Certified Information Systems Auditor (CISA) — Question 689

Which of the following is the MOST efficient way to identify segregation of duties violations in a new system?

Answer options

• A. Observe the performance of business processes.
• B. Develop a process to identify authorization conflicts.
• C. Review a report of security rights in the system.
• D. Examine recent system access rights violations.

Correct answer: C

Explanation

The correct answer is C because reviewing a report of security rights provides a clear overview of user permissions and potential conflicts that could indicate segregation of duties violations. Options A and D are more reactive, focusing on observations or past violations rather than proactively identifying issues. Option B, while useful, does not provide a comprehensive view as effectively as reviewing the security rights report.