Certified Information Systems Auditor (CISA) — Question 690

Which of the following is the BEST way to mitigate the risk associated with unintentional modifications of complex calculations in end-user computing (EUC)?

Answer options

• A. Have an independent party review the source calculations.
• B. Verify EUC results through manual calculations.
• C. Execute copies of EUC programs out of a secure library.
• D. Implement complex password controls.

Correct answer: C

Explanation

The best approach to mitigate risks in EUC is to execute copies of EUC programs from a secure library, as this ensures that only approved and unaltered versions are used. While having an independent review or verifying results manually can help, they do not prevent modifications. Implementing complex password controls does not directly address the issue of unintentional changes in calculations.