An internal auditor is reviewing physical and environmental controls for an IT organization. Which control activity should not be part of this review?
An internal auditor is reviewing physical and environmental controls for an IT organization. Which control activity should not be part of this review?
An internal auditor reviewing physical and environmental controls for an IT organization should focus on activities like disaster recovery planning, fire detection and suppression, and restricting access to tangible IT resources. Ensuring that at least one developer has access to both systems and operations pertains to segregation of duties and operational controls, not physical or environmental controls. Therefore, it should not be part of this review.
When did Internal auditors “install” anything?
auditors are not installing but controlling the installations. but you are right the question is asked too badly.
The test is focusing on physical and environmental controls and D is not
pls explain.
D, this is a segregation of duty concept
Organizational control also