A company is implementing an ERP system. Which of the following represents a 'Segregation of Duties' conflict that should be flagged during the design phase?

Answer options:

A user can create a purchase requisition and view vendor master data.

A user can create a vendor and authorize payments to that vendor.

A user can receive goods and update inventory counts.

A user can approve purchase orders and review the monthly budget.

How to approach this question

Look for a combination that allows someone to commit and conceal fraud (Asset Custody + Authorization + Record Keeping).

Full Answer

B.A user can create a vendor and authorize payments to that vendor.✓ Correct

A user can create a vendor and authorize payments to that vendor.

Allowing the same person to maintain the vendor master file (create vendor) and authorize payments creates a high risk of fraud, as they could create a fictitious vendor and pay them.

Common mistakes

Thinking that 'viewing' data creates a conflict.

Question 10 All questions Question 12

Practice the full CPA ISC Practice Exam 5

82 questions · hints · full answers · grading

More questions from this exam

Q01A service organization provides a cloud-based payroll processing application to its user entities...Medium Q02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...Hard Q03A financial institution requires a cloud deployment model that offers the highest level of contro...Medium Q04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...Medium Q05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy

View all 82 questions →