Which user profile presents the greatest concern for an IS auditor in an electronic funds transfer system?

In an electronic funds transfer system, the user profile that presents the greatest concern for an Information Systems auditor is the one where three users have the ability to capture and verify their own messages. This is because the combination of capturing and verifying their own transactions introduces significant risk of fraud and error.

When users can both create (or capture) messages and verify them, they have the power to manipulate transactions without any checks and balances. This lack of segregation of duties means that there is no independent oversight or review of their actions, which could potentially lead to unauthorized transactions being processed without detection.

Effective internal controls in financial systems typically require separation of roles to prevent any one individual from having complete control over a transaction process. By allowing users to have both capture and verification capabilities, the system is vulnerable to abuse, as these users could initiate fraudulent transactions and verify them to make them appear legitimate.

Other profiles may also pose risks, but they do not combine both capture and verification in a way that completely undermines the control environment. For example, in some profiles, users can only send messages, or they may be able to verify but not capture their own messages, which establish some level of control and checks. In the identified profile, the overlap between capturing and verifying