Which of the following controls most likely could prevent EDP personnel from modifying programs to bypass programmed controls?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Auditing 100 Exam. Access multiple choice questions, complete with hints and detailed explanations. Enhance your auditing knowledge and increase your chances of success!

Multiple Choice

Which of the following controls most likely could prevent EDP personnel from modifying programs to bypass programmed controls?

Explanation:
Segregation of duties between programming and computer operations is the best preventive control here. When the people who write or modify software are separate from those who run and maintain the production systems, no single individual has the authority to both alter a program and bypass its programmed controls. Changes must go through a formal process—development, testing, approval, and production deployment—often with a change-control board and audit trails. This multi-person, documented workflow creates checks and accountability, making it much harder for someone to slip in a covert modification that defeats controls. Periodic management review of utilization reports and documentation is valuable for detecting unusual activity, but it doesn’t stop the modification from being made in the first place. Involving user department personnel in system design helps with usability and controls design but doesn’t directly prevent an insider from changing code. Physical security of equipment protects hardware from tampering, but once someone has access to the software environment, segregation of duties is what prevents the software itself from being secretly altered to bypass controls.

Segregation of duties between programming and computer operations is the best preventive control here. When the people who write or modify software are separate from those who run and maintain the production systems, no single individual has the authority to both alter a program and bypass its programmed controls. Changes must go through a formal process—development, testing, approval, and production deployment—often with a change-control board and audit trails. This multi-person, documented workflow creates checks and accountability, making it much harder for someone to slip in a covert modification that defeats controls.

Periodic management review of utilization reports and documentation is valuable for detecting unusual activity, but it doesn’t stop the modification from being made in the first place. Involving user department personnel in system design helps with usability and controls design but doesn’t directly prevent an insider from changing code. Physical security of equipment protects hardware from tampering, but once someone has access to the software environment, segregation of duties is what prevents the software itself from being secretly altered to bypass controls.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy