CISA Certified Information Systems Auditor – Question1476

The responsibility for authorizing access to a business application system belongs to the:

A.
data owner.
B. security administrator.
C. IT security manager.
D. requestor's immediate supervisor.

Correct Answer: A

Explanation:

Explanation:
When a business application is developed, the best practice is to assign an information or data owner to the application. The Information owner should be responsible for authorizing access to the application itself or to back-end databases for queries. Choices B and C are not correct because the security administrator and manager normally do not have responsibility for authorizing access to business applications. The requestor’s immediate supervisor may share the responsibility for approving user access to a business application system; however, the final responsibility should go to the information owner.