Which outcome can occur if systems development is not separated from a database administrator (DBA)?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the Accounting Information Systems Exam with interactive quizzes, flashcards, and detailed answer explanations. Enhance your understanding of key concepts and be prepared for success.

Multiple Choice

Which outcome can occur if systems development is not separated from a database administrator (DBA)?

Explanation:
Separation of duties in IT controls is being tested. When the systems development function is kept separate from database administration, there’s an independent check on who can access and modify the database, and what privileges are granted. If those roles are not separated, the same person can both develop software and directly manage the database, including assigning access rights. That means access controls—who can read, modify, or delete data, and who can change those permissions—are no longer independently reviewed. The result is deficient database access controls: privileges can be created or escalated without proper oversight, audits may not capture changes, and the risk of unauthorized or inappropriate data access increases. This undermines the protection of data and the integrity of the system. Other scenarios, like unauthorized application changes or data-entry errors, don’t stem as directly from lacking this separation as the core issue of not having proper, independently reviewed access control.

Separation of duties in IT controls is being tested. When the systems development function is kept separate from database administration, there’s an independent check on who can access and modify the database, and what privileges are granted. If those roles are not separated, the same person can both develop software and directly manage the database, including assigning access rights. That means access controls—who can read, modify, or delete data, and who can change those permissions—are no longer independently reviewed. The result is deficient database access controls: privileges can be created or escalated without proper oversight, audits may not capture changes, and the risk of unauthorized or inappropriate data access increases. This undermines the protection of data and the integrity of the system. Other scenarios, like unauthorized application changes or data-entry errors, don’t stem as directly from lacking this separation as the core issue of not having proper, independently reviewed access control.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy