Exam IIA-CIA-Part2 All QuestionsBrowse all questions from this exam
Go to Exam
Question 90

An audit of a Web-based third-party payment processor determined that a programming error enabled customers to create multiple accounts for each mailing address. This caused problems during the processing of credit card transactions. Management agreed to correct the program and notify customers with multiple accounts that the accounts would be consolidated. What should the auditor do in response?

I. Amend the scope of the subsequent audit to verify that the program was corrected and that accounts were consolidated.

II. Evaluate the adequacy and effectiveness of the corrective action proposed by management.

III. Schedule a follow-up review to verify that the program was corrected and the accounts were consolidated.

IV. Do nothing because management has agreed to address the problem.

    Correct Answer: D

    The correct approach involves both evaluating the adequacy and effectiveness of the corrective action proposed by management and scheduling a follow-up review to verify that the program was corrected and the accounts were consolidated. Evaluating the corrective actions ensures they are appropriate and effective in addressing the issue. Scheduling a follow-up review ensures that the changes have been effectively implemented and are working as intended to resolve the identified problems. Therefore, the auditor should perform actions II and III.

Discussion
MezzatOption: C

WHY NOT C ???

John1237

The next engagement requires planning and a risk-based approach. Furthermore, it is not necessary to wait for the next engagement to verify the adequacy and effectiveness of the corrective action proposed by management.