Prev Question
Next Question

Which of the following would be the MOST effective audit technique for identifying segregation of
duties violations in a new enterprise resource planning (ERP) implementation?

A.
Reviewing a report of security rights in the system

B.
Reviewing the complexities of authorization objects

C.
Building a program to identify conflicts in authorization

D.
Examining recent access rights violation cases

Explanation:
Since the objective is to identify violations in segregation of duties, it is necessary to define the
logic that will identify conflicts in authorization. A program could be developed to identify these
conflicts. A report of security rights in the enterprise resource planning (ERP) system would be
voluminous and time consuming to review; therefore, this technique is not as effective as building
a program. As complexities increase, it becomes more difficult to verify the effectiveness of the
systems and complexity is not, in itself, a link to segregation of duties. It is good practice to review
recent access rights violation cases; however, it may require a significant amount of time to truly

identify which violations actually resulted froman inappropriate segregation of duties.

Prev Question
Next Question
Tagged:

Leave a Reply

Your email address will not be published. Required fields are marked *