Certified Chief Information Security Officer (CCISO) — Question 75

The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling.
What is the most likely reason for such broad access?

Answer options

• A. The need to change accounting periods on a regular basis.
• B. The need to create and modify the chart of accounts and its allocations.
• C. The requirement to post entries for closed accounting period.
• D. The lack of policies and procedures for the proper segregation of duties.

Correct answer: D

Explanation

The correct answer is D because broad access to sensitive functions often indicates insufficient controls and guidelines regarding the separation of duties. The other options suggest legitimate operational needs but do not explain why multiple departments would have access to such a critical function inappropriately.