A small business does not have enough staff in the accounting department to segregate duties. The comptroller writes the checks for the business and reconciles them against the ledger. To ensure there is no fraud occurring, the business conducts quarterly reviews in which a different officer in the business compares all the cleared checks against the ledger. Which of the following BEST describes this type of control?
When a business cannot implement ideal controls due to constraints such as insufficient staff, compensating controls are introduced to mitigate risks. In this scenario, the small business cannot segregate accounting duties due to a lack of personnel. To compensate for this limitation, quarterly reviews are performed by a different officer who checks all cleared checks against the ledger. This review helps detect any discrepancies or potential fraud that may arise from the lack of segregation of duties, thus serving as a compensating control.
I think this falls under compensating controls. https://www.fa.ufl.edu/directives/compensating-controls/ Here is an example of when a compensating control would be required: A single employee has the duties of accepting cash payments, recording the deposit, and reconciling the monthly financial reports. To prevent errors and/or fraud, additional oversight is required. This means we need a compensating control, such as the leader performing a review of the reconciliation or another unit performing the reconciliation. In some cases, two small units have “swapped” reconciliation duties to provide the needed separation of duties that are not possible within the unit.
Absolutely a compensating control. Yes it is an operational control that is detective in nature but in the situation where you can not apply the required control (PCI DSS allows you to apply compensating controls) While this does not relate to credit card environmenat(CDE) and PCI DSS most likely does would not apply, in financial audit, where segretation of duties (the required control) cannot be applied, the company is allowed to adopt oversight(supervision) as a compensating control
It cannot be compensating because they are not applying another control similar or changing the scope, its just reviewing if something looked suspicious on the revision. It is a detective control but the damage is done.
I saw this as being D. If the checks are cleared, it's not preventing anything. The other officer is checking to see if there's discrepancies
D. Detective "Cleared checks" is the key. Compensating would stop it from happening, Once cleared we are detecting that it DID happen.
Detective controls are implemented to identify and detect errors, fraud, or other irregularities that have already occurred. In this scenario, the quarterly review conducted by a different officer in the business compares all the cleared checks against the ledger. This process is designed to detect any discrepancies or fraudulent activities that may have taken place.
Compensating controls are implemented to compensate for the absence or failure of other controls. The quarterly reviews serve as a detective control compensating for the lack of segregation of duties. So, who knows?
The control described in the scenario is a compensating control. Compensating controls are put in place when an organization is unable to implement the ideal segregation of duties due to limited resources or staffing constraints. In this case, the small business does not have enough staff in the accounting department to segregate duties properly, which means that the comptroller, who writes the checks, also reconciles them against the ledger. To compensate for the lack of segregation of duties, the business conducts quarterly reviews where a different officer in the organization compares all the cleared checks against the ledger. This review helps to detect any potential fraud or errors and acts as a compensating control to mitigate the risks associated with the lack of segregation of duties.
It must be C only because on measurement to implement security is not taken.They are compensating is with a different security operation.
They can't implement separation of duties so instead are carrying out these additional checks. The answer is compensating controls.
Leaning more toward D since it's already happened. Compensating is usually for potential/future. According to CompTIA at least..
It cannot be compensating because it is a measurement in place to detect any fraud that might have occurred. If it was a measurement in place to prevent any fraud, then it could have been compensating control.
this looks more like a compensating control for their segregation of duties issue. The root is they don't have enough people to have proper SoD. Therefore, they've implemented this process to mitigate the control gap.
https://pathlock.com/learn/what-are-compensating-controls-and-why-you-need-them/
changing my answer to compensating, after reading the full discussion
Detective. I use the cbt nuggets testing platform, and they have similar questions, where instead of the different officer, a guard watches a camera
This scenario describes a compensating control. Compensating controls are alternative measures implemented to mitigate risk when primary controls are not feasible. In this case, due to the staff shortage, segregation of duties, which is a primary control, cannot be implemented. Instead, the business has put in place a quarterly review by a different officer as a compensating control to catch any discrepancies or potential fraud that might occur due to the lack of segregation of duties. This compensating control helps the business maintain a level of oversight and assurance over the financial processes despite the limitations in staffing. Therefore, the correct answer is:
it is clearly C. the question clearly says due to lack of enough personals.
Changing my answer to D, they are Detecting fraud by checking cleared cheques. I believe that is the more correct answer.