In evaluating separation of duties within an IT department, an auditor finds that the database administrator has both production library access and the authority to approve changes. What is the PRIMARY risk?

Home › MCQs › CISA › Question #6819

CISA QUESTION #6819

Question 1

Inefficient change management
Unauthorized changes could be implemented without detection✔️
Delayed system updates
Increased operational costs

Correct Answer Explanation

Separation of duties requires that authorization be separated from execution. When the same person who can approve changes also has access to implement them, they can bypass controls and execute unauthorized modifications without independent verification, creating fraud risk and control circumvention.

More Options