QUESTION: 217

Which is the least effective form of risk management?

Systems-based preventive control.
People-based preventive control.
Systems-based detective control.
People-based detective control.

Answer(s): D

Show Answer Next Question

QUESTION: 218

Which of the following describes a control weakness?

Purchasing procedures are well designed and are followed unless otherwise directed by the purchasing supervisor.
Prenumbered blank purchase orders are secured within the purchasing department.
Normal operational purchases fall in the range from $500 to $1, 000 with two signatures required for purchases over $1, 000.
The purchasing agent invests in a publicly traded mutual fund that lists the stock of one of the company's suppliers in its portfolio.

Answer(s): A

Show Answer Next Question

An internal auditor is reviewing a new automated human resources system. The system contains a table of pay rates which are matched to the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes would be to

Limit access to the data table to management and line supervisors who have the authority to determine pay rates.
Require a supervisor in the department, who does not have the ability to change the table, to compare the changes to a signed management authorization.
Ensure that adequate edit and reasonableness checks are built into the automated system.
Require that all pay changes be signed by the employee to verify that the change goes to a bona fide employee.

Answer(s): B

Show Answer Next Question