ZuoTi.Pro
Question

In many organizations, responsibility for testing Segregation of Duties is relegated to the IT auditor. The reasoning be...

In many organizations, responsibility for testing Segregation of Duties is relegated to the IT auditor. The reasoning behind this assignment correlates SOD controls to logical system access.

-If you were an IT Auditor in an organization, what type of business risks would you consider? (3 examples)

-What type of control mechanisms would you put in place for more efficient audit procedures.

Explain its relevance from every perspective.

business   accounting   
0 0
Add a comment Improve this question Transcribed image text
Next > < Previous
Sort answers by oldest

Homework Answers

Answer #1

Segregation of Duties (SOD) is an important aspect for a companies Risk assessment mechanism. There are many business processes and every business processes will have SOD risk associated with the way the activities are conducted. A simple SOD risk can be a separation of Vendor invoice processing function from payment processing function. Because if a person processing an invoice is also making payment then he can process a fake invoice and make payment for himself and there is a risk of fraud here which is called SOD risk. Now let us understand how the SOD risk is associated in IT systems. The processing of Invoice and payment processing happens in system. What can be done in system is the person having access to process invoice should not have system access to make payment process for the same Invoice. The payment processing access should be with some one else who will not have access to process invoice. The second SOD risk is the person who has access to pass cash disbursement entries in books should not have access to disburse amount from bank accounts. If he has both the accesses then there is high risk of cash stealing. The third SOD risk is the person ordering material should not be responsible to receipt the goods after verifying whether all the goods are in correct quantity and quality. It may happen that though there was less quantity is received the person may pass inventory receipt for full quantity and rest of it he may take away when received. So there should be an independent person responsible to verify and receipt goods in the system.

The effective control procedure as an IT auditor that I would put is record an audit trail of who did what activities in the system and for sample transactions i would test whether there is no SOD risk based on the transactions performed.

The main control i would implement is at the time of assigning access rights, I would ensure that access right library be created in system which will include the conflict of accesses. Like Payment processing access should conflict with invoice processing access. This conflicts are set in the system and when assigning the system prevents it to be assigned to the same person.

0 0
Add a comment
Know the answer?
Add Answer to:
In many organizations, responsibility for testing Segregation of Duties is relegated to the IT auditor. The reasoning be...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions

  • Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee

    1. Which of the following matters would an auditor most likely consider to be a significant deficiency to be communicated to the audit committee? A. Management's failure to renegotiate unfavorable long-term purchase commitments.B. Recurring operating losses that may indicate going concern problems.C. Evidence of a lack of objectivity by those responsible for accounting decisions.D. Management's current plans to reduce its ownership equity in the entity. 2. After obtaining an understanding of internal control and arriving at a preliminary assessed level...

  • 1. You have performed a review engagement for XYZ Limited. The level of assurance to be...

    1. You have performed a review engagement for XYZ Limited. The level of assurance to be expressed in your report is: a) Reasonable b) Low c) Limited d) None 2. Consider the following characteristics of business: i. Inadequate segregation of duties ii. General lack of mitigating (compensating) controls iii. More reliance on test of controls iv. More reliance on substantive procedures From an audit perspective, a small business would generally exhibit: a) I and iv only b) i and ii...

  • 18-26 (Objectives 18-3, 18-4) In testing cash disbursements for the Jay Klein Company, you obtained an...

    18-26 (Objectives 18-3, 18-4) In testing cash disbursements for the Jay Klein Company, you obtained an understanding of internal control. The controls are reasonably good, and no unusual audit problems arose in previous years. Although there are not many individuals in the accounting department, there is a reasonable separation of duties in the organization. There is a separate purchasing agent who is responsible for ordering goods and a separate receiving department that counts the goods when they are received and...

  • 18-26 (Objectives 18-3, 18-4) In testing cash disbursements for the Jay Klein Company, you obtained an...

    18-26 (Objectives 18-3, 18-4) In testing cash disbursements for the Jay Klein Company, you obtained an understanding of internal control. The controls are reasonably good, and no unusual audit problems arose in previous years. Although there are not many individuals in the accounting department, there is a reasonable separation of duties in the organization. There is a separate purchasing agent who is responsible for ordering goods and a separate receiving department that counts the goods when they are received and...

  • 11.30 SUBSTANTIVE TESTING OF SALES COLO2 James is seeking your advice on the selection of substantive...

    11.30 SUBSTANTIVE TESTING OF SALES COLO2 James is seeking your advice on the selection of substantive procedures for the audit of his client, Rock Ltd. Rock Ltd is a specialist outdoor clothing and equipment retailer and has experienced reasonable growth over the past three years, although this growth has come substantially from the clothing section. Sales of camping and climbing equipment are down significantly so far this year in all stores except Melbourne. Early results from audit testing show that...

  • can contain vi XPIRED Most of the features of Word have been disabled. Reactivate exceeding benefits is premised on the concept of absolute assurance. d. 29). A voucher system is a series of p...

    can contain vi XPIRED Most of the features of Word have been disabled. Reactivate exceeding benefits is premised on the concept of absolute assurance. d. 29). A voucher system is a series of prescribed control procedures a. to check the credit worthiness of customers. b. designed to assure that disbursements by check are proper. c. which eliminates the need for a sales journal d. specifically designed for small firms who may not have checking accounts. 30). Under a voucher system,...

  • The discussion: 150 -200 words. Auditing We know that computer security audits are important in business....

    The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...

  • Background It was almost noon when Diego Vilas and Miguel Sema landed at the airport in...

    Background It was almost noon when Diego Vilas and Miguel Sema landed at the airport in Lima, Peru. The two auditors cleared customs and met the company controller of EasyMoney Inc., a large multi-national corporation. The controller drove them to the headquarters in the beautiful neighborhood of San Isidro. In the past, the Peruvian subsidiary received its internal auditing services from its Chilean affiliate. Starting with this trip, these services will be provided from auditors based in Argentina. After several...

  • Review the Audit report (found in the 10-K) for the following two companies. Highlight or summarize...

    Review the Audit report (found in the 10-K) for the following two companies. Highlight or summarize differences between the reports (other than the name of Company, Audit Firm, Financial statement period covered). Note: 1. Each Company may have two audit reports (one opinion on financial statements and one for audit of internal controls) or the two opinions may be combined into one report. 2. You are not required to review the entire 10-K. Find the audit report in the 10-K...

  • Explain what enterprise resource planning (ERP) systems. Outline several of their key characteristics. Describe in reasonable...

    Explain what enterprise resource planning (ERP) systems. Outline several of their key characteristics. Describe in reasonable detail how a company leverages an ERP system and how its operations are improved after installing an ERP system like SAP. Explain how a supply chain management system helps an organization make its operations more efficient What is Upstream and Downstream management of the supply chain? Explain the concept of “Supply Network”, its benefits, and how technology made this concept available Explain the difference...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT