An IS auditor attempting to determine whether access to program documentation is restricted to
authorized persons would MOST likely:
A.
evaluate the record retention plans for off-premises storage.
B.
interview programmers about the procedures currently being followed.
C.
compare utilization records to operations schedules.
D.
review data file access records to test the librarian function.
Explanation:
Asking programmers about the procedures currently being followed is useful in determining
whether access to program documentation is restricted to authorized persons. Evaluating the
record retention plans for off-premises storage tests the recovery procedures, not the
access control over program documentation. Testing utilization records or data files will not address
access security over program documentation.