If an IS auditor finds evidence of risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function, what is the auditor’s primary responsibility?
A . To advise senior management.
B . To reassign job functions to eliminate potential fraud.
C . To implement compensator controls.
D . Segregation of duties is an administrative control not considered by an IS auditor.
Answer: A
Explanation:
An IS auditor’s primary responsibility is to advise senior management of the risk involved in not implementing proper segregation of duties, such as having the security administrator perform an operations function.