CISA Certified Information Systems Auditor – Question0443

In the IT department where segregation of duties is not feasible due to a limited number of resources, a team member is performing the functions of computer operator and reviewer of application logs. Which of the following would be the IS auditor’s BEST recommendation?

A.
Develop procedures to verify that the application logs are not modified.
B. Prevent the operator from performing application development activities.
C. Assign an independent second reviewer to verify the application logs.
D. Restrict the computer operator’s access to the production environment.

Correct Answer: A