An auditor is reviewing the 'User Access Review' control. The policy states reviews happen quarterly. The auditor finds that for Q2, the review was signed off by the same person who has administrative rights to grant access. What is the risk?

Identify the conflict of interest.

What mistakes do candidates make on this CPA question?

Focusing on the result rather than the control design flaw.

Q01A service organization provides a cloud-based payroll platform where clients access the software ...Medium

Q02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...Hard

Q03During a walkthrough of the change management process, an auditor observes that developers have w...Medium

Q04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...Hard

Q05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium