Remediating Audit Findings: Best Evidence for Database Password Management Controls

C.

The BEST evidence that management has remediated the audit finding of enhancing password management controls is option C: Change tickets of recent password configuration updates.

Explanation: Option A, Screenshots from end users showing updated password settings, can be easily manipulated, forged or do not provide any proof of implementation. Therefore, it is not considered as the BEST evidence.

Option B, Interviews with management about remediation completion, is not the BEST evidence because it relies solely on management's verbal confirmation of completion and cannot verify if the controls are effectively implemented.

Option D, Observation of updated password settings with database administrators (DBAs), is not the BEST evidence as it requires the auditor to trust the DBAs' confirmation that the controls have been implemented and that they have been implemented effectively. Also, it does not provide proof of the configuration updates being authorized or that they were performed in a controlled manner.

Option C, Change tickets of recent password configuration updates, is the BEST evidence as it provides documented evidence that password management controls have been changed and that the change was authorized, implemented and monitored in a controlled environment. Change tickets usually include details such as the reason for the change, the date and time of the change, the individuals responsible for making the change, the approval of the change, and the verification of the change. The audit team can use the change tickets to verify that the password management controls have been effectively implemented and tested.