CISA Certified Information Systems Auditor – Question2967 - CISA Certified Information Systems Auditor

When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:

A. recommend that the database be normalized.
B. review the conceptual data model.
C. review the stored procedures.
D. review the justification.

Correct Answer: D

Explanation:

Explanation:
If the database is not normalized, the IS auditor should review the justification since, in some situations, denormalization is recommended for performance reasons. The IS auditor should not recommend normalizing the database until further investigation takes place. Reviewing the conceptual data model or the stored procedures will not provide information about normalization.