What is the fundamental concept behind the rule of least access? Explain why this is a potential problem in an ERP environment.
What will be an ideal response?
Access privileges (permissions) should be granted on a need-to-know basis only. Nevertheless, ERP users tend to accumulate unneeded permissions over time. This is often due to two problems: (1) Managers fail to exercise adequate care in assigning permissions as part of their role granting authority. Since, managers are not always experts in internal controls, they may not recognize when excessive permissions are awarded to an individual. (2) Managers tend to be better at issuing privileges than removing them. As a result, an individual may retain unneeded access privileges from a previous job assignment that creates a segregation of duties violation when combined with a newly assigned role.
You might also like to view...
In recent years, the position of press secretary has increasingly been awarded to ________
A) lobbyists B) career journalists C) career political public relations people D) former public relations agency directors
When surveyed, the majority of employees give their organizations high marks on which one of the following?
A. Credibility D. Downward communication B. Manageability E. Upward communication C. Use of the grapevine
Briefly explain Porter's five forces model.
What will be an ideal response?
Which of the following is true of profits in the maturity stage of the product life cycle?
A. They are negative. B. They are rapidly rising. C. They are low. D. They peak or are declining. E. They are slowing rising.