Certified Information Systems Auditor Practice Exam 2025 - Free CISA Practice Questions and Study Guide

Question: 1 / 400

What is the most reliable evidence for auditing employee access to a financial system?

Testimonies from employees

A list of accounts with access levels generated by the systems

The most reliable evidence for auditing employee access to a financial system is access logs from the system. This is because access logs provide a chronological record of all access attempts to the system, including successful and failed logins, which can be critical for tracking who accessed the system, when, and what actions were taken during each session.

Access logs are an inherent part of the system's security functionality and are usually tamper-evident, making them a trustworthy source for verifying actual access and activity against the permissions that have been documented. This quantifiable and objective data allows auditors to effectively ensure that access rights align with the established security policies and control measures.

In contrast, testimonies from employees can be subjective and potentially influenced by personal biases or inaccuracies in memory. A list of accounts with access levels generated by the systems is useful but does not show actual access or usage patterns, which is critical for understanding potential security breaches or excessive access privileges. Manual verification of access rights may also be subject to human error and is often less reliable than automated logging mechanisms. Therefore, access logs provide the most robust evidence for auditing purposes.

Get further explanation with Examzify DeepDiveBeta

Access logs from the system

Manual verification of access rights

Next Question

Report this question

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy