CISA Certified Information Systems Auditor – Question2571
Which of the following would be the MOST effective audit technique for identifying segregation of duties violations in a new enterprise resource planning (ERP) implementation? A. Reviewing a report of security rights in the system B. Reviewing the complexities of authorization objects C. Building a program to identify conflicts in authorization D. Examining recent access rights violation cases
Correct Answer: C
Explanation:
Explanation:
Since the objective is to identify violations in segregation of duties, it is necessary to define the logic that will identify conflicts in authorization. A program could be developed to identify these conflicts. A report of security rights in the enterprise resource planning
(ERP) system would be voluminous and time consuming to review; therefore, this technique is not as effective as building a program. As complexities increase, it becomes more difficult to verify the effectiveness of the systems and complexity is not, in itself, a link to segregation of duties. It is good practice to review recent access rights violation cases; however, it may require a significant amount of time to truly identify which violations actually resulted from an inappropriate segregation of duties.
Please disable your adblocker or whitelist this site!