PdfPrep.com

Which of the following would an IS auditor use to determine if unauthorized modifications were made to production programs?

Which of the following would an IS auditor use to determine if unauthorized modifications were made to production programs?
A . System log analysis
B . Compliance testing
C . Forensic analysis
D . Analytical review

Answer: B

Explanation:

Determining that only authorized modifications are made to production programs would require the change management process be reviewed to evaluate the existence of a trail of documentary evidence. Compliance testing would help to verify that the change management process has been applied consistently. It is unlikely that the system log analysis would provide information about the modification of programs. Forensic analysis is a specialized technique for criminal investigation. An analytical review assesses the general control environment of an organization.

Exit mobile version