Certified in Risk and Information Systems Control (CRISC) — Question 214

The design of procedures to prevent fraudulent transactions within an enterprise resource planning (ERP) system should be based on:

Answer options

• A. benchmarking criteria.
• B. stakeholder risk tolerance.
• C. the control environment.
• D. suppliers used by the organization.

Correct answer: C

Explanation

The correct answer is C, as the control environment establishes the foundation for risk management and internal controls within an ERP system, ensuring that procedures are effectively designed to mitigate fraud. Options A and B focus on external factors that may not directly influence the internal controls, while D relates to external suppliers, which do not inherently dictate the design of internal fraud prevention procedures.