Certified Chief Information Security Officer (CCISO) — Question 115

Which of the following tests is performed by an Information Systems (IS) auditor when a sample of programs is selected to determine if the source and object versions are the same?

Answer options

• A. A substantive test of program library controls
• B. A compliance test of the program compiler controls
• C. A compliance test of program library controls
• D. A substantive test of the program compiler controls

Correct answer: C

Explanation

The correct answer is C because a compliance test of program library controls specifically checks whether the source and object code are consistent. Options A and D refer to substantive tests, which focus on the accuracy of outputs rather than compliance with controls. Option B addresses compiler controls, which is not relevant to comparing source and object code.