An IS auditor is asked to review a large organization’s change management process. Which of the following practices presents the GREATEST risk?
A. Emergency code changes are promoted without user acceptance testing.
B. A system administrator performs code migration on planned downtime.
C. Change management tickets do not contain specific documentation.
D. Transaction data changes can be made by a senior developer.
A. Emergency code changes are promoted without user acceptance testing.
B. A system administrator performs code migration on planned downtime.
C. Change management tickets do not contain specific documentation.
D. Transaction data changes can be made by a senior developer.