CISA Certified Information Systems Auditor – Question1426

An IS auditor conducting an access control review in a client-server environment discovers that all printing options are accessible by all users. In this situation, the IS auditor is MOST likely to conclude that:

A.
exposure is greater, since information is available to unauthorized users.
B. operating efficiency is enhanced, since anyone can print any report at any time.
C. operating procedures are more effective, since information is easily available.
D. user friendliness and flexibility is facilitated, since there is a smooth flow of information among users.

Correct Answer: A

Explanation:

Explanation:
Information in all its forms needs to be protected from unauthorized access. Unrestricted access to the report option results in an exposure. Efficiency and effectiveness are not relevant factors in this situation. Greater control over reports will not be accomplished since reports need not be in a printed form only. Information could be transmitted outside as electronic files, because print options allow for printing in an electronic form as well.