Which of the following should be of GREATEST concern to an IS auditor reviewing data conversion and migration during the implementation of a new application system?
Which of the following should be of GREATEST concern to an IS auditor reviewing data conversion and migration during the implementation of a new application system?
The greatest concern for an IS auditor reviewing data conversion and migration during the implementation of a new application system is unauthorized data modifications occurring during conversion. Data integrity is crucial during this process, and unauthorized changes can lead to data corruption, inaccuracies, and potential non-compliance issues. Ensuring that data remains unaltered without proper authorization is essential to maintain the reliability and accuracy of the new system.
Answer should be B
Why is the correct answer A? Is manual processing something to be more concerned than unauthorized changes?
i think its because B is inside of A.
Sorry, B is the correct answer
unauthorised changes are more dangerous than using a manual process
should be B
Should be B
Agree on B, unauthorized modifications
C is the correct answer
B is the answer the same question found in ISACA QAEs
B. Unauthorized data modifications occurred during conversion. The unauthorized data modifications during data conversion and migration pose the greatest concern to an IS auditor. Data integrity is critical during the migration process, and unauthorized modifications can lead to data corruption and may have a significant impact on the accuracy and reliability of the new application system. This is especially important in situations where historical data is being converted, as any unauthorized changes could result in data loss, compliance issues, or incorrect business decisions.
B. Unauthorized data modifications occurred during conversion.
Even if manual process is succetible to errors and changes, option B is the actual materialization of it. A is potencial, B is actual. Let's stop assuming many things and go for the real case.
Makes more sense to be "A", because there are more associated risks, such as unauthorized: 1. Modification of data; 2. Addition of data; and 3. Deletion of data.