An IS auditor performing a review of the IS department
discovers that formal project approval procedures do not
exist. In the absence of these procedures the IS manager has
been arbitrarily approving projects that can be completed in
a short duration and referring other more complicated
projects to higher levels of management for approval. The IS
auditor should recommend as a FIRST course of action that:
A. users participate in the review and approval process.
B. formal approval procedures be adopted and documented.
C. projects be referred to appropriate levels of management
for approval.
D. the IS manager's job description be changed to include
approval authority.
Answer Posted / guest
Answer: B
It is imperative that formal written approval procedures be
established to set accountability. This is true of both the
IS manager and higher levels of management. Choices A, C and
D would be subsequent recommendations once authority has
been established.
Is This Answer Correct ? | 7 Yes | 0 No |
Post New Answer View All Answers