The internal audit department is investigating a possible breach of security. One of the auditors is
sent to interview the following employees:
Employee A. Works in the accounts receivable office and is in charge of entering data into the
finance system.
Employee B. Works in the accounts payable office and is in charge of approving purchase orders.
Employee C. Is the manager of the finance department, supervises Employee A and Employee B,
and can perform the functions of both Employee A and Employee B.
Which of the following should the auditor suggest be done to avoid future security breaches?
A.
All employees should have the same access level to be able to check on each others.
B.
The manager should only be able to review the data and approve purchase orders.
C.
Employee A and Employee B should rotate jobs at a set interval and cross-train.
D.
The manager should be able to both enter and approve information.