Certified Information Systems Auditor (CISA) — Question 662

Which of the following findings should be of GREATEST concern to an IS auditor performing a review of IT operations?

Answer options

• A. The job scheduler application has not been designed to display pop-up error messages.
• B. Access to the job scheduler application has not been restricted to a maximum of two staff members.
• C. Changes to the job scheduler application's parameters are not approved and reviewed by an operations supervisor.
• D. Operations shift turnover logs are not utilized to coordinate and control the processing environment.

Correct answer: C

Explanation

The correct answer is C because unapproved changes to critical applications can lead to errors and security risks. Options A and B, while concerning, do not pose as immediate a risk to operations as lack of oversight on parameter changes. Option D is also important but does not directly impact the integrity and security of the application as much as option C does.