Student Forums CIA Part 3: Business Knowledge for Internal Auditors Section III: Information Technology 9. Question ID: HOCK IT-ERP 04 (Topic: 1C. Key Characteristics of Software Syste

9. Question ID: HOCK IT-ERP 04 (Topic: 1C. Key Characteristics of Software Syste

  • Creator
  • #210037
    Armindo Comar

    The options provided kind of impute responsibility to the auditor, which should not happen.
    I don’t get the reason why “Maintaining the integrity and security of the data” should be done by the auditor.

    Which of the following best describes the internal auditor’s role regarding ERP systems?

    A. Providing training to employees on proper usage of the ERP system. wrong
    B. Selecting and implementing the ERP system.
    C. Maintaining the integrity and security of the data. correct
    D. Surveying customers about their satisfaction with the ERP system.
    Your Incorrect Answer Explanation for A:
    The internal auditor would not be responsible for training employees on using the ERP system.
    Correct Answer Explanation for C:
    The internal auditor’s primary responsibility with an ERP system is to ensure that the system is accurately recording the company’s business information.
    Explanation for B:
    While the internal auditor should be involved in the selection of the ERP system, the auditor should not be involved with its implementation.
    Explanation for D:
    Customers would not be involved with the ERP system, nor would internal auditors speak to customers under most circumstances.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Author
  • #210039
    Kevin Hock


    The auditor isn’t responsible for the ERP system itself, just the data. The auditor’s role is all about the integrity, security, and accuracy of data within a company, right? Or have I not understood your main area of concern?


    Anya Payne

    Good Evening,

    The confusion for me as well with the correct answer option lies with the word or use of the word ‘maintain’. It implies a responsibility that belongs to the auditor. In terms of role and responsibility, the auditor maintaining the integrity looks questionable hinging on an impairment in objectivity. Maintaining looks more to be a management responsibility or a compliance (a second line defense) function. The auditor may perhaps evaluate or assess or examine the integrity and security of the data ?

    Brian Hock
    HOCK international

    Hello, Anya,

    I can kind of see your point about this word. In thinking about it, I am not sure that there is a better word to use that says that the internal auditor is not responsible for the data itself, but making certain that the data is protected and secure. It will make certain that the system is doing what it is that needs to be done to protect it and I think that the word maintain is a reasonable word in this case.

    Also, in terms of strategies for a question, when there is an choice that is less than perfect (meaning that there may be a word like this that is not the exact word that you think should be used), you also need to look at the other choices. And in this question, the other choices are not correct. So, even though this may not be perfectly worded, it is the best choice for this question.

    I hope that this helps.


Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.