CISA Certified Information Systems Auditor – Question2541

Which audit technique provides the BEST evidence of the segregation of duties in an IS department?

A.
Discussion with management
B. Review of the organization chart
C. Observation and interviews
D. Testing of user access rights

Correct Answer: C

Explanation:

Explanation:
By observing the IS staff performing their tasks, an IS auditor can identify whether they are performing any incompatible operations, and by interviewing the IS staff, the auditor can get an overview of the tasks performed. Based on the observations and interviews the auditor can evaluate the segregation of duties. Management may not be aware of the detailed functions of each employee in the IS department; therefore, discussion with the management would provide only limited information regarding segregation of duties. An organization chart would not provide details of the functions of the employees. Testing of user rights would provide information about the rights they have within the IS systems, but would not provide complete information about the functions they perform.