Reduce Risk in Promoting Changes to Production for Critical Financial Application

A.

The BEST control to reduce the risk associated with changes to production for a critical financial application is option A, implementing a change management code review.

Explanation:

A change management code review is a process that involves a review of the code changes made to an application before they are promoted to production. This process ensures that the changes are consistent with the business requirements, adhere to coding standards, and do not introduce any security vulnerabilities or defects that could impact the application's functionality. This control helps to reduce the risk of errors or issues in production that could impact the integrity of financial transactions.

Option B, implementing a peer review process, is also a good control. A peer review process involves a review of the code changes by another member of the development team. While this can help to identify errors and ensure consistency, it may not be as effective as a change management code review in detecting security vulnerabilities or ensuring compliance with coding standards.

Option C, performing periodic audits, is not as effective as the other options in reducing the risk associated with changes to production for a critical financial application. Audits may be useful for identifying process improvements or compliance issues, but they do not directly address the risk associated with code changes.

Option D, submitting change logs to the business manager for review, is not an effective control because it does not provide a detailed review of the code changes. It only provides a record of the changes made, which may not be sufficient to identify potential risks or issues.

In summary, the best control to reduce the risk associated with changes to production for a critical financial application is implementing a change management code review.