ExpertMedium1 markMultiple Choice
CPA · Question 11 · Area I: Information Systems
Which of the following scenarios represents a violation of the 'Segregation of Duties' principle in the context of IT change management?
Which of the following scenarios represents a violation of the 'Segregation of Duties' principle in the context of IT change management?
Answer options:
A.
The QA team performs both unit testing and regression testing.
B.
The database administrator (DBA) performs backups and restores.
C.
The programmer who wrote the code also migrates it to the production environment.
D.
The system administrator creates user accounts and resets passwords.
How to approach this question
Look for the combination of 'Development' (writing code) and 'Operations' (deploying to production).
Full Answer
C.The programmer who wrote the code also migrates it to the production environment.✓ Correct
C
Allowing programmers to migrate their own code to production removes the independent check required to prevent unauthorized or untested code from entering the live system.
Common mistakes
Thinking QA doing multiple tests is a conflict.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard