Question

Audit firm determined that proper IT segregation of duties between systems development and computer operations were not present. They later determined sufficient compensating controls were present. What compensating controls may have been in place?

a) Increased monitoring and oversight
b) Strong password policies
c) Encryption of sensitive data
d) Regular security training for employees

Answer 1

Compensating controls that may have been in place are increased monitoring and oversight, strong password policies, and regular security training for employees.

Step-by-step explanation:

When an audit firm determines that proper IT segregation of duties between systems development and computer operations is not present, compensating controls can be implemented to mitigate the risk. In this case, the audit firm has found that sufficient compensating controls were in place. Some possible compensating controls that could have been implemented are:

• Increased monitoring and oversight: This can involve regular checks and reviews of activities performed by both systems development and computer operations teams to ensure compliance and detect any anomalies.
• Strong password policies: Implementing policies that require employees to use secure and complex passwords can help protect against unauthorized access.
• Regular security training for employees: Providing training sessions to employees on security best practices can help raise awareness and reduce the likelihood of security breaches.