Electronic Data Interchange (EDI) is the inter-change of business documents between organisations in a structured, machine-retrievable data format, allowing data to be transferred, without re-keying, from an application in one location to an application in another location (Hansen and Hill, 1989). Security and controls are important in EDI because its widespread use as a business tool has not only changed the way business is conducted, but also introduced potential new risks which need to be addressed. In particular, cross-vulnerabilities which exist between inter-dependent trading partners in an EDI network put companies at risk due to the "domino effect" of one partner's errors or security failures compromising the integrity of other partners' systems (Marcella and Chan, 1993; Chan et al, 1991; ICAEW, 1992). Furthermore, the automation with which transactions are processed at high volume and speed has led to reduced opportunities to spot problems using human intuition (ICAEW, 1992). To explore organisational attitudes towards EDI risks and the importance of control issues, research was conducted on EDI-using organisations in Australia using a survey and case study approach. The primary aim of the survey is to obtain organisational perceptions on EDI risks, the importance of EDI controls, and the risks and controls considered important in EDI. The case study gives an in-depth perspective on the strategic and management issues considered by a major EDI-using organisation to achieve a successful EDI implementation