Explore the critical role of segregation of duties in the System Development Life Cycle (SDLC). Learn why overriding these controls during user testing phases can pose a significant risk.
Table of Contents
Question
Which of the following should be of MOST concern to a risk practitioner reviewing the system development life cycle (SDLC)?
A. Segregation of duties controls are overridden during user testing phases
B. Testing is completed by IT support users without input from end users
C. Data anonymization is used during all cycles of end user testing
D. Testing is completed in phases with user testing scheduled as the final phase
Answer
A. Segregation of duties controls are overridden during user testing phases
Explanation
The option of most concern to a risk practitioner reviewing the SDLC would be A. Segregation of duties controls are overridden during user testing phases.
Segregation of duties is a key concept in internal controls, and it is critical to prevent fraud and errors. This principle is used to manage conflict of interest, the appearance of conflict of interest, and errors or fraud. It restricts the amount of power held by any one individual. It puts a barrier to error or fraud perpetrated by a single individual.
In the context of SDLC, if segregation of duties controls are overridden during user testing phases, it means the same individual or team could be responsible for developing, testing, and approving the system. This could lead to a lack of objectivity, potential errors, and even fraud. For example, a developer could introduce a code with a backdoor, test it, and approve it without anyone else noticing it.
Therefore, it’s crucial to maintain segregation of duties throughout the SDLC, including during the user testing phases.
ISACA CRISC certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISACA CRISC exam and earn ISACA CRISC certification.