A database administrator (DBA) should not perform duties that compromise segregation of duties (SoD). A conflict arises when a DBA has both design and security responsibilities, as this creates a risk of unauthorized changes, fraud, or data breaches.
(A) Designing and maintaining the database.
Incorrect: These tasks are related but do not create a major conflict, as maintenance follows the design phase.
(B) Preparing input data and maintaining the database.
Incorrect: While data preparation is typically a business function, maintaining the database does not create a direct security risk.
(C) Maintaining the database and providing its security.
Incorrect: Maintenance involves technical upkeep, and while security controls are crucial, they do not inherently conflict.
(D) Designing the database and providing its security. (Correct Answer)
A DBA responsible for both design and security could create backdoors or override security settings, leading to potential data manipulation or fraud.
IIA Standard 2120 – Risk Management requires proper control segregation to prevent fraud and security risks.
IIA GTAG 4 – Management of IT Auditing recommends separation of design, security, and administration functions to minimize risks.
IIA Standard 2120 – Risk Management: Encourages proper separation of duties to mitigate risks.
IIA GTAG 4 – Management of IT Auditing: Recommends strict control over database access and security roles.
Analysis of Each Option:IIA References Supporting the Answer:Thus, the correct answer is (D) because combining database design and security responsibilities creates a significant conflict of interest, increasing security risks.
