Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 247

Which of the following is the most appropriate action an internal auditor would perform during an audit of his organization's IT change management process?

Answer options

• A. Validate that only authorized personnel can migrate changes into the production environment.
• B. Perform a risk assessment to determine the likelihood that risk could occur due to insufficient patch application.
• C. Publish a schedule that lists all approved changes and planned implementation dates.
• D. Update change management processes on a consistent basis to keep up with changing technologies.

Correct answer: A

Explanation

The correct answer is A because it focuses on ensuring that only authorized personnel can make changes, which is crucial for maintaining security and integrity in the production environment. Options B, C, and D, while important, do not directly address the immediate controls necessary to safeguard the environment during the change management process.