PrepAway - Latest Free Exam Questions & Answers

The IS auditor’s PRIMARY concern should be that:

An organization has been recently downsized, in light of this, an IS auditor decides to test logical

access controls. The IS auditor’s PRIMARY concern should be that:

PrepAway - Latest Free Exam Questions & Answers

A.
all system access is authorized and appropriate for an individual’s role and responsibilities.

B.
management has authorized appropriate access for all newly-hired individuals.

C.
only the system administrator has authority to grant or modify access to individuals.

D.
access authorization forms are used to grant or modify access to individuals.

Explanation:

The downsizing of an organization implies a large number of personnel actions over a relatively
short period of time. Employees can be assigned new duties while retaining some or all of their
former duties. Numerous employees may be laid off. The auditor should be concerned that an
appropriate segregation of duties is maintained, that access is limited to what is required for an
employee’s role and responsibilities, and that access is revoked for those that are no longer
employed by the organization. Choices B, C and D are all potential concerns of an IS auditor, but
in light of the particular risks associated with a downsizing, should not be the primary concern.


Leave a Reply