Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 283

An internal auditor is reviewing a new automated human resources system. The system contains a table of pay rates which are matched to the employee job classifications. The best control to ensure that the table is updated correctly for only valid pay changes would be to:

Answer options

• A. Limit access to the data table to management and line supervisors who have the authority to determine pay rates.
• B. Require a supervisor in the department, who does not have the ability to change the table, to compare the changes to a signed management authorization.
• C. Ensure that adequate edit and reasonableness checks are built into the automated system.
• D. Require that all pay changes be signed by the employee to verify that the change goes to a bona fide employee.

Correct answer: B

Explanation

Option B is correct because having an independent supervisor verify changes against management authorization adds an extra layer of oversight that helps prevent unauthorized updates. Option A limits access but does not ensure verification of changes, while Option C focuses on system functionality rather than oversight. Option D, while ensuring employee verification, does not address the need for managerial authorization.