Your firm has just expanded its operations and started a new software development centre.

The managing director of new centre is well known in industry, however, he is also bit

conventional when it comes to separation of duties and implementing controls. One day he

was addressing staff in a monthly meeting and outlined that they would only implement

biometric controls as it would deter unauthorised access. Managing director also said that he

was proud that their programmers were competent to develop programming codes and

manage data resources of organisation at the same time. However, as someone who has

worked at another large company in implementing security features and control systems, you

do not agree with his statement especially biometric controls for access and segregation of

duties. Evaluate this situation and read relevant course materials (lecture, tutorial, and book

chapter). Actual questions will be asked during assessment.

Questions:

Managing director's statement had two issues. Reliance on biometric controls alone and segregation of duties.

(a) What are the faults in the director's statement?

(b) Can the organisation rely on biometric controls alone?

(c) How can separation of duties be applied in the information systems area?

(d) What are the critical functions that should be separated?

(e) What are the risks if these functions are not separated?