Penetration testing should only be used during controlled conditions with express consent of the system owner because:
Which of the following is a best practice to identify fraud from an employee in a sensitive position?