CISA Certified Information Systems Auditor – Question2712
Which of the following controls would an IS auditor look for in an environment where duties cannot be appropriately segregated? A. Overlapping controls B. Boundary controls C. Access controls D. Compensating controls
Correct Answer: D
Explanation:
Explanation:
Compensating controls are internal controls that are intended to reduce the risk of an existing or potential control weakness that may arise when duties cannot be appropriately segregated.
Overlapping controls are two controls addressing the same control objective or exposure. Since primary controls cannot be achieved when duties cannot or are not appropriately segregated, it is difficult to install overlapping controls. Boundary controls establish the interface between the would-be user of a computer system and the computer system itself, and are individual-based, not role-based, controls. Access controls for resources are based on individuals and not on roles.
Please disable your adblocker or whitelist this site!