Certified Information Systems Auditor (CISA) — Question 834

An IS auditor is planning an audit of an organization's accounts payable processes. Which of the following controls is MOST important to assess in the audit?

Answer options

• A. Segregation of duties between issuing purchase orders and making payments
• B. Management review and approval of purchase orders
• C. Management review and approval of authorization tiers
• D. Segregation of duties between receiving invoices and setting authorization limits

Correct answer: A

Explanation

The segregation of duties between issuing purchase orders and making payments is critical to prevent fraud and errors in the accounts payable process. If these duties are not separated, it may lead to unauthorized payments. The other options, while important, do not directly address the critical control of preventing a single individual from having control over both purchasing and payment functions.