Certified in Risk and Information Systems Control (CRISC) — Question 491

Which of the following is the MOST important technology control to reduce the likelihood of fraudulent payments committed internally?

Answer options

• A. Daily transaction reconciliation
• B. Role-based user access model
• C. Rule-based data analytics
• D. Automated access revocation

Correct answer: B

Explanation

The role-based user access model is essential as it ensures that individuals have access only to the resources necessary for their job functions, thereby minimizing opportunities for internal fraud. While daily transaction reconciliation, rule-based data analytics, and automated access revocation are important, they do not directly restrict user access in a way that significantly limits the potential for internal fraudulent activities.