CISA Certified Information Systems Auditor – Question2054

An IS auditor is reviewing documentation of application systems change control and identifies several patches that were not tested before being put into production. Which of the following is the MOST significant risk from this situation?

A.
Developer access to production
B. Lack of system integrity
C. Outdated system documentation
D. Loss of application support

Correct Answer: D