An IS auditor is reviewing a client’s outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
An IS auditor is reviewing a client’s outsourced payroll system to assess whether the financial audit team can rely on the application. Which of the following findings would be the auditor's GREATEST concern?
User access rights are critical for maintaining the confidentiality, integrity, and availability of sensitive payroll data. If these access rights are not periodically reviewed, there is a significant risk that unauthorized individuals may gain or retain access to critical information, potentially leading to data breaches, fraud, or errors in the payroll system. This directly impacts the reliability of the payroll system for financial auditing purposes, making it the most concerning finding.
I vote for D., but seem to be pretty much alone in this view. The usual AI chatbot's here have different answers, but none say. D. Anyway, I'm sticking with D. The way I've understood ISACA thinking so far from many other ISACA questions is that for third-party contracts, having a contract reviewed by a Legal Department or Lawyer is paramount. At least in the questions from the official ISACA learning material, I was always right with this understanding. So I stick with D.
Sorry , It must be C
User access rights are crucial for maintaining the confidentiality, integrity, and availability of payroll data. Without periodic reviews, there's a higher risk of unauthorized access, which could lead to data breaches, fraud, or errors in financial records. This finding indicates a potential weakness in security controls, raising significant concerns about data protection and the accuracy of financial audits relying on the payroll system.
B. User access rights have not been periodically reviewed by the client Periodic review of user access rights is crucial for maintaining security and ensuring that only authorized individuals have access to sensitive data. If these reviews are not being conducted, there could be users with inappropriate access, which poses a significant risk to data integrity and confidentiality.
Fue to its direct impact on the ability to rely on the outsourced payroll system for the financial audit, a non-compliant third-party contract is the greatest concern for the IS auditor. So, the answer will be C