Which concept involves dividing duties to reduce fraud risk?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Identity and Access Manager Exam using flashcards and multiple-choice questions. Gain insights into the exam format, practice with real-world scenarios, and ensure your success in becoming a certified professional.

Multiple Choice

Which concept involves dividing duties to reduce fraud risk?

Explanation:
Separating duties means dividing responsibilities so no single person controls all parts of a critical process. This creates checks and balances that make fraud or errors much harder to conceal, because different steps require different people and their actions can be cross-checked. For example, the person who initiates a payment should not be the one who approves it or records the transaction, and someone else should reconcile the accounts. This division builds an audit trail and encourages oversight, making it easier to detect unusual activity. Access Control Lists and Capability Lists specify what a user or process is allowed to do, but they don’t inherently mandate who performs each step of a workflow. The Need-to-Know Principle limits who can access information based on necessity, yet it doesn’t enforce the separation of duties across tasks. Separation of Duties specifically targets distributing tasks to reduce fraud risk, and it is most effective when combined with appropriate access controls to support those roles and chores.

Separating duties means dividing responsibilities so no single person controls all parts of a critical process. This creates checks and balances that make fraud or errors much harder to conceal, because different steps require different people and their actions can be cross-checked. For example, the person who initiates a payment should not be the one who approves it or records the transaction, and someone else should reconcile the accounts. This division builds an audit trail and encourages oversight, making it easier to detect unusual activity.

Access Control Lists and Capability Lists specify what a user or process is allowed to do, but they don’t inherently mandate who performs each step of a workflow. The Need-to-Know Principle limits who can access information based on necessity, yet it doesn’t enforce the separation of duties across tasks. Separation of Duties specifically targets distributing tasks to reduce fraud risk, and it is most effective when combined with appropriate access controls to support those roles and chores.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy