Which of the following would be an auditor's GREATEST concern when reviewing data inputs from spreadsheets into the core finance system?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
When reviewing data inputs from spreadsheets into the core finance system, an auditor's greatest concern would be the accuracy and completeness of the data being entered into the system. Inaccurate data can result in financial misstatements, which can have serious consequences for the organization. The four options presented all have the potential to impact the accuracy and completeness of the data in different ways.
Option A, where undocumented code formats data and transmits it directly to the database, is a potential concern because it can lead to errors or data corruption. The lack of documentation means that any issues with the code may be difficult to identify and correct. This can result in inaccurate data being entered into the system without the organization realizing it.
Option B, where there is not a complete inventory of spreadsheets and file naming is inconsistent, is a concern because it can lead to incomplete or inaccurate data being entered into the system. If the organization is not aware of all the spreadsheets that are being used to input data, they may miss important information. Inconsistent file naming can also make it difficult to identify which files contain the correct information.
Option C, where spreadsheets are accessible by all members of the finance department, is a concern because it can lead to unauthorized changes to the data. If anyone in the department can access and modify the spreadsheets, it can be difficult to track changes and ensure that the data is accurate.
Option D, where the department data protection policy has not been reviewed or updated for two years, is a concern because it can lead to security breaches or data theft. If the policy is out of date, it may not address current threats to the organization's data. This can leave the organization vulnerable to cyber attacks or other security breaches.
While all four options presented are potential concerns, the greatest concern for an auditor would likely be option A, where undocumented code formats data and transmits it directly to the database. This is because it has the potential to impact the accuracy and completeness of the data in a significant way, and may be difficult to identify and correct without proper documentation.