An employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?
A.
Automated logging of changes to development libraries should be instituted.
B.
Procedures should be established to ensure that program changes are identified and approved.
C.
Additional staff should be recruited to provide separation of duties.
D.
Access control should prevent the operator from making program modifications.
B. Procedures should be established to ensure that program changes are identified and approved.
In this scenario, the IS auditor should recommend establishing procedures to identify and approve program changes. This is important for maintaining control and accountability over program modifications, ensuring that they are made in a controlled and authorized manner. Automated logging (Option A) and access controls (Option D) can be part of these procedures, but it's crucial to have clear processes for identifying and approving changes as well. Hiring additional staff (Option C) for separation of duties might not be necessary if proper procedures and controls are in place.
The IS auditor should recommend establishing procedures to ensure that program changes are identified and approved. This recommendation aligns with the principle of segregation of duties and proper change management controls.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SuperMax
Highly Voted 6 months, 3 weeks agoFAGFUR
Most Recent 5 months, 1 week ago