Area I: Information Systems — CPA Practice Question 05

How to approach this question

Recognize the SoD conflict (Dev vs Prod) and select the standard audit recommendation for emergency access (Firecall/Emergency ID).

Full Answer

C.Identify this as a Segregation of Duties (SoD) deficiency and recommend a separate 'Emergency ID' with monitoring.✓ Correct

Allowing developers standing access to migrate code to production is a critical Segregation of Duties (SoD) failure. The standard solution for emergencies is a 'Firecall' or 'Emergency' ID that is checked out, monitored, and reviewed immediately after use.

Common mistakes

Accepting the client's explanation of 'business necessity' without requiring a compensating control.

How to approach this question

Full Answer

Common mistakes

Practice the full CPA ISC Practice Exam 3

More questions from this exam