CISA Certified Information Systems Auditor – Question2549

An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely:

A.
evaluate the record retention plans for off-premises storage.
B. interview programmers about the procedures currently being followed.
C. compare utilization records to operations schedules.
D. review data file access records to test the librarian function.

Correct Answer: B

Explanation:

Explanation:
Asking programmers about the procedures currently being followed is useful in determining whether access to program documentation is restricted to authorized persons. Evaluating the record retention plans for off-premises storage tests the recovery procedures, not the access control over program documentation. Testing utilization records or data files will not address access security over program documentation.