Prev Question
Next Question

Which of the following would be the MOST effective audit technique for identifying segregation of
duties violations in a new enterprise resource planning (ERP) implementation?

Reviewing a report of security rights in the system

Reviewing the complexities of authorization objects

Building a program to identify conflicts in authorization

Examining recent access rights violation cases

Since the objective is to identify violations in segregation of duties, it is necessary to define the
logic that will identify conflicts in authorization. A program could be developed to identify these
conflicts. A report of security rights in the enterprise resource planning (ERP) system would be
voluminous and time consuming to review; therefore, this technique is not as effective as building
a program. As complexities increase, it becomes more difficult to verify the effectiveness of the
systems and complexity is not, in itself, a link to segregation of duties. It is good practice to review
recent access rights violation cases; however, it may require a significant amount of time to truly

identify which violations actually resulted froman inappropriate segregation of duties.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *