CISA Certified Information Systems Auditor – Question0379

An IS auditor discovers an option in a database that allows the administrator to directly modify any table. This option is necessary to overcome bugs in the software, but is rarely used. Changes to tables are automatically logged. The IS auditor's FIRST action should be to:

A.
determine whether the log of changes to the tables is backed up.
B. determine whether the audit trail is secured and reviewed.
C. recommend that the option to directly modify the database be removed immediately.
D. recommend that the system require two persons to be involved in modifying the database.

Correct Answer: B