Certified Information Systems Auditor (CISA) — Question 1354

An employee performs computer operations and, when the situation demands, program modifications. Which of the following should the IS auditor recommend?

Answer options

• A. Automated logging of changes to development libraries should be instituted.
• B. Procedures should be established to ensure that program changes are identified and approved.
• C. Additional staff should be recruited to provide separation of duties.
• D. Access control should prevent the operator from making program modifications.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of having processes to identify and approve program changes to maintain control and integrity. Options A and D focus on logging and access control but do not directly address the need for approval processes. Option C, while important, does not solve the immediate issue of program change management.