Which of the following IT general controls (ITGC) would be MOST effective in preventing unauthorized program changes from being moved into the production environment?

Answer options:

Review of exception reports of failed login attempts.

Use of complex passwords for all users.

Segregation of duties between developers and production administrators.

Daily backup of data files.

How to approach this question

Focus on 'Change Management' controls. Segregation is key.

Full Answer

C.Segregation of duties between developers and production administrators.✓ Correct

To prevent unauthorized or untested code from entering production, organizations must segregate the duties of 'Development' (writing code) and 'Production Administration' (implementing code). If developers can push code directly to production, they can bypass testing and approval controls.

Common mistakes

Confusing access controls (passwords) with change management controls.

Question 18 All questions Question 20

Practice the full CPA AUD Practice Exam 5

78 questions · hints · full answers · grading

More questions from this exam

Q01A CPA firm is auditing the financial statements of a nonissuer, TechInnovate Inc. The lead engage...Hard Q02During the audit of an issuer, Gamma Corp, the audit firm proposes to provide tax services to the...Hard Q03An auditor is performing a Yellow Book audit (GAO Government Auditing Standards) for a state agen...Hard Q04A CPA is engaged to audit the financial statements of a nonissuer. During the audit, the CPA enco...Hard Q05Before accepting an audit engagement for a new nonissuer client, the successor auditor is require...Hard

View all 78 questions →