What is the primary risk of not having segregation of duties for change requests?

The primary risk of not having segregation of duties for change requests is the potential for unauthorized changes. When one individual has the ability to both initiate and approve changes within a system without any oversight or independent review, it creates a significant vulnerability. This lack of oversight increases the likelihood that unauthorized modifications can be made, either intentionally or unintentionally, leading to changes that could compromise system integrity, security, and data accuracy.

Segregation of duties is a key control within change management processes that helps to ensure that no single individual has full control over a transaction. By requiring different individuals to manage distinct parts of the change process—such as requesting, reviewing, and approving changes—organizations create checks and balances that help prevent fraudulent activity or errors that could occur without independent verification.

The other choices highlight potential issues but do not capture the primary risk as effectively. Although increased processing time, higher operational costs, and difficulty in tracking changes can certainly occur due to inadequate controls, the direct risk to the security and functionality of the system from unauthorized changes is a more fundamental concern that can lead to serious adverse outcomes.