Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
How would an IT auditor identify segregation of duties errors in an enterprise resource planning (ERP) system?
Reviewing the complexities of authorization objects
Building a program to identify conflicts in authorization
Reviewing a report of security rights in the system
Examining recent access rights violation cases
Since the objective is to identify violations in segregation of duties, it is necessary to define the logic that will identify conflicts in authorization. A program could be developed to identify these conflicts. A report of security rights in the ERP system would be voluminous and time consuming to review; therefore, this technique is not as effective as building a program. As complexities increase, it becomes more difficult to verify the effectiveness of the systems and complexity is not, in itself, a link to segregation of duties. It is good practice to review recent access rights violation cases; however, it may require a significant amount of time to truly identify which violations actually resulted from an inappropriate segregation of duties.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.