Which of the following is the BEST method to prevent such activities in the future?

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a
database administrator performing several other job functions within the company. Which of the
following is the BEST method to prevent such activities in the future?

The Chief Technical Officer (CTO) has been informed of a potential fraud committed by a
database administrator performing several other job functions within the company. Which of the
following is the BEST method to prevent such activities in the future?

A.
Job rotation

B.
Separation of duties

C.
Mandatory Vacations

D.
Least Privilege



Leave a Reply 1

Your email address will not be published. Required fields are marked *


Brian G

Brian G

All four of the options help to prevent and reveal fraud. Mandatory vacations cause fraudulent activities to be exposed when the employee is away from work and patterns change. Separation of duties means that activities which could be used to create fraud are in the hands of more than one person, requiring collusion to defraud the company. Least privilege means that users have no more permissions than are required for their duties, making it more difficult for users to have the ability to commit fraud. Job rotation, like forced vacation, forces individuals to be away from their access, revealing potentially fraudulent activities.

The question is which method is best in this case. Since the suspect is a DBA, the user has full control over the database as well as ‘several other job fuctions.’ You cannot prevent a DBA from making modifications to the DB, so least privilege won’t help. Job rotation might help, but you’d have to cut off access to the DB while the suspect worked in another area, and shifting responsibility might be very difficult for someone whose skill set is in as narrow an area as DB administration.

Mandatory vacations is a good answer. If the DBA is committing fraud alone, that is very likely to reveal it.

Separation of duties, however, is probably the best answer, because fraud usually means money has to transfer in addition to manipulation of database records. If the DBA is not able to do the ‘other job functions,’ that makes fraud less likely.

Note also that the question asks about preventing fraud, not detecting it after it happens. While mandatory vacations might show fraud after the fact, separation of duties will do a better job of preventing it in the future.