A manager who is authorized to make purchases up to a certain dollar amount approves the set-up of a fictitious vendor and subsequently initiates purchase orders.
Which of the following controls would best address this risk?
A manager who is authorized to make purchases up to a certain dollar amount approves the set-up of a fictitious vendor and subsequently initiates purchase orders.
Which of the following controls would best address this risk?
Establishing separate vendor creation and approval teams would best address the risk of a manager setting up a fictitious vendor and initiating purchase orders. This control ensures segregation of duties, making it less likely for a single individual to commit fraud. This specific structural change directly mitigates the risk described in the question by adding another layer of oversight which prevents unauthorized or inappropriate actions by a single manager.
Shouldn't it be A? How code of ethics address this risk?
yeah, this is a tricky question but I think code of ethics reduces the level of organizational risk? But A can be correct too. idk.