Which of the following responsibilities of an organization's quality assurance (QA) function should raise concern for an IS auditor?
Which of the following responsibilities of an organization's quality assurance (QA) function should raise concern for an IS auditor?
The responsibility of implementing solutions to correct defects should raise concern for an IS auditor. This function typically belongs to the development or maintenance teams. If the QA team is tasked with both identifying defects and correcting them, it can compromise the independence and objectivity of the QA process. This situation can lead to a conflict of interest and violates the important internal control principle of segregated duties, which helps prevent errors and fraud.
This responsibility may raise concerns because it overlaps with the responsibilities typically assigned to the development or maintenance teams rather than the QA function. If the QA team is responsible for both identifying defects and implementing solutions to correct them, it could compromise the independence and objectivity of the QA process. It may indicate a lack of segregation of duties, which is an important internal control principle to prevent errors or fraud.
This responsibility of the QA function may raise concern for the IS auditor if the updates are not consistent with the organization's policies or if there is a lack of adequate testing of the new methodology. This may result in poor system performance, system vulnerabilities, or other potential risks. Therefore, the IS auditor may need to review the updated methodology and ensure that it aligns with the organization's policies and procedures
An IS auditor should raise concern if the organization's QA function is responsible for implementing solutions to correct defects (option B), as it may impact the objectivity, independence, and effectiveness of the QA process in ensuring the quality and reliability of software and systems.
B is right