A small not-for-profit organization with limited resources is unable to adequately maintain appropriate segregation of duties. Considering the organization's resource constraints, which type of controls would best mitigate segregation of duty risks?
A small not-for-profit organization with limited resources is unable to adequately maintain appropriate segregation of duties. Considering the organization's resource constraints, which type of controls would best mitigate segregation of duty risks?
For a small not-for-profit organization with limited resources, compensating controls would best mitigate segregation of duty risks. Compensating controls are alternative measures that provide a similar level of security as the primary control that is not feasible to implement due to resource constraints. These controls can include increased management oversight, detailed audit trails, and regular independent reviews, which can help detect and prevent errors or fraud even when duties cannot be adequately segregated.
A compensating control, also called an alternative control, is a mechanism that is put in place to satisfy the requirement for a security measure that is deemed too difficult or impractical to implement at the present time.