CISA Certified Information Systems Auditor – Question1661 - CISA Certified Information Systems Auditor

Which of the following would be the MOST significant audit finding when reviewing a point-of-sale (POS) system?

A. invoices recorded on the POS system are manually entered into an accounting application
B. An optical scanner is not used to read bar codes for the generation of sales invoices
C. Frequent power outages occur, resulting in the manual preparation of invoices
D. Customer credit card information is stored unencrypted on the local POS system

Correct Answer: D

Explanation:

Explanation:
It is important for the IS auditor to determine if any credit card information is stored on the local point-of-sale (POS) system. Any such information, if stored, should be encrypted or protected by other means to avoid the possibility of unauthorized disclosure.
Manually inputting sale invoices into the accounting application is an operational issue, if the POS system were to be interfaced with the financial accounting application, the overall efficiency could be improved. The nonavailability of optical scanners to read bar codes of the products and power outages are operational issues.