If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor's primary responsibility?

If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor’s primary responsibility?
A . To advise senior management.
B . To reassign job functions to eliminate potential fraud.
C . To implement compensator controls.
D . Segregation of duties is an administrative control not considered by an IS auditor.

Answer: A

Explanation:

An IS auditor’s primary responsibility is to advise senior management of the risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function.

If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor’s primary responsibility?

Author

Leave a Reply Cancel reply