Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 12

An organization's policies allow buyers to authorize expenditures up to $50,000 without any other approval. Which of the following audit procedures would be most effective in determining if fraud in the form of payments to fictitious companies has occurred?

Answer options

• A. Use generalized audit software to list all purchases over $50,000 to determine whether they were properly approved.
• B. Develop a snapshot technique to trace all transactions by suspected buyers.
• C. Use generalized audit software to take a random sample of all expenditures under $50,000 to determine whether they were properly approved.
• D. Use generalized audit software to select a sample of paid invoices to new vendors and examine evidence that shows that services or goods were received.

Correct answer: D

Explanation

Option D is the most effective because it directly examines transactions with new vendors, which are more likely to involve fictitious companies. Options A and C do not focus on the critical threshold of $50,000 or the risk of fictitious vendors, while option B may not specifically target the fraudulent activity associated with new vendors.