CISA Certified Information Systems Auditor – Question2969

An IS auditor finds that client requests were processed multiple times when received from different independent departmental databases, which are synchronized weekly. What would be the BEST recommendation?

A.
increase the frequency for data replication between the different department systems to ensure timely updates.
B. Centralize all request processing in one department to avoid parallel processing of the same request.
C. Change the application architecture so that common data is held in just one shared database for all departments.
D. implement reconciliation controls to detect duplicates before orders are processed in the systems.

Correct Answer: C

Explanation:

Explanation:
Keeping the data in one place is the best way to ensure that data are stored without redundancy and that all users have the same data on their systems. Although increasing the frequency may help to minimize the problem, the risk of duplication cannot be eliminated completely because parallel data entry is still possible. Business requirements will most likely dictate where data processing activities are performed. Changing the business structure to solve an IT problem is not practical or politically feasible.
Detective controls do not solve the problem of duplicate processing, and would require that an additional process be implemented to handle the discovered duplicates.