ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 583 discussion

Actual exam question from Isaca's CISA
Question #: 583
Topic #: 1
[All CISA Questions]

An IS auditor is asked to review a large organization's change management process. Which of the following practices presents the GREATEST risk?

  • A. Transaction data changes can be made by a senior developer.
  • B. Change management tickets do not contain specific documentation.
  • C. A system administrator performs code migration on planned downtime.
  • D. Emergency code changes are promoted without user acceptance testing (UAT).
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by 3008 at May 27, 2023, 7:08 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
RS66
10 months ago
Selected Answer: D
D. Emergency code changes are promoted without user acceptance testing (UAT).
upvoted 1 times
...
Yejide03
1 year, 2 months ago
Selected Answer: A
A. Transaction data changes can be made by a senior developer.
upvoted 1 times
...
SuperMax
1 year, 7 months ago
Selected Answer: B
B. Change management tickets do not contain specific documentation. Change management tickets do not contain specific documentation: While documentation is an important component of change management, the absence of specific documentation in change management tickets is not necessarily a significant risk in and of itself. The risk associated with this practice would depend on the nature of the documentation that is missing, and whether its absence could impact the ability of stakeholders to understand the change and its potential impacts.
upvoted 1 times
SuperMax
1 year, 7 months ago
In conclusion, of the four practices listed, the practice that presents the greatest risk is emergency code changes being promoted without user acceptance testing. This is because the absence of user acceptance testing increases the risk of introducing errors or unintended consequences that could negatively impact the organization.
upvoted 1 times
...
...
BA27
1 year, 7 months ago
A. Transaction data changes can be made by a senior developer.
upvoted 1 times
...
3008
1 year, 11 months ago
Selected Answer: D
Emergency code changes are promoted without user acceptance testing: This practice presents a significant risk because emergency changes are typically made to address critical issues, and there is often pressure to implement them quickly. In such a scenario, it may be tempting to skip some of the steps in the change management process, such as user acceptance testing. However, if changes are implemented without adequate testing, there is a high risk of introducing errors or other unintended consequences that could negatively impact the organization.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago