Which role is NOT included in the segregation of duties within an IT system?

The role that is not included in the segregation of duties within an IT system is internal auditors. Segregation of duties is a key control objective in ensuring that no single individual has control over all aspects of any financial transaction or process, which helps to prevent errors and fraud.

In an IT environment, segregation of duties typically involves dividing responsibilities among different roles to maintain checks and balances. For instance, programmers develop and implement software and applications, while librarians manage and control access to the software and data libraries. The control group is responsible for overseeing these processes to ensure that appropriate standards and policies are followed.

Internal auditors, on the other hand, are generally responsible for evaluating the effectiveness of the internal control system and compliance with applicable standards rather than participating in day-to-day operational tasks. Their role is more focused on providing an independent assessment and oversight, which means they don't fit into the segregation of duties framework that is primarily concerned with operational roles. This distinction clarifies why internal auditors are not considered a role involved in the segregation of duties within an IT system.