(c) The requirement is to identify what an auditor
would ordinarily consider the greatest risk regarding an entity’s
use of electronic data interchange (EDI). Answer (c) is correct
because an EDI system must include controls to make certain
that EDI transactions are processed by the proper entity, using
the proper accounts. Answers (a) and (b) are incorrect because
authorization of EDI transactions and duplication of EDI transmissions
ordinarily pose no greater risk than for other systems.
Answer (d) is incorrect because the elimination of paper documents
in and of itself does not propose a great risk.