CISA Certified Information Systems Auditor – Question2904
During a postimplementation review of an enterprise resource management system, an IS auditor would MOST likely: A. review access control configuration B. evaluate interface testing. C. review detailed design documentation. D. evaluate system testing.
Correct Answer: A
Explanation:
Explanation:
Reviewing access control configuration would be the first task performed to determine whether security has been appropriately mapped in the system. Since a postimplementation review is done after user acceptance testing and actual implementation, one would not engage in interface testing or detailed design documentation. Evaluating interface testing would be part of the implementation process. The issue of reviewing detailed design documentation is not generally relevant to an enterprise resource management system, since these are usually vendor packages with user manuals. System testing should be performed before final user signoff.
Please disable your adblocker or whitelist this site!