Which audit technique provides the BEST evidence of the
segregation of duties in an IS department?
A. Discussion with management
B. Review of the organization chart
C. Observation and interviews
D. Testing of user access rights
Answer Posted / guest
Answer: C
By observing the IS staff performing their tasks, the IS
auditor can identify whether they are performing any
noncompatible operations and by interviewing the IS staff
the auditor can get an overview of the tasks performed.
Based on the observations and interviews the auditor can
evaluate the segregation of duties. Management may not be
aware of the detailed functions of each employee in the IS
department, therefore discussion with the management would
provide only limited information regarding segregation of
duties. An organization chart would not provide details of
the functions of the employees and testing of user rights
would provide information about the rights they have within
the IS systems, but would not provide complete information
about the functions they perform.
Is This Answer Correct ? | 8 Yes | 5 No |
Post New Answer View All Answers