ExpertHard1 markMultiple Choice
CPA · Question 05 · Area I: Information Systems
During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can both authorize credit limits for new customers and approve sales orders exceeding those limits. The documented process flow states these functions should be separated. Which type of deficiency has the auditor identified?
During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can both authorize credit limits for new customers and approve sales orders exceeding those limits. The documented process flow states these functions should be separated. Which type of deficiency has the auditor identified?
Answer options:
A.
Operating effectiveness deficiency
B.
Design deficiency in segregation of duties
C.
Data integrity deficiency
D.
Availability deficiency
How to approach this question
Identify the control objective (Segregation of Duties). If the system *allows* it, the design of the access control is flawed.
Full Answer
B.Design deficiency in segregation of duties✓ Correct
Design deficiency in segregation of duties
A design deficiency exists when a control is missing or is not designed properly to prevent or detect errors. Here, the system roles were designed/configured to allow one person to perform incompatible functions.
Common mistakes
Confusing design deficiency (the control setup is wrong) with operating deficiency (the setup is right, but the person ignored it). If the system *allows* it, the design is usually at fault.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ06An auditor is reviewing the backup strategy for a financial transaction system with a Recovery Po...Hard