A regulatory audit of an IT department has identified discrepancies between processes described in the procedures and what is actually done by system administrators.
The discrepancies were caused by recent IT application changes.
Which of the following would be the BEST way to prevent the recurrence of similar findings in the future?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The BEST way to prevent the recurrence of similar findings in the future would be to assign the responsibility for periodic revisions and changes to process owners (option B).
Explanation: When an IT department undergoes a regulatory audit, it is important to identify the root cause of the discrepancies between the documented procedures and actual practices. In this case, the discrepancies were caused by recent IT application changes, which suggests that the changes were not properly communicated or documented. To prevent similar findings in the future, the organization needs to implement a framework that ensures that changes to IT applications are properly communicated and documented.
Option A suggests including the update of documentation within the change management framework. While this is a good practice, it does not directly address the root cause of the discrepancies identified in the regulatory audit. Additionally, the change management framework may not be sufficient to address discrepancies caused by changes to IT applications.
Option C suggests requiring each IT employee to confirm compliance with IT procedures on an annual basis. This is also a good practice, but it does not directly address the root cause of the discrepancies identified in the regulatory audit. Additionally, annual confirmation may not be sufficient to prevent discrepancies caused by changes to IT applications.
Option D suggests establishing high-level procedures to minimize process changes. While this is also a good practice, it does not directly address the root cause of the discrepancies identified in the regulatory audit. Additionally, high-level procedures may not be sufficient to prevent discrepancies caused by changes to IT applications.
Option B, assigning the responsibility for periodic revisions and changes to process owners, is the BEST way to prevent the recurrence of similar findings in the future. This approach ensures that there is a clear owner for each IT process, and that this owner is responsible for ensuring that changes to the process are properly communicated and documented. This helps to prevent discrepancies caused by changes to IT applications.