An IS auditor discovers evidence of fraud perpetrated with a managers user ID. The manager had written the password, allocated by the system administrator, inside his/her desk drawer. The IS auditor should conclude that the:
A. A. manager s assistant perpetrated the fraud. B. B. perpetrator cannot be established beyond doubt. C. C. fraud Must have been perpetrated by the manager. D. D. system administrator perpetrated the fraud.
B. perpetrator cannot be established beyond doubt.
The password control weaknesses means that any of the other three options could be true. Password security would normally identify the perpetrator. In this case, it does not establish guilt beyond doubt.