CISA Certified Information Systems Auditor – Question1337

A business unit cannot achieve desired segregation of duties between operations and programming due to size constraints. Which of the following is MOST important for the IS auditor to identify?

A.
Unauthorized user controls
B. Compensating controls
C. Controls over operational effectiveness
D. Additional control weaknesses

Correct Answer: B