Which of the following recommendations made by the internal audit activity (IAA) is most likely to help prevent fraud?
A.
A review of password policy compliance found that employees frequently use the same password more than once during a year. The IAA recommends that the access control software reject any password used more than once during a 12-month period.
B.
A review of internal service-level agreement compliance in financial services found that requests for information frequently are fulfilled up to two weeks late. The IAA recommends that the financial services unit be eliminated for its ineffectiveness.
C.
A vacation policy compliance review found that employees frequently leave on vacation before their leave applications are signed by their manager. The IAA recommends that the manager attend to the leave applications in a more timely fashion.
D.
A review of customer service-level agreements found that orders to several customers are frequently delivered late. The IAA recommends that the organization extend the expected delivery time advertised on its website.
Strengthening password policies and ensuring unique passwords are used within a specified period are key measures in preventing unauthorized access and reducing the risk of fraud. Password management is a critical aspect of IT security and can significantly mitigate the risk of cyber fraud. The other recommendations (Options B, C, and D) address operational issues but do not directly impact fraud prevention as effectively as enhancing password security does.References:
IIA Standard 2110: Governance.
IIA Practice Guide on IT Controls and Cybersecurity.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit