Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 235

A senior payroll accountant was responsible for three business units. When the number of employees increased considerably, another accountant was hired and became responsible for one of the units. However, an access rights attestation from the senior payroll accountant remained the same, despite an internal policy requiring payroll access to be restricted. Which of the following controls most likely failed?

Answer options

• A. Reauthorization controls.
• B. Authorization controls.
• C. Authentication controls.
• D. Segregation of duties.

Correct answer: D

Explanation

The correct answer is D, as segregation of duties is meant to prevent any single individual from having control over multiple aspects of a process, which includes access rights. In this scenario, the senior accountant retained access after the hiring of another accountant, indicating a failure in this control. The other options such as reauthorization, authorization, and authentication controls are not directly related to the issue of overlapping access rights.