Which of the following are functions that are compatible in a properly segregated environment?

a) Systems programming and job control analysis.
b) Access authorization and database administration.
c) System development and systems maintenance.
d) Application programming and computer operation.

Answer: the correct answer is "C". The main aim of segregation of duties is to ensure that no single individual can compromise an application system's features and its control functions. In a IT environment, it is common for system development and maintenance to be undertaken by the same person. In such cases the programmer requires access to the source code in the development environment, but should not be allowed access in the production environment. A computer operator should not have the possibility of modifying applications because they already have access to all resources of the systems and that would allow them to introduce fraudulent changes. Systems programming is incompatible with job control analysis since a systems programmer could change the job control parameters to run their own personal jobs. Access authorization is a responsibility of data owners, not database administrators.

Related CISA Exam Questions

Quantitative Risk Analysis
Statistical Sampling
Retention Date for Files
Disaster Recovery Hot Site