Certified Information Systems Auditor (CISA) — Question 274

In an environment that automatically reports all program changes, which of the following is the MOST efficient way to detect unauthorized changes to production programs?

Answer options

• A. Periodically running and reviewing test data against production programs
• B. Verifying user management approval of modifications
• C. Reviewing the last compile date of production programs
• D. Manually comparing code in production programs to controlled copies

Correct answer: C

Explanation

The correct answer is C because reviewing the last compile date allows for a quick identification of any unexpected changes since the last approved version. Options A, B, and D are less efficient as they either require more time to execute or depend on additional processes that do not directly indicate unauthorized changes.