Certified Information Systems Auditor (CISA) — Question 1336

An IS auditor observes that each department follows a different approach for creating and securing spreadsheet macros. Which of the following is the auditor's BEST recommendation for management in this situation?

Answer options

• A. Provide end-user training on spreadsheet macro development.
• B. Prohibit further development of end-user computing (EUC) applications by end users.
• C. Implement an end-user computing (EUC) governance framework.
• D. Secure the folders where macro-enabled spreadsheets are stored.

Correct answer: C

Explanation

The best recommendation is to implement an end-user computing (EUC) governance framework, as it provides a structured approach to ensure consistency and security across various departments. While training and securing folders are helpful, they do not address the overarching need for standardized governance. Prohibiting EUC applications altogether would hinder productivity and innovation.