An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely:
A . evaluate the record retention plans for off-premises storage.
B . interview programmers about the procedures currently being followed.
C . compare utilization records to operations schedules.
D . review data file access records to test the librarian function.
Answer: B
Explanation:
Asking programmers about the procedures currently being followed is useful in determining whether access to program documentation is restricted to authorized persons. Evaluating the record retention plans for off-premises storage tests the recovery procedures, not the access control over program documentation. Testing utilization records or data files will not address access security over program documentation.
Leave a Reply