An IS auditor is providing input to an RFP to acquire a financial application system. Which of the following is MOST important for the auditor to recommend?
正解: B
This is because audit trails are records of system activity and user actions that can provide evidence of the validity and integrity of transactions and data in a financial application system. Audit trails can help to ensure compliance with laws, regulations, policies, and standards, as well as to detect and prevent fraud, errors, or misuse of information. Audit trails can also facilitate auditing, monitoring, and evaluation of the financial application system's performance and controls1.
The application should meet the organization's requirements (A) is not the best answer, because it is a general and obvious criterion that applies to any application system acquisition, not a specific and important recommendation for a financial application system. The organization's requirementsshould be clearly defined and documented in the RFP, but they may not necessarily include audit trails as a design feature.
Potential suppliers should have experience in the relevant area © is not the best answer, because it is a factor that affects the selection of the supplier, not the design of the financial application system. The experience and reputation of potential suppliers should be evaluated and verified during the RFP process, but they may not guarantee that the supplier will include audit trails in the design.
ベンダー従業員の身元調査を定期的に実施する(D)は、ベンダーのセキュリティと信頼性に影響を与える措置であり、財務アプリケーションシステムの設計には影響しないため、最適な回答ではありません。ベンダー従業員の身元調査は、ベンダー管理およびデューデリジェンスプロセスの一環として実施されるべきですが、ベンダーが設計に監査証跡を含めることを保証するものではありません。