Certified Information Systems Auditor (CISA) — Question 1199

An IS auditor is reviewing documentation from a change that was applied to an application. Which of the following findings would be the GREATEST concern?

Answer options

• A. Testing documentation is approved prior to completion of user acceptance testing (UAT).
• B. Testing documentation does not show manager approval.
• C. Testing documentation is kept in hard copy format.
• D. Testing documentation is dated three weeks before the system implementation date.

Correct answer: A

Explanation

The greatest concern is option A because approving testing documentation before UAT completion can lead to unverified changes being implemented. The other options, while concerning, do not directly impact the validity of the testing process as significantly as premature approval does.