An IS auditor evaluating the change management process must select a sample from the change log. What is the BEST way for the auditor to confirm the change log is complete?
An IS auditor evaluating the change management process must select a sample from the change log. What is the BEST way for the auditor to confirm the change log is complete?
B is the right answer
Here, the auditor identifies the most recent change made in the system and checks whether it is recorded in the change log. If the last change is present, it indicates that the log is being updated in a timely manner, suggesting that the change management process is capturing changes as they occur. While this doesn’t prove that every single change throughout the log’s history is recorded—since earlier entries could still have omissions—it provides a practical starting point. Confirming the latest change is logged offers some evidence that the process is functioning and current, which is a stronger indicator of completeness than reliance on statements alone.
This should be C, B just checks the most recent change whereas option C allows the auditor to check any changes giving a better sample selection into the change log.
the ISACA answer will always be B. their Q&A always has questions on this and all right answers are based on "from the system to the logs"
B. Take the last change from the system and trace it back to the log. This method ensures that the change log accurately reflects all changes made in the system. By tracing the last change from the system back to the log, the auditor can verify that the log is capturing all changes as they occur. C. Take an item from the log and trace it back to the system: This approach confirms that specific logged changes are valid but does not ensure that all changes are logged.