Certified Information Systems Auditor (CISA) — Question 218

During a vendor management database audit, an IS auditor identifies multiple instances of duplicate vendor records. In order to prevent recurrence of the same issue, which of the following is the IS auditor's BEST recommendation to management?

Answer options

• A. Run system reports of full vendor listings periodically to identify duplication
• B. Perform system verification checks for unique data values on key fields
• C. Request senior management approval of all new vendor details.
• D. Build a segregation of duties control into the vendor creation process.

Correct answer: B

Explanation

The best recommendation is to perform system verification checks for unique data values on key fields, as this directly addresses the root cause of duplication by ensuring that each vendor record is unique at the point of entry. Running reports (Option A) may help spot issues after they occur, but does not prevent them. Requesting approvals (Option C) does not eliminate the possibility of duplicates, and building segregation of duties controls (Option D) is more about process integrity than data uniqueness.