Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 94

A manager who is authorized to make purchases up to a certain dollar amount approves the set-up of a fictitious vendor and subsequently initiates purchase orders.

Which of the following controls would best address this risk?

Answer options

• A. Establish separate vendor creation and approval teams.
• B. Develop and distribute a code of conduct that prohibits conflicts of interest.
• C. Perform a regular review of the vendor master file.
• D. Require submission of a conflict-of-interest declaration.

Correct answer: B

Explanation

The correct answer is B, as implementing a code of conduct that specifically prohibits conflicts of interest directly addresses the ethical concerns that arise from a manager being able to create fictitious vendors. The other options, while helpful in promoting oversight and accountability, do not directly tackle the ethical issue of the manager's potential conflict of interest.