Valid CRISC Dumps shared by EduDump.com for Helping Passing CRISC Exam! EduDump.com now offer the newest CRISC exam dumps, the EduDump.com CRISC exam questions have been updated and answers have been corrected get the newest EduDump.com CRISC dumps with Test Engine here:
A small organization finds it difficult to implement separation of duties necessary to mitigate the likelihood of system misuse. Which of the following would be the BEST compensating control?
Correct Answer: C
When separation of duties (SoD) cannot be fully implemented-typically due to limited personnel-a compensating control must provide comparable assurance that no individual can exploit a conflict of interest or perform unauthorized actions without detection. According to the CRISC study guide and ISACA's Control Objectives for Information and Related Technologies (COBIT): * Compensating controls substitute for missing primary controls when business or technical constraints prevent their full implementation. * The most effective compensating control for SoD issues is independent review or monitoring of activities performed by those with multiple roles. Obtaining an independent analysis of transaction logs ensures that another trusted party validates the actions taken by employees, detecting inappropriate or fraudulent activities. Option explanations: * A. Control self-assessments are self-reviews, not independent, and therefore insufficient for SoD conflicts. * B. Reports from staff with multiple duties still depend on self-reporting, which lacks independence. * D. Assigning activities to fewer employees increases risk rather than mitigating it. This aligns with CRISC's emphasis that "an independent review of audit logs is the best compensating control when segregation of duties conflict exists in a small IT department." (CRISC Notes, Slide 349).