An IS auditor finds out-of-range data in some tables of a database. Which of the following controls
should the IS auditor recommend to avoid this situation?

A.
Log all table update transactions.

B.
implement before-and-after image reporting.

C.
Use tracing and tagging.

D.
implement integrity constraints in the database.

Explanation:

Implementing integrity constraints in the database is a preventive control, because data is checked
against predefined tables or rules preventing any undefined data from being entered. Logging all
table update transactions and implementing before-and-after image reporting are detective
controls that would not avoid the situation. Tracing and tagging are used to test application
systems and controls and could not prevent out-of-range data.