CISA Certified Information Systems Auditor – Question2984

Which of the following tests performed by an IS auditor would be the MOST effective in determining compliance with an organization's change control procedures?

A.
Review software migration records and verify approvals.
B. identify changes that have occurred and verify approvals.
C. Review change control documentation and verify approvals.
D. Ensure that only appropriate staff can migrate changes into production.

Correct Answer: B

Explanation:

Explanation:
The most effective method is to determine through code comparisons what changes have been made and then verify that they have been approved. Change control records and software migration records may not have all changes listed. Ensuring that only appropriate staff can migrate changes into production is a key control process, but in itself does not verify compliance.