A payroll manager discovers that fields in certain payroll reports have been modified without authorization. This indicates that there is a risk of unauthorized access, use, disclosure, modification, or destruction of sensitive data, such as employee information, payroll records, tax returns, etc.
A control weakness that could have contributed most to this problem is that the programmer had access to the production programs. This means that the programmer could potentially alter the source code or configuration of the payroll software without proper authorization or approval.
The other options are not control weaknesses that could have contributed most to this problem. They are either irrelevant or less likely to cause unauthorized changes in the payroll software.
The references for this answer are:
Risk IT Framework, page 12
Information Technology & Security, page 6
Risk Scenarios Starter Pack, page 4
Submit