Isaca Certified Information Systems Auditor CISA Question # 67 Topic 7 Discussion
CISA Exam Topic 7 Question 67 Discussion:
Question #: 67
Topic #: 7
An IS auditor noted a recent production incident in which a teller transaction system incorrectly charged fees to customers due to a defect from a recent release. Which of the following should be the auditor ' s NEXT step?
The change management process is the set of procedures and activities that ensure that changes to the information system are authorized, tested, documented, and implemented in a controlled manner12. A defect in a recent release indicates that there may be issues with the quality assurance, testing, or approval of the changes, which could affect the reliability, security, and performance of the system3 . Therefore, the auditor’s next step should be to evaluate the change management process and identify the root cause of the defect, as well as the impact and remediation of the incident.
References
1: Change Management - CISA
2: What is Change Management? - Definition from Techopedia
3: How to Audit Change Management - ISACA Journal
The Business Case for Security | CISA
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit