Question 1

During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can both authorize credit limits for new customers and approve sales orders exceeding those limits. The documented process flow states these functions should be separated. Which type of deficiency has the auditor identified?

Accepted Answer

Identify the control objective (Segregation of Duties). If the system *allows* it, the design of the access control is flawed.

Question 2

What mistakes do candidates make on this CPA question?

Accepted Answer

Confusing design deficiency (the control setup is wrong) with operating deficiency (the setup is right, but the person ignored it). If the system *allows* it, the design is usually at fault.

How to approach this question

Full Answer

Common mistakes

Practice the full CPA ISC Practice Exam 4

More questions from this exam