The correct answer isDbecause the most important action to reduce the likelihood of internal fraud is toverify the effectiveness of separation of duties. Separation of duties is a core preventive control that reduces the opportunity for fraudulent activity by ensuring no single individual has end-to-end control over critical transactions or processes.
The other options are less effective:
A. Recommend fraud awareness training for staffis useful, but it is not as strong a preventive control as segregation of duties.
B. Communicate legal consequences for internal fraudmay deter misconduct, but it does not directly reduce control weakness.
C. Update the internal fraud risk likelihood in the risk registeris documentation, not risk reduction.
Exact Extracts supporting the answer:
“The PRIMARY reason that an enterprise would establish segregation of duties controls is to prevent errors or fraudulent activity on high-risk transactions.”
“The MOST effective control to prevent segregation of duties violations is implementing role-based access.”
“The control that focuses directly on preventing the risk of collusion is mandatory job rotation.”
“An independent review of audit logs is the best compensating control when a segregation of duties conflict exists in a small IT department.”
These extracts show that preventive control effectiveness, especially segregation of duties, is the strongest way to reduce the likelihood of internal fraud.
