Which of the following is the BEST compensating control for a lack of proper segregation of duties in an IT department?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Segregation of duties (SoD) is a fundamental principle of internal controls, where no single individual has complete control over a business process from the beginning to the end. This helps to reduce the risk of errors or fraud, as it ensures that there is an independent check and balance.
Compensating controls are measures that are put in place to address risks that cannot be controlled by segregation of duties. Compensating controls mitigate risks by providing alternative controls to ensure that the process is reliable and secure.
Out of the options given, the best compensating control for a lack of proper segregation of duties in an IT department is System Activity Logging (C).
System Activity Logging records all system activity that occurs within the IT environment, including access attempts, changes to system configuration, data manipulation, and errors. It provides a record of all system activity, which can be used to identify any unauthorized activity or transactions that may have occurred.
By implementing a system activity logging, management can review logs periodically to detect and prevent any unauthorized actions that may have occurred in the absence of proper segregation of duties. It can also be used to investigate potential security incidents and audit trail reviews.
Authorization forms (A) are used to document the approval of a request, but they do not address the issue of segregation of duties. Control Self-Assessment (D) is a process for identifying and evaluating risks and controls, but it does not provide an alternative control for segregation of duties. Audit Trail Reviews (B) is a detective control, which is important but does not address the fundamental issue of segregation of duties.