Certified Information Systems Auditor (CISA) — Question 1096

Which of the following observations should be of GREATEST concern to an IS auditor assessing access controls for the accounts payable module of a finance system?

Answer options

• A. Payment files are stored on a shared drive in a writable format prior to processing.
• B. Accounts payable staff have access to update vendor bank account details.
• C. The IS auditor was granted access to create purchase orders.
• D. Configured delegation limits do not align to the organization's delegations policy.

Correct answer: B

Explanation

Option B is the most concerning because allowing accounts payable staff to update vendor bank account details creates a risk of fraud or unauthorized changes. While option A presents a risk regarding file security, it does not directly compromise access control like option B. Options C and D, while notable, do not pose as immediate a risk to the integrity of financial transactions as the ability to change vendor banking information.