Certified Information Systems Auditor (CISA) — Question 1097

A post-implementation audit has been completed for the deployment of a sophisticated job scheduling tool. Which of the following observations would be of GREATEST concern?

Answer options

• A. The IT team customized tool settings without seeking approval from the provider.
• B. The overall project took longer to complete than planned.
• C. The data encryption setting is not enabled in the scheduling tool.
• D. The IT team accesses the scheduler admin panel via a generic account.

Correct answer: D

Explanation

Using a generic account to access the scheduler admin panel is a significant security risk, as it can lead to unauthorized access and lack of accountability. The other options, while concerning, do not pose as immediate a threat to security and operational integrity as the use of a shared account does.