Skip to Content

ISACA CISA: Evaluate IS Auditor’s Next Step After Production Incident

By: Author Alex Lim

Posted on

Categories Exam

Discover the crucial next step an IS auditor should take after identifying a defect causing incorrect customer charges in a teller transaction system. Prepare for your CISA certification exam with our expert guidance.

Table of Contents

Question

An IS auditor noted a recent production incident in which a teller transaction system incorrectly charged fees to customers due to a defect from a recent release. Which of the following should be the auditor’s NEXT step?

A. Evaluate developer training.
B. Evaluate secure code practices.
C. Evaluate the incident management process.
D. Evaluate the change management process.

Answer

D. Evaluate the change management process.

Explanation

The IS auditor’s next step should be to evaluate the change management process (Option D).

A production incident resulting in incorrect charges to customers due to a defect from a recent release indicates potential issues with the organization’s change management process. Change management ensures that changes to systems and applications are properly planned, tested, approved, and implemented to minimize the risk of introducing defects or disruptions to production environments.

By evaluating the change management process, the auditor can assess whether:

  1. Proper testing was conducted before the release to identify and resolve defects
  2. Adequate approval processes were followed for the release
  3. Rollback plans were in place to quickly revert changes if issues arose
  4. Post-implementation monitoring was performed to detect any adverse impacts

Identifying weaknesses in the change management process will help the organization improve its practices to prevent similar incidents in the future. While developer training, secure code practices, and incident management are important, the immediate priority should be to address the root cause of the production incident, which is likely related to inadequate change management.

ISACA Certified Information Systems Auditor (CISA) certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISACA CISA exam and earn ISACA CISA certification.