Certified Information Systems Auditor (CISA) — Question 29

Which of the following controls BEST ensures appropriate segregation of duties within an accounts payable department?

Answer options

• A. Including the creator's user ID as a field in every transaction record created
• B. Ensuring that audit trails exist for transactions
• C. Restricting access to update programs to accounts payable staff only
• D. Restricting program functionality according to user security profiles

Correct answer: D

Explanation

Option D is the best choice as it ensures that users can only perform actions that align with their assigned roles, thereby maintaining appropriate segregation of duties. Option A does not enforce separation of duties; it merely provides identification. Option B is important for monitoring but doesn't directly enforce segregation. Option C restricts access but does not tailor functionality to user roles.