An IS auditor reviewing an organization that uses cross-training practices should assess the risk
of:

A.
dependency on a single person.

B.
inadequate succession planning.

C.
one person knowing all parts of a system.

D.
a disruption of operations.

Explanation:
Cross-training is a process of training more than one individual to perform a specific job or
procedure. This practice helps decrease the dependence on a single person and assists in
succession planning. This provides for the backup of personnel in the event of an absence and,
thereby, provides for the continuity of operations. However, in using this approach, it is prudent to
have first assessed the risk of any person knowing all parts of a system and the related potential
exposures. Cross-training reduces the risks addressed in choices A, B and D.