An IS auditor noted a recent production incident in which a teller transaction system incorrectly charged fees to customers due to a defect from a recent release. Which of the following should be the auditor's NEXT step?
An IS auditor noted a recent production incident in which a teller transaction system incorrectly charged fees to customers due to a defect from a recent release. Which of the following should be the auditor's NEXT step?
The IS auditor's next step should be to evaluate the change management process. This step is crucial because the defect that caused the incorrect charging of fees was introduced during a recent release. By evaluating the change management process, the auditor can determine how the release with the defect was approved and identify any weaknesses in the testing and approval procedures. This evaluation can help prevent similar incidents in the future by ensuring that changes are properly reviewed and tested before being deployed to production.
C is perfect
D for me. The auditor should review the change mgmt process to determine how this release was approved. It is likely that testing procedures were insufficient
Answer: C evaluating the incident management process, is typically the more immediate and pressing concern following a production incident.