An IS auditor notes that due to the small size of the organization, human resources staff can create new employees in the payroll system as well as process payroll.
Which of the following is the BEST recommendation to address this situation?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The situation described in the question indicates that there is no segregation of duties between the creation of new employees and the processing of payroll, which could lead to potential risks and opportunities for fraud. Therefore, the auditor needs to provide a recommendation that can mitigate this risk.
Option A: Outsource the processing of payroll to a third party. Outsourcing the payroll processing function to a third party could provide an effective solution to the segregation of duties issue. However, outsourcing the payroll function may come with additional costs and may require the organization to provide sensitive employee data to a third party. Therefore, this may not be the best recommendation in all cases, and it is not the best answer to this question.
Option B: Implement a periodic user access review over the payroll system. Implementing periodic user access reviews of the payroll system can help to ensure that only authorized personnel have access to the payroll system. This recommendation can also be beneficial in identifying any unauthorized changes to payroll data. However, this recommendation does not address the issue of segregation of duties.
Option C: Implement periodic reviews of employees in the payroll system. Implementing periodic reviews of employees in the payroll system can help to ensure that all employees are authorized and correctly classified in the payroll system. However, this recommendation does not address the issue of segregation of duties.
Option D: Hire additional staff so that access for the two functions can be segregated. Hiring additional staff to segregate the duties of creating new employees and processing payroll is the best recommendation to address the situation. This recommendation ensures that the organization has adequate segregation of duties, which helps to reduce the risk of fraud and other potential errors. Additionally, this recommendation can provide the organization with more flexibility in managing these functions.
Therefore, the BEST recommendation to address the situation is option D: Hire additional staff so that access for the two functions can be segregated.