Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 109

An internal auditor tested whether purchase orders were supported by appropriately approved purchase requisitions. She sampled a population of purchase documents and identified instances where purchase requisitions were missing. However, she did not notice that in some cases purchase requisitions were approved by an unauthorized person. Which of the following risks most appropriately describes this situation?

Answer options

• A. Nonsampling risk.
• B. Sampling risk.
• C. Inherent risk.
• D. Due diligence risk.

Correct answer: A

Explanation

The correct answer is A, Nonsampling risk, as it pertains to the auditor's failure to detect unauthorized approvals despite examining purchase documents. Sampling risk (B) relates to the potential errors from the sample size or selection method rather than oversight in evaluating approvals. Inherent risk (C) is the risk of a material misstatement occurring before considering internal controls, while due diligence risk (D) involves the risk associated with inadequate investigation or analysis of a situation, which does not apply here.