In an audit of an issuer, the auditor is testing the design effectiveness of User Access Controls within the IT environment. Which of the following observations would represent the MOST significant deficiency in design?

Answer options:

Passwords are required to be changed every 90 days.

Developers have access to migrate changes directly into the production environment.

Access requests for new employees are approved by the HR department.

The system automatically logs off users after 30 minutes of inactivity.

How to approach this question

Identify IT General Controls (ITGC) principles. Segregation of Duties: Development vs. Production access is critical.

Full Answer

B.Developers have access to migrate changes directly into the production environment.✓ Correct

Developers have access to migrate changes directly into the production environment.

Segregation of duties in IT requires separating the development/modification of programs from the authority to put them into production. If developers can move code to production, they can bypass testing and approval controls.

Common mistakes

Underestimating the risk of developer access to production.

Question 18 All questions Question 20

Practice the full CPA AUD Practice Exam 4

78 questions · hints · full answers · grading

More questions from this exam

Q01A CPA firm is performing an audit of a nonissuer, TechInnovate Inc. The engagement partner's spou...Hard Q02An auditor is performing an audit of an issuer, Global Corp, in accordance with PCAOB standards. ...Hard Q03A CPA is performing an audit of a county government entity that receives federal financial assist...Hard Q04During the audit of an employee benefit plan subject to ERISA, the auditor discovers that the pla...Hard Q05An auditor is evaluating the 'integrity' principle of the AICPA Code of Professional Conduct. Whi...Medium

View all 78 questions →