Hello, im an auditor for global copany risks. One of the things that we look for is sepperation of functions. shortly said, you don't want the same person creating your bill's and be able to pay them (because he presents a serious security risk for commiting fraud.)
Now what to do with an Domain Administrator (IT department), he has access to all systems because of his job. Is theire some way to eliminate that risk?