Certified Information Systems Auditor (CISA) Question:
Which of the following is the GREATEST risk of an inadequate policy definition for ownership of data and systems?
Answer:
1. User management coordination does not exist.
2. Specific user accountability cannot be established.
3. Unauthorized users may have access to originate, modify or delete data.
4. Audit recommendations may not be implemented.
Answer: C
2. Specific user accountability cannot be established.
3. Unauthorized users may have access to originate, modify or delete data.
4. Audit recommendations may not be implemented.
Answer: C
| Previous Question | Next Question |
| The PRIMARY advantage of a continuous audit approach is that it: | IT control objectives are useful to IS auditors, as they provide the basis for understanding the: |