What should the IS auditor recommend? In a small organization, an - ProProfs Discuss
Menu
SearchAsk a Question+ Ask Question
Advertisement
  1. Professional Certification
  2. CISA

What should the IS auditor recommend? In a small organization, an employee performs computer operations and, when the situation demands, program modifications.

Asked by Hemangdoshi, Last updated: Mar 24, 2024

+ Answer
Request
Share
Question menu
Vote up Vote down

1 Answer

hemangdoshi999

hemangdoshi

hemangdoshi999
Hemangdoshi

Answered Dec 10, 2018

C. Procedures that verify that only approved program changes are implemented

While it would be preferred that strict separation of duties be adhered to and that additional staff is recruited, as suggested in choice B, this practice is not always possible in small organizations. The IS auditor must look at recommended alternative processes. Of the choices, C is the only practical one that has an impact. The IS auditor should recommend processes that detect changes to production source and object code, such as code comparisons, so the changes can be reviewed on a regular basis by a third party. This would be a compensating control process. Choice A, involving logging of changes to development libraries, would not detect changes to production libraries. Choice D is in effect requiring a third party to do the changes, which may not be practical in a small organization.
upvote downvote
Reply 
Continue Reading

More CISA Questions

Ask Your Own Question
Advertisement
Advertisement
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
CancelLoader
Image Preview
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
CancelLoader
Image Preview
Search for Google images Google Image Icon
Select a recommended image
Upload from your computer Loader
CancelLoader

Email Sent
We have sent an email to your address "" with instructions to reset your password.