system is compared with that of multivariate discriminant analysis (MDA). The results show that the case-based reasoner outperforms MDA in predictive accuracy.

EDI controls design support system using relational database system

Abstract The purpose of this paper is to introduce EDIRDB (EDI controls design support system using a relational database system), a prototype audit support system based on a relational database designed to act as a decision aid for EDI auditors. This paper describes how EDIRDB operates; explicates the manner in which a relational database is utilized to support the design of EDI controls; suggests relevant risks resulting from the absence of some controls; and suggests test results. The system recommends effective controls and shows relevant risks in a specific organizational context, suggesting test procedures for that particular company. The EDIRDB database consists of nine tables: (1) four tables from the entities ENVIRONMENTS, CONTROLS, RISKS, and TESTS, and (2) five tables corresponding to the relations between each of the four entities. An E–R (Entity–Relationship) diagram along with a data flow diagram are drawn to show the systems design. Relevant controls, risks, and test procedures along with their results can be stored for each individual company. Managers can suggest required controls, relevant risks, and test procedures from results coming through cross referencing (e.g., JOIN, PROJECTION, and SELECT commands) between the nine base tables. This system improves the efficiency and effectiveness of EDI auditing and may also be applied to general IS auditing.

Effects of organizational characteristics on EDI implementation in Korea

Electronic data interchange (EDI) has been increasingly adopted in Korean industries to facilitate their online transactions with customers and suppliers. We investigate organizational factors affecting successful implementation of EDI in current Korean industries. Regression models are developed and tested using survey results from 110 Korean companies that have been using EDI.

The causal relationships among EDI controls: a structural equation model

Advances in EDI (Electronic Data Interchange) demand appropriate controls in order to realize the potential benefits from it. Formal, informal, and automated controls are basic parts of EDI controls. The state of one of three controls is suggested to affect performance indirectly through their effect on another controls in the research model. The causal relationships are tested using structural equation modeling approach with LISREL. Informal controls turn out to play an important role in the causal relationships, as they significantly affect formal and automated controls to have indirect effect on performance. The results of the study indicate that the interrelationships among controls are closely related to system performance.