ExpertHard1 markMultiple Choice
CPA · Question 07 · Area I: Information Systems
A developer at a software company has access to write code in the development environment and also has administrative access to promote that code directly to the production environment. Which specific IT general control (ITGC) principle is violated?
A developer at a software company has access to write code in the development environment and also has administrative access to promote that code directly to the production environment. Which specific IT general control (ITGC) principle is violated?
Answer options:
A.
Logical Access Security
B.
Segregation of Duties (SoD) within Change Management
C.
Backup and Recovery
D.
Physical Security
How to approach this question
Identify the conflict. Writing code + Deploying code = Risk of fraud/error. This is a classic SoD conflict.
Full Answer
B.Segregation of Duties (SoD) within Change Management✓ Correct
Segregation of Duties (SoD) within Change Management
Segregation of Duties requires that the person who develops/modifies the code is different from the person who migrates it to production. This prevents a developer from pushing malicious or broken code without oversight.
Common mistakes
Thinking this is just 'Access Security'. It is specifically an SoD issue within the Change Management domain.
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard