Certified Information Systems Auditor (CISA) — Question 652

Which of the following is a corrective control?

Answer options

• A. Verifying duplicate calculations in data processing
• B. Separating equipment development, testing, and production
• C. Executing emergency response plans
• D. Reviewing user access rights for segregation of duties

Correct answer: C

Explanation

The correct answer is C, as executing emergency response plans is a corrective control aimed at addressing and managing incidents after they occur. The other options relate to preventive and detective controls rather than corrective measures, focusing on avoiding problems or identifying issues rather than rectifying them post-factum.