Certified Information Systems Auditor (CISA) — Question 1020

An organization requires any travel and entertainment expenses over $10,000 to be approved by senior management. Which of the following is the MOST effective way to mitigate the risk that employees will split invoices to avoid the approval process?

Answer options

• A. Develop computer-assisted audit techniques (CAATs) to check the full year's transactions.
• B. Adopt a zero-tolerance policy that requires termination of employees who submitted fraudulent claims.
• C. Establish a whistle-blowing policy that allows employees to report suspicious activity anonymously.
• D. Review alerts generated from continuous auditing scripts for suspicious claims submitted.

Correct answer: A

Explanation

The correct answer, A, is effective as it ensures comprehensive oversight of all transactions, allowing for the detection of patterns that may suggest invoice splitting. Options B and C focus on punitive measures or reporting mechanisms, which do not prevent the initial act of splitting invoices. Option D, while helpful, may not be as thorough as a full year's analysis provided by CAATs.