ExpertMedium1 markMultiple Choice
CPA · Question 19 · Area I: Information Systems
An auditor observes that a developer has 'write' access to the production environment to fix urgent bugs. The developer also writes the code in the development environment. What is the primary risk?
An auditor observes that a developer has 'write' access to the production environment to fix urgent bugs. The developer also writes the code in the development environment. What is the primary risk?
Answer options:
A.
The developer might delete the development environment.
B.
Unauthorized or untested code could be deployed to production.
C.
The production server will run slower.
D.
The developer cannot access the staging environment.
How to approach this question
Identify the Segregation of Duties conflict.
Full Answer
B.Unauthorized or untested code could be deployed to production.✓ Correct
Unauthorized or untested code could be deployed to production.
Developers should not have write access to production. This segregation ensures that code is reviewed and tested by a separate party before deployment, preventing fraud or errors.
Common mistakes
Thinking 'emergency fixes' justify permanent access.
Practice the full CPA ISC Practice Exam 5
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...HardQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy