Certified Information Systems Auditor (CISA) — Question 519

In a small IT web development company where developers must have write access to production, the BEST recommendation of an IS auditor would be to:

Answer options

• A. perform a user access review for the development team.
• B. hire another person to perform migration to production.
• C. implement continuous monitoring controls.
• D. remove production access from the developers.

Correct answer: C

Explanation

The correct answer is C, as implementing continuous monitoring controls helps ensure that any changes made to production are tracked and can be audited, reducing risks. Option A is useful but does not address the ongoing access issue. Option B introduces additional personnel costs without solving the access problem. Option D would hinder developers' ability to work effectively, potentially slowing down production deployments.