An IS auditor attempting to determine whether access to program documentation is restricted to authorized persons would MOST likely:
A. evaluate the record retention plans for off-premises storage.
B. interview programmers about the procedures currently being followed.
C. compare utilization records to operations schedules.
D. review data file access records to test the librarian function.
Explanation:
Asking programmers about the procedures currently being followed is useful in determining whether access to program documentation is restricted to authorized persons. Evaluating the record retention plans for off-premises storage tests the recovery procedures, not the
access control over program documentation. Testing utilization records or data files will not address access security over program documentation.