Certified in Risk and Information Systems Control (CRISC) — Question 1118

Which strategy employed by risk management would BEST help to prevent internal fraud?

Answer options

• A. Require control owners to conduct an annual control certification.
• B. Require the information security officer to review unresolved incidents.
• C. Ensure segregation of duties are implemented within key systems or processes.
• D. Conduct regular internal and external audits on the systems supporting financial reporting

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of segregation of duties, which helps to minimize the risk of internal fraud by ensuring that no single individual has control over all aspects of a financial transaction. Options A, B, and D, while important for overall risk management, do not specifically target the prevention of internal fraud in the same effective manner as implementing segregation of duties.