ExpertHard1 markMultiple Choice
CPA · Question 19 · Area II: Risk Assessment
Which of the following IT general controls (ITGC) would be MOST effective in preventing unauthorized program changes from being moved into the production environment?
Which of the following IT general controls (ITGC) would be MOST effective in preventing unauthorized program changes from being moved into the production environment?
Answer options:
A.
Review of exception reports of failed login attempts.
B.
Use of complex passwords for all users.
C.
Segregation of duties between developers and production administrators.
D.
Daily backup of data files.
How to approach this question
Focus on 'Change Management' controls. Segregation is key.
Full Answer
C.Segregation of duties between developers and production administrators.✓ Correct
Segregation of duties between developers and production administrators.
To prevent unauthorized or untested code from entering production, organizations must segregate the duties of 'Development' (writing code) and 'Production Administration' (implementing code). If developers can push code directly to production, they can bypass testing and approval controls.
Common mistakes
Confusing access controls (passwords) with change management controls.
Practice the full CPA AUD Practice Exam 5
78 questions · hints · full answers · grading
More questions from this exam
Q01A CPA firm is auditing the financial statements of a nonissuer, TechInnovate Inc. The lead engage...HardQ02During the audit of an issuer, Gamma Corp, the audit firm proposes to provide tax services to the...HardQ03An auditor is performing a Yellow Book audit (GAO Government Auditing Standards) for a state agen...HardQ04A CPA is engaged to audit the financial statements of a nonissuer. During the audit, the CPA enco...HardQ05Before accepting an audit engagement for a new nonissuer client, the successor auditor is require...Hard