Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 257

A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:

Answer options

• A. Adequate segregation of duties between data processing controls and file security controls.
• B. Documented procedures for remote job entry and for local data file retention.
• C. Emergency and disaster recovery procedures and maintenance agreements in place to ensure continuity of operations.
• D. Established procedures to prevent and detect unauthorized changes to data files.

Correct answer: B

Explanation

The correct answer is B because documented procedures for remote job entry and local data file retention may not be a primary focus in a centralized technology department dealing with accounting information. The other options (A, C, and D) describe essential controls that ensure data integrity, security, and operational resilience, which are critical for a centralized processing environment.