Which of the following would be the BEST solution?

An organization’s operations staff places payment files in a shared network folder and then the
disbursement staff picks up the files for payment processing. This manual intervention will be
automated some months later, thus cost-efficient controls are sought to protect against file
alterations. Which of the following would be the BEST solution?

An organization’s operations staff places payment files in a shared network folder and then the
disbursement staff picks up the files for payment processing. This manual intervention will be
automated some months later, thus cost-efficient controls are sought to protect against file
alterations. Which of the following would be the BEST solution?

A.
Design a training program for the staff involved to heighten information security awareness

B.
Set role-based access permissions on the shared folder

C.
The end user develops a PC macro program to compare sender and recipient file contents

D.
Shared folder operators sign an agreement to pledge not to commit fraudulent activities

Explanation:

Ideally, requesting that the IT department develop an automated integrity check would be
desirable, but given the temporary nature of the problem, the risk can be mitigated by setting
stringent access permissions on the shared folder. Operations staff should only have write access
and disbursement staff should only have read access, and everyone else, including the
administrator, should be disallowed. An information security awareness program and/or signing an
agreement to not engage in fraudulent activities may help deter attempts made by employees:
however, as long as employees see a chance of personal gain when internal control is loose, they
may embark on unlawful activities such as alteration of payment files. A PC macro would be an
inexpensive automated solution to develop with control reports. However, sound independence or
segregation of duties cannot be expected in the reconciliation process since it is run by an enduser group. Therefore, this option may not provide sufficient proof.



Leave a Reply 0

Your email address will not be published. Required fields are marked *