When reviewing system parameters, an IS auditor’s PRIMARY concern should be that:
A.
they are set to meet security and performance requirements.
B.
changes are recorded in an audit trail and periodically reviewed.
C.
changes are authorized and supported by appropriate documents.
D.
access to parameters in the system is restricted.
Explanation:
The primary concern is to find the balance between security and performance. Recording changes in
an audit trail and periodically reviewing them is a detective control; however, if parameters are not
set according to business rules, monitoring of changes may not be an effective control. Reviewing
changes to ensure they are supported by appropriate documents is also a detective control, if
parameters are set incorrectly, the related documentation and the fact that these are authorized
does not reduce the impact. Restriction of access to parameters ensures that only authorized staff
can access the parameters; however, if the parameters are set incorrectly, restricting access will still
have an adverse impact.