ExpertHard1 markMultiple Choice
CPA · Question 11 · Area I: Information Systems
A company is implementing an ERP system. Which of the following represents a 'Segregation of Duties' conflict that should be flagged during the design phase?
A company is implementing an ERP system. Which of the following represents a 'Segregation of Duties' conflict that should be flagged during the design phase?
Answer options:
A.
A user can create a purchase requisition and view vendor master data.
B.
A user can create a vendor and authorize payments to that vendor.
C.
A user can receive goods and update inventory counts.
D.
A user can approve purchase orders and review the monthly budget.
How to approach this question
Look for a combination that allows someone to commit and conceal fraud (Asset Custody + Authorization + Record Keeping).
Full Answer
B.A user can create a vendor and authorize payments to that vendor.✓ Correct
Allowing the same person to maintain the vendor master file (create vendor) and authorize payments creates a high risk of fraud, as they could create a fictitious vendor and pay them.
Common mistakes
Thinking that 'viewing' data creates a conflict.
Practice the full CPA ISC Practice Exam 5
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...HardQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy