Certified in Risk and Information Systems Control (CRISC) — Question 376

During a risk assessment of a financial institution, a risk practitioner discovers that tellers can initiate and approve transactions of significant value. This team is also responsible for ensuring transactions are recorded and balances are reconciled by the end of the day. Which of the following is the risk practitioner's BEST recommendation to mitigate the associated risk?

Answer options

• A. Require a code of ethics.
• B. Implement continuous monitoring.
• C. Implement segregation of duties.
• D. Require a second level of approval.

Correct answer: C

Explanation

The best recommendation is to implement segregation of duties, as it ensures that no single individual has control over all aspects of a financial transaction, reducing the risk of fraud or error. The other options, while beneficial in their own right, do not specifically address the issue of overlapping responsibilities that could lead to significant financial risk.