An IS auditor is assigned to help design the data security
aspects of an application under development. Which of the
following provides the MOST reasonable assurance that
corporate assets are protected when the application is
certified for production?
A. A review conducted by the internal auditor
B. A review conducted by the assigned IS auditor
C. Specifications by the user on the depth and content of
the review
D. An independent review conducted by another equally
experienced IS auditor
Answer Posted / guest
Answer: D
If the IS auditor assigned to the development process
actually contributes to the design of the system, then true
independence has been compromised. Therefore, to insure an
independent review of the system, a different IS auditor
should review the system prior to production or within a
reasonable time frame after implementation.
Is This Answer Correct ? | 8 Yes | 1 No |
Post New Answer View All Answers