Certified Information Systems Auditor (CISA) — Question 968

A financial institution suspects that a manager has been crediting customer accounts without authorization. Which of the following is the MOST effective method to validate this concern?

Answer options

• A. Variable sampling
• B. Discovery sampling
• C. Stop-or-go sampling
• D. Haphazard sampling

Correct answer: B

Explanation

Discovery sampling is the most effective method because it specifically targets the potential unauthorized transactions that are suspected. The other methods, such as variable sampling and haphazard sampling, do not focus directly on identifying specific instances of misconduct, making them less effective for this situation.