Certified Information Systems Auditor (CISA) — Question 787

A programmer has made unauthorized changes to key fields in a payroll system report. Which of the following control weaknesses would have contributed MOST to this problem?

Answer options

• A. The programmer has access to the production programs.
• B. The user requirements were not documented.
• C. Payroll files were not under the control of a librarian.
• D. The programmer did not involve the user in testing.

Correct answer: A

Explanation

The correct answer is A because if the programmer has access to production programs, they can make unauthorized changes without oversight. Options B, C, and D relate to documentation and testing processes but do not directly address the issue of access control that allows for such unauthorized modifications.