ExamGecko
Search Search Login
Home Home / IIA / IIA-CIA-Part1
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A new chief audit executive wants to develop a formal internal control framework for her organization. She uses globally accepted frameworks as a guide. Which of the following would she likely find critical in creating the new framework for her organization?
Which of the following offers the feast evidence that the internal audit activity has achieved organizational independence?
An engagement supervisor notes that an internal auditor usually documents and submits draft audit reports for review without giving the process owners the opportunity to state their position on the issues raised. How should the engagement supervisor respond?
Which of the following situations is most likely to threaten the independence of the internal audit activity?
Which of the following actions by an organization's board would potentially impair the internal audit activity's independence?
Which of the following actions does a competency assessment tool help the chief audit executive perform?
Which of the following is the internal audit activity expected to do with respect to the organization's governance processes?
Which of the following best demonstrates conformance with the Standards relating to continuing professional development of internal auditors?
Which of the following statements is true regarding risk management frameworks?
How can an Internal audit activity contribute to Its organization's risk assessment process?

Question 672 - IIA-CIA-Part1 discussion

Report
Export

During an assurance engagement, an internal auditor identified that a developer of the organization's enterprise resource planning (ERP) system had intentionally modified the production code to commit a fraudulent transaction. Which control activity should be implemented to prevent such issues in the future?

A.

Segregate duties between code development and migrating changes into production.

Answers
A.

Segregate duties between code development and migrating changes into production.

B.

Conduct fraud training for the IT team responsible for the ERP system.

Answers
B.

Conduct fraud training for the IT team responsible for the ERP system.

C.

Penalize the developer who committed the fraud by terminating employment.

Answers
C.

Penalize the developer who committed the fraud by terminating employment.

D.

Restrict developers' access to the ERP system's test environment.

Answers
D.

Restrict developers' access to the ERP system's test environment.

Suggested answer: A

Explanation:

Segregating duties between code development and migrating changes into production is a critical control to prevent fraudulent activities by developers. This control ensures that no single individual has the ability to develop code and deploy it to the production environment without oversight. Key benefits include:

Reducing the risk of unauthorized or malicious code changes.

Ensuring that changes are reviewed and tested by a different team before deployment.

Increasing accountability and transparency in the software development lifecycle.

By implementing this control, organizations can prevent developers from committing fraud or making unapproved changes to the ERP system, thereby protecting the integrity and security of the system.

The Institute of Internal Auditors (IIA) Standards and Practice Advisories.

COBIT (Control Objectives for Information and Related Technologies) framework.

'Internal Auditing: Assurance & Advisory Services' by IIA, Chapter on IT General Controls and Segregation of Duties.

Show Answer
asked 03/11/2024
claudine Nguepnang
42 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms