Which of the following responsibilities of an organization's quality assurance function should raise concern for an IS auditor?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
As an IS auditor, the responsibility of an organization's quality assurance (QA) function should be of concern if it indicates any potential risk or violation of established policies or procedures related to information systems.
A. Ensuring the test work supports observations: This responsibility of the QA function is considered as an essential and legitimate function. It ensures that the testing work is consistent with the observations and findings. The IS auditor would not raise any concern about this responsibility.
B. Ensuring standards are adhered to within the development process: This responsibility of the QA function is also a legitimate function. It helps in maintaining the quality of the development process, which includes adherence to standards. The IS auditor would not raise any concern about this responsibility.
C. Implementing solutions to correct defects: This responsibility of the QA function is an essential function as it ensures that defects are identified and resolved. This helps in maintaining the quality of the system. The IS auditor would not raise any concern about this responsibility.
D. Updating development methodology: This responsibility of the QA function may raise concern for the IS auditor if the updates are not consistent with the organization's policies or if there is a lack of adequate testing of the new methodology. This may result in poor system performance, system vulnerabilities, or other potential risks. Therefore, the IS auditor may need to review the updated methodology and ensure that it aligns with the organization's policies and procedures.
In conclusion, while all the responsibilities listed are important for the QA function, the updating of development methodology may raise concern for an IS auditor if not done in a way that aligns with the organization's policies and procedures.