Certified Information Systems Auditor (CISA) — Question 939

An IS auditor notes that a mortgage origination team receives customer loan applications via a shared repository. Which of the following findings presents the GREATEST privacy risk for this process?

Answer options

• A. Shared repository lacks dual access controls
• B. Customer data is not updated in the origination system
• C. Loan documentation is not purged from the system
• D. Duplicate loan applications are not flagged for attention

Correct answer: A

Explanation

The greatest privacy risk arises from the lack of dual access controls in the shared repository, as this can lead to unauthorized access to sensitive customer information. While the other options present issues, they do not create as immediate a threat to privacy as the potential for multiple individuals gaining unrestricted access to confidential data.