Which of the following would the IS auditor MOST likely review to determine whether modifications to the operating system parameters were authorized?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
To determine whether modifications to the operating system parameters were authorized, the IS auditor would typically review the change control log.
A change control log is a record of all changes that have been made to the system, including changes to operating system parameters. This log should include information about the change, the reason for the change, who authorized the change, and when the change was made.
Reviewing the change control log will allow the auditor to determine whether the modifications to the operating system parameters were authorized. If the change control log shows that the changes were authorized, the auditor can verify that the changes were made in accordance with company policies and procedures. If the change control log does not show that the changes were authorized, the auditor can investigate the matter further to determine whether any unauthorized changes have been made to the system.
The other options are not as directly relevant to determining whether modifications to the operating system parameters were authorized. System initialization logs may provide information about the system configuration at startup, but may not provide information about changes made to the system after startup. Security system parameters may be relevant to system security, but may not provide information about whether modifications to operating system parameters were authorized. Documentation of exit routines may provide information about how certain processes terminate, but may not provide information about changes made to the operating system parameters.
Therefore, the change control log is the most likely option for the IS auditor to review to determine whether modifications to the operating system parameters were authorized.