Certified Information Systems Auditor (CISA) — Question 1379

Which of the following should be of GREATEST concern to an IS auditor reviewing data conversion and migration during the implementation of a new application system?

Answer options

• A. Data conversion was performed using manual processes.
• B. Unauthorized data modifications occurred during conversion.
• C. The change management process was not formally documented.
• D. Backups of the old system and data are not available online.

Correct answer: B

Explanation

The greatest concern for an IS auditor is unauthorized data modifications during conversion, as this can compromise data integrity and security. While manual processes and lack of documentation are important, they do not pose an immediate risk to the data itself like unauthorized modifications do. Additionally, the unavailability of backups is concerning but does not directly affect the integrity of the data being converted.