Which of the following findings should be of GREATEST concern to an IS auditor assessing the risk associated with end-user computing (EUC) in an organization?
Which of the following findings should be of GREATEST concern to an IS auditor assessing the risk associated with end-user computing (EUC) in an organization?
Insufficient processes to track ownership of each EUC application should be of the greatest concern. Without clearly defined ownership, there is a significant risk of mismanagement, lack of accountability, and potential non-compliance with regulations. This issue can lead to difficulties in tracking who is responsible for maintaining, updating, and ensuring the security of each application. Ownership is key to effective risk management, as it ensures there are designated individuals or teams accountable for the proper functioning and oversight of EUC applications.
A. Lack of defined criteria for EUC applications mean no policies, procedures, processes, organization criteria
A is correct.
A. Lack of defined criteria for EUC applications
I think answer C is the most correct one, as the other options are already characteristics of the EUC
Lack of tracking of ownership leads to unclear accountability and increased risk management and compliance issues. While lack of clear standards is important, poor tracking of ownership is a particularly serious risk.
lacks of control is more important to my point of view than critiria .
but it looks like insuffcient . hmm. hard to tell