Certified Information Systems Auditor (CISA) — Question 700

A company requires that all program change requests (PCRs) be approved and all modifications be automatically logged. Which of the following IS audit procedures will BEST determine whether unauthorized changes have been made to production programs?

Answer options

• A. Use source code comparison software to determine whether any changes have been made to a sample of programs since the last audit date.
• B. Review a sample of PCRs for proper approval throughout the program change process.
• C. Trace a sample of complete PCR forms to the log of all program changes.
• D. Trace a sample of program changes from the log to completed PCR forms.

Correct answer: A

Explanation

Option A is correct because using source code comparison software directly identifies unauthorized changes in production programs since the last audit. The other options focus on the approval and logging process rather than directly detecting unauthorized changes to the code itself, making them less effective for this purpose.