Your business has just established a new data processing centre. In a conversation with one of the company directors over lunch one day, you get onto the topic of controls and the design of controls for the new data centre. The director proadly boasts, We have the most hi-tech biometric controls in place. No unauthorised access to the centre is possible. The programmers are able to get on with their day-to-day duties of developing programs and managing the organisations data resources. You are slightly concerned by this statement and immediately think back to appropriate controls for implementation in the information systems environment one of which is segregation of duties.

(a)What are the faults in the directors statement?

(b)Can the organisation rely on biometric controls alone?

(c)How can separation of duties be applied in the information systems area?

(d)What are the critical functions that should be separated?

(e)What are the risks in this case, if these functions are not separated?