During a SOX audit, an auditor finds that the CFO reviews and approves financial system access requests. However, the auditor discovers the CFO's executive assistant actually performs these reviews and approvals using the CFO's credentials. What is the MOST critical control failure?

Home › MCQs › CISA › Question #6847

CISA QUESTION #6847

Question 1

Delegation of duties
Circumvention of segregation of duties and accountability requirements✔️
Efficient process
Excessive CFO workload

Correct Answer Explanation

Control processes requiring specific individual approval cannot be delegated through credential sharing. This circumvents segregation of duties (the CFO should not delegate financial control approvals), eliminates accountability (actions appear to be the CFO's), and violates non-repudiation principles. The CFO remains liable for approvals they did not actually perform.

More Options