A database administrator (DBA) should not perform duties that compromise segregation of duties (SoD). A conflict arises when a DBA has both design and security responsibilities, as this creates a risk of unauthorized changes, fraud, or data breaches.

(A) Designing and maintaining the database.

Incorrect: These tasks are related but do not create a major conflict, as maintenance follows the design phase.

(B) Preparing input data and maintaining the database.

Incorrect: While data preparation is typically a business function, maintaining the database does not create a direct security risk.

(C) Maintaining the database and providing its security.

Incorrect: Maintenance involves technical upkeep, and while security controls are crucial, they do not inherently conflict.

(D) Designing the database and providing its security. (Correct Answer)

A DBA responsible for both design and security could create backdoors or override security settings, leading to potential data manipulation or fraud.

IIA Standard 2120 – Risk Management requires proper control segregation to prevent fraud and security risks.

IIA GTAG 4 – Management of IT Auditing recommends separation of design, security, and administration functions to minimize risks.

IIA Standard 2120 – Risk Management: Encourages proper separation of duties to mitigate risks.

IIA GTAG 4 – Management of IT Auditing: Recommends strict control over database access and security roles.

Analysis of Each Option:IIA References Supporting the Answer:Thus, the correct answer is (D) because combining database design and security responsibilities creates a significant conflict of interest, increasing security risks.