Certified Information Systems Auditor (CISA) — Question 517

In an IT organization where many responsibilities are shared, which of the following is the BEST control for detecting unauthorized data changes?

Answer options

• A. Users are required to periodically rotate responsibilities.
• B. Segregation of duties conflicts are periodically reviewed.
• C. Data changes are logged in an outside application.
• D. Data changes are independently reviewed by another group.

Correct answer: D

Explanation

The correct answer is D because having another group independently review data changes ensures an unbiased assessment, which can effectively detect unauthorized modifications. Option A does not directly address data changes; B focuses on conflict review rather than detection; and C, while logging changes, does not ensure an independent review which is crucial for identifying unauthorized alterations.