Examice

Exam IIA-CIA-Part2 All QuestionsBrowse all questions from this exam

Question 78

During a systems development audit, software developers indicated that all programs were moved from the development environment to the production environment and then tested in the production environment. What should the auditor recommend?

I. Implement a test environment to ensure that testing is not performed in the production environment.

II. Require developers to move modified programs from the development environment to the test environment and from the test environment to the production environment.

III. Eliminate access by developers to the production environment.

I only

III only

I and II only

I and III only

Correct Answer: C

It is important to implement a test environment to prevent testing from being conducted in the production environment. This ensures that any issues are caught before they can impact the live system. Additionally, requiring developers to transition modified programs from the development environment to the test environment, and then from the test environment to the production environment, establishes a proper segregation of duties and reduces the risk of errors or unauthorized changes impacting the production environment. This controlled process helps maintain system integrity and reliability.

Discussion

asdfghjk2020Option: B

Developers should never have direct access to the production environment. From an audit perspective this is a big no-no as this poses fraud risks. Also if one developer makes a mistake he can take down your critical systems which could have a high impact on your business.

KonradKOption: C

Why Developers should not have access to Production?! Can someone explain this crazy IIA rationale. I think I and II is more imporant as to have a transition of app/system from dev to test and then from test to production environment.

asdfghjk2020