An organization’s internal auditor discovers that large sums of money have recently been paid to a vendor that management does not recognize. The IT security department is asked to investigate the organizations the organization’s ERP system to determine how the accounts payable module has been used to make these vendor payments.
The IT security department finds the following security configuration for the accounts payable module:
+New Vendor Entry – Required Role: Accounts Payable Clerk
+New Vendor Approval – Required Role: Accounts Payable Clerk
+Vendor Payment Entry – Required Role: Accounts Payable Clerk
+Vendor Payment Approval – Required Role: Accounts Payable Manager
Which of the following changes to the security configuration of the accounts payable module would BEST
mitigate the risk?
A)
B)
C)
D)
A.
Option A
B.
Option B
C.
Option C
D.
Option D
Where on the syllabus is ERP system mentioned? I can’t find it.
1
0
Doesn’t matter for the question, the point is to make sure the manager approves the addition of new vendors and of payments. With the clerk or manager performing too many of the related duties there is more potential for him/her to be making sketchy payments.
1
0
It is a matter of role segregation. The “Accounts Payable Clerk” was given access to the whole payment process from cradle to grave which is never a very good idea. Roles have to be separated
0
0