In a small organization, where segregation of duties is not
practical, an employee performs the function of computer
operator and application programmer. Which of the following
controls should the IS auditor recommend?
A. Automated logging of changes to development libraries
B. Additional staff to provide segregation of duties
C. Procedures that verify that only approved program changes
are implemented
D. Access controls to prevent the operator from making
program modifications
Answer / guest
Answer: C
In smaller organizations, it generally is not appropriate to
recruit additional staff to achieve a strict segregation of
duties. The IS auditor must look at alternatives. Of the
choices, C is the only practical one that has an impact. The
IS auditor should recommend processes that detect changes to
production source and object code, such as code comparisons
so that the changes can be reviewed by a third party on a
regular basis. This would be a compensating control process.
Choice A, involving logging of changes to development
libraries, would not detect changes to production libraries.
Choice D is in effect requiring a third party to do the
changes, which may not be practical in a small organization.
Is This Answer Correct ? | 8 Yes | 0 No |
Disaster recovery planning addresses the: A. technological aspect of business continuity planning. B. operational piece of business continuity planning. C. functional aspect of business continuity planning. D. overall coordination of business continuity planning.
Reconfiguring which of the following firewall types will prevent inward downloading of files through the file transfer protocol (FTP)? A. Circuit gateway B. Application gateway C. Packet filter D. Screening router
Which of the following would BEST support 24/7 availability? A. Daily backup B. Offsite storage C. Mirroring D. Periodic testing
hello all i want to do cisa certification but dont have knowledge of auditing. i m fresher and ccna certified. so, please advice me how should i prepare .and having cisa certification is it easy to get a job. please reply as soon as possible.
The PRIMARY reason for using digital signatures is to ensure data: A. confidentiality. B. integrity. C. availability. D. timeliness.
Which of the following risks would be increased by the installation of a database system? A. Programming errors B. Data entry errors C. Improper file access D. Loss of parity
Which of the ISO/OSI model layers provides for routing packets between nodes? A. Data link B. Network C. Transport D. Session
A hub is a device that connects: A. two LANs using different protocols. B. a LAN with a WAN. C. a LAN with a metropolitan area network (MAN). D. two segments of a single LAN.
Which of the following would help to ensure the portability of an application connected to a database? The: A. verification of database import and export procedures. B. usage of a structured query language (SQL). C. analysis of stored procedures/triggers. D. synchronization of the entity-relation model with the database physical schema.
Access rules normally are included in which of the following documentation categories? A. Technical reference documentation B. User manuals C. Functional design specifications D. System development methodology documents
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the: A. sender's private key and encrypting the message using the receiver's public key. B. sender's public key and encrypting the message using the receiver's private key. C. the receiver's private key and encrypting the message using the sender's public key. D. the receiver's public key and encrypting the message using the sender's private key.
Which of the following is a dynamic analysis tool for the purpose of testing software modules? A. Blackbox test B. Desk checking C. Structured walk-through D. Design and code