The best way to control updates to the vendor master file in an accounts payable system is by comparing updates against proper authorization. This ensures that only authorized changes are made, and it helps prevent fraudulent activity or unauthorized modifications.
D. Comparing updates against authorization
This approach offers the most robust control over vendor master file updates. By requiring authorization before changes are implemented, it helps prevent unauthorized modifications and ensures proper oversight. This is a key aspect of maintaining data integrity and reducing the risk of errors or fraud.
While pre-numbered forms (Option A) provide a valuable paper trail, they don't guarantee authorized changes on their own. The authorization process (Option D) acts as a stronger safeguard.
A is a preventive control, whilst D is detective. It is important to have a detective control, however not without pre-approval process. Don't agree with that.
While periodically reviewing the entire vendor master file (option C) is important for detecting discrepancies or errors, comparing updates against authorization (option D) provides a more proactive approach to control. By ensuring that any changes made to the vendor master file are authorized beforehand, organizations can mitigate the risk of unauthorized or fraudulent updates, thereby maintaining the integrity and accuracy of the vendor information. This approach adds an extra layer of security and validation to the update process, helping to prevent potential issues before they occur.
Comparing updates against authorization, involves verifying that any changes made to the vendor master file are authorized by an appropriate individual or department. This may involve implementing a workflow process for requesting and approving updates, as well as comparing any changes made to the file against a list of authorized changes. By using this approach, any unauthorized changes can be quickly identified and investigated, reducing the risk of fraud or errors in payment processing.
Option A, Using prenumbered and authorized request forms, can help ensure that requests to update the vendor master file are legitimate, but it does not provide a way to verify that the requested changes are authorized. A fraudulent request could still be submitted using a prenumbered and authorized request form.
How can a fraudulent request be submitted in authorized request form. Authorized request form in itself mean that someone authorizes it. The question here is about how can you controls the updates which is preventive nature and (A) seems appropriate. Option (D) is detective in nature.
A is the right answer. Using prenumbered and authorized request forms
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SBD600
Highly Voted 1 year, 11 months agoRS66
Most Recent 10 months agoanaluisamoreira
10 months, 1 week agoSwallows
11 months agoa84n
1 year agoSuperMax
1 year, 7 months ago[Removed]
1 year, 4 months agohoho
1 year, 10 months ago3008
1 year, 10 months ago3008
1 year, 10 months agoBA27
1 year, 6 months ago007Georgeo
1 year, 12 months agooorami
2 years, 1 month agoStaanlee
2 years, 4 months ago