PrepAway - Latest Free Exam Questions & Answers

An IS auditor reviewing an organization that uses cross…

An IS auditor reviewing an organization that uses cross-training practices should assess the risk of:

PrepAway - Latest Free Exam Questions & Answers

A.
dependency on a single person.
Overlapping controls

B.
inadequate succession planning.
Boundary controls

C.
one person knowing all parts of a system.
Access controls

D.
a disruption of operations.
QUESTION 348
Which of the following controls would an IS auditor look for in an environment where duties cannot be
appropriately segregated?
Compensating controls

D.
a disruption of operations.
QUESTION 348
Which of the following controls would an IS auditor look for in an environment where duties cannot be
appropriately segregated?
Compensating controls

A.
dependency on a single person.
Overlapping controls

B.
inadequate succession planning.
Boundary controls

C.
one person knowing all parts of a system.
Access controls

D.
a disruption of operations.
QUESTION 348
Which of the following controls would an IS auditor look for in an environment where duties cannot be
appropriately segregated?
Compensating controls

Explanation:
Cross-training is a process of training more than one individual to perform a specific job or procedure. This
practice helps decrease the dependence on a single person and assists in succession planning. This provides
for the backup of personnel in the event of an absence and, thereby, provides for the continuity of operations.
However, in using this approach, it is prudent to have first assessed the risk of any person knowing all parts of
a system and the related potential exposures. Cross-training reduces the risks addressed in choices A, B and

Compensating controls are internal controls that are intended to reduce the risk of an existing or potential
control weakness that may arise when duties cannot be appropriately segregated. Overlapping controls are two
controls addressing the same control objective or exposure. Since primary controls cannot be achieved when
duties cannot or are not appropriately segregated, it is difficult to install overlapping controls. Boundary controls
establish the interface between the would-be user of a computer system and the computer system itself, and
are individual-based, not role-based, controls. Access controls for resources are based on individuals and not
on roles.


Leave a Reply