A holding company set up a centralized group technology department, using a local area network with a mainframe computer to process accounting information for all companies within the group. An internal auditor would expect to find all of the following controls within the technology department except:
In a centralized group technology department using a local area network with a mainframe computer to process accounting information, internal auditors would expect to find controls related to segregation of duties, emergency and disaster recovery, and preventing unauthorized changes to data files. However, while documented procedures for remote job entry and local data file retention are important, they may not be as essential in a mainframe environment where remote job entry is less common. Thus, the least expected control in this particular setup would be documented procedures for remote job entry and for local data file retention.
What is the rationale of B? is that because those documents are in remote locations rather than in the technology department?
Key takeaway is that they're using LAN as mainframe which limits access to outside network with exception for BCM. Hence, the organization isn't configured for remote works at least that's for accounting works.