Master separation of duties for the CISA exam! Learn how to identify controls that prevent unauthorized code changes during migration.
Table of Contents
Question
Code changes are compiled and placed in a change folder by the developer. An implementation team migrates changes to production from the change folder.
Which of the following BEST indicates separation of duties is in place during the migration process?
A. A second individual performs code review before the change is released to production.
B. The implementation team does not have access to change the source code.
C. The implementation team does not have experience writing code.
D. The developer approves changes prior to moving them to the change folder.
Answer
B. The implementation team does not have access to change the source code.
Explanation
Separating duties ensures individuals don’t have excessive control over a process, mitigating risks like unauthorized modifications or malicious activities. Option B directly addresses this by preventing the implementation team from altering the source code, ensuring they only deploy the reviewed and approved code from the change folder.
Isaca Certified Information Systems Auditor CISA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Systems Auditor CISA exam and earn Isaca Certified Information Systems Auditor CISA certification.