CPA · Question 02 · Area I: Information Systems
During a walkthrough of a client's change management process, the auditor notes that developers have write access to the production environment to facilitate quick hotfixes. The client argues that a code review tool logs all changes. Which of the following represents the MOST significant risk associated with this configuration?
Answer options:
The code review tool may not be compatible with the production server version.
Unauthorized or untested code could be deployed directly to production, bypassing established controls.
Developers might accidentally delete the transaction logs required for recovery.
The production environment performance will degrade due to development activities.
82 questions · hints · full answers · grading
Expert