Certified Internal Auditor (CIA) Part 2: Practice of Internal Auditing — Question 285

Which of the following controls in a computerized consumer loan system of a major bank would be the least effective in detecting a fraudulent loan?

Answer options

• A. All log-in accounts become inaccessible after three incorrect password attempts.
• B. Loan approvals over a pre-determined limit must have management approval.
• C. Customer information is matched to payment data prior to funds disbursement.
• D. System controls prevent supervisors from delegating their approval authority during vacation periods.

Correct answer: A

Explanation

Option A is the least effective because it only restricts access after incorrect login attempts and does not directly address fraudulent loan activities. The other options implement checks and balances that more directly target the approval and monitoring processes associated with loan disbursement and management oversight.