Certified Information Systems Auditor (CISA) — Question 1120

Which of the following should an IS auditor do FIRST when determining whether unauthorized changes have been made to production code?

Answer options

• A. Review access control permissions operating within the production program libraries.
• B. Examine the change control system records and trace them forward to object code files.
• C. Review change-approved designations established within the change control system.
• D. Examine object code to find instances of changes and trace them back to change control records.

Correct answer: B

Explanation

The correct answer is B because examining the change control system records provides a clear view of authorized modifications and helps trace them to the object code files. Options A, C, and D are important but come after verifying the change control records, making them secondary to the initial task of determining if unauthorized changes exist.