CISA Certified Information Systems Auditor – Question1149

Malicious program code was found in an application and corrected prior to release into production. After the release, the same issue was reported. Which of the following is the IS auditor’s BEST recommendation?

A.
Ensure the business signs off on end-to-end user acceptance test results.
B. Ensure corrected program code is compiled in a dedicated server.
C. Ensure change management reports are independently reviewed.
D. Ensure programmers cannot access code after the completion of program edits.

Correct Answer: B