ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISA All Questions

View all questions & answers for the CISA exam
Go to Exam

Exam CISA topic 1 question 202 discussion

Actual exam question from Isaca's CISA
Question #: 202
Topic #: 1
[All CISA Questions]

An organization has implemented a quarterly job schedule to update database tables so prices are adjusted in line with a price index. These changes do not go through the regular change management process. Which of the following is the MOST important control to have in place?

  • A. An overarching approval is obtained from the change advisory board.
  • B. User acceptance testing (UAT) is performed after the production run.
  • C. Each production run is approved by an authorized individual.
  • D. Exception reports are generated to identify anomalies.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Changwha at July 16, 2023, 2:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Greens
3 days, 1 hour ago
Selected Answer: D
Since these quarterly price update jobs are not going through the regular change management process, continuous monitoring is crucial to detect any unexpected or erroneous changes resulting from the scheduled job. Exception reports will highlight anomalies or irregularities in the updated prices, enabling timely investigation and correction. This control provides a safety net that compensates for the lack of formal change management for these automated updates. Why not the others? A. An overarching approval from the change advisory board This would be ideal, but the question states the updates are outside the regular change management process. B. User acceptance testing (UAT) after production run UAT is generally performed before production deployment, and after-the-fact UAT is inefficient and may not catch issues timely. C. Each production run is approved by an authorized individual Approving a scheduled automated run may not be practical or effective without checking results post-run.
upvoted 1 times
...
1Naa
6 months ago
Selected Answer: C
This ensures accountability and oversight, mitigating the risk of unauthorized or incorrect updates that could adversely affect the system or its data.
upvoted 1 times
...
Swallows
8 months, 1 week ago
Selected Answer: A
Approval control that does not go through the normal change management process should be responsibility of the CAB.
upvoted 1 times
...
Yejide03
9 months, 1 week ago
Based on best practices and ISACA standards, the MOST important control to have in place in this scenario would be: A. An overarching approval is obtained from the change advisory board. Implementing an overarching approval process from the change advisory board ensures that changes, even if they are scheduled and recurring, are reviewed and approved by appropriate stakeholders. This helps maintain accountability, oversight, and alignment with organizational policies and objectives. While other controls such as user acceptance testing (option B), individual approvals (option C), and exception reporting (option D) are valuable, obtaining approval from the change advisory board ensures a comprehensive review and oversight of the changes, mitigating risks associated with unmanaged modifications to critical database tables.
upvoted 4 times
...
echo_cert
9 months, 1 week ago
Selected Answer: C
Implies 4 eyes principle
upvoted 1 times
...
Changwha
1 year, 5 months ago
C. Each production run is approved by an authorized individual.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel