During an audit of a financial application, it was determined that many terminated users' accounts were not disabled. Which of the following should be the IS auditor's NEXT step?
During an audit of a financial application, it was determined that many terminated users' accounts were not disabled. Which of the following should be the IS auditor's NEXT step?
The immediate step an IS auditor should take upon discovering that terminated users' accounts were not disabled is to perform a review of these accounts' activity. This review helps to identify if any unauthorized or potentially malicious activities have taken place with these accounts. As the accounts are still active, understanding their recent activity is crucial to assess any security breaches or misuse before taking any further actions or making conclusions about IT general controls.
D please. When compliance is violated, substantive testing is next for transaction related items. Already you're doing a review.
agree with A. check whether there is unauthorized activity first
I THINK A FIRST THEN D.. SO A
A. Perform a review of terminated users' account activity.
A. Performing Substantive testing of terminated users' access rights wont be the action since question already says that accounts were not disabled. That means they might have some sort of access. Performing review of account activity in 1st place would definitely provide with the clear picture.
If an IS auditor discovers that many terminated users' accounts have not been disabled, the next step should be to review the account activity of those terminated users. This helps to determine if there has been any unauthorized access or fraudulent activities carried out using these accounts. Perform substantive testing of terminated users' access rights: This step may be useful in understanding the extent of the problem, but the immediate concern is to review the account activity to determine if there has been any unauthorized access or fraudulent activities using the terminated users' accounts.
as the question is about terminated users , i would go with D.
A is one of the activities of substantive testing. I would go for D as it will include A in it. Correct ans is D.
Which is more important? C that helps enhance awareness of the owner or A investigate further to detect malicious activity? I will go with A. C comes next.
Communicating the identified risks to the application owner is crucial for raising awareness and initiating corrective actions. The application owner needs to understand the potential security implications of not disabling terminated users' accounts, including unauthorized access to sensitive financial data and increased risk of security breaches. Once the risks are communicated, the application owner can take appropriate measures, such as disabling unused accounts and implementing better account management practices. After this step, performing a review of terminated users' account activity (option A) might be necessary to assess any potential unauthorized access or suspicious activities associated with those accounts.
Q: During an audit of a financial application, it was determined that the users' accounts were not disabled. Answer: C
should communicate this finding to app owner so appropriate control can tale place to mitigate the risk. then, substantial testing can proceed if needed.
D. should test whether the terminated employee could access the system first.
C - is the answer ! Even after checking , if nothing is found the risk continues to exist. So this should be communicated as a first step
Correct. C is the answer. it is the next step. A can follow C