An IS auditor has recently discovered that because of a
shortage of skilled operations personnel, the security
administrator has agreed to work one late-night shift a
month as the senior computer operator. The MOST appropriate
course of action for the IS auditor is to:
A. advise senior management of the risk involved.
B. agree to work with the security officer on these shifts
as a form of preventative control.
C. develop a computer-assisted audit technique to detect
instances of abuses of this arrangement.
D. review the system log for each of the late-night shifts
to determine whether any irregular actions occurred.
Answer Posted / guest
Answer: A
The IS auditor's first and foremost responsibility is to
advise senior management of the risk involved in having the
security administrator perform an operations function. This
is a violation of separation of duties. The IS auditor
should not get involved in processing.
Is This Answer Correct ? | 5 Yes | 0 No |
Post New Answer View All Answers