The best course of action for a system administrator who suspects a colleague may be intentionally

weakening a system’s validation controls in order to pass through fraudulent transactions is B. Share

the concern through a whistleblower communication channel1

According to the CRISC Review Manual, a whistleblower communication channel is a mechanism that

allows employees to report suspected fraud or unethical behavior without fear of retaliation or

reprisal. A whistleblower communication channel is part of an effective fraud detection and

prevention framework, and it helps to promote a culture of integrity and accountability within the

organization2

The other options are not as effective or appropriate as sharing the concern through a whistleblower

communication channel, because:

•A. Implementing compensating controls to deter fraud attempts may not address the root cause of

the problem, and it may also create additional complexity and cost for the system. Moreover, it may

not prevent the colleague from finding other ways to bypass the controls or collude with external

parties.

•C. Monitoring the activity to collect evidence may expose the system administrator to legal or

ethical risks, especially if the monitoring is done without proper authorization or due process. Itmay

also delay the reporting and resolution of the issue, and potentially allow more fraudulent

transactions to occur.

•D. Determining whether the system environment has flaws that may motivate fraud attempts may

be useful for understanding the context and the factors that contribute to the fraud risk, but it does

not address the immediate concern of reporting the suspected fraud. It may also imply that the

system administrator is trying to justify or rationalize the colleague’s behavior, rather than holding

them accountable.

1: CRISC Review Questions, Answers & Explanations Database, Question ID: 100002 2: CRISC Review

Manual, 7th Edition, page 224