Free ISACA CISA Actual Exam Questions - Question 10 Discussion
conversion and migration during the implementation of a newapplication system?
A/C? Not having a formal change management process (A) means any fixes or tweaks during conversion might not be properly tracked or approved, which could cause bigger issues down the line. Unauthorized data changes (C) are obviously bad, but if there’s no documented process, it’s hard to know how those errors got in or how they’ll be fixed. So the lack of formal change control feels like a more systemic problem that impacts everything else.
Option D seems biggest risk to me because manual conversions are super error-prone and can mess up data on a large scale, especially if there’s no solid backup or audit trail to catch mistakes early.
B/D? No online backups (B) worries me since if something goes wrong during conversion, recovery’s tough. Manual conversion (D) ups error risk, but without backups, you can’t restore if errors happen.
C/D? Unauthorized data changes (C) definitely threaten integrity, but if the conversion was manual (D), that itself could cause lots of errors or omissions. Manual steps usually increase risk of mistakes slipping through, especially without automated checks. So while unauthorized changes are serious, the manual process might be the root cause of those errors and should raise a big red flag too. Without solid controls on the manual conversion, bad data can easily get introduced or missed altogether.
Another angle could be to focus on the documentation and controls side. If the change management process (A) isn’t formally documented, that might mean there’s no clear tracking or approval of changes, which can lead to bigger issues down the line. Even if unauthorized modifications (C) are a concern, without proper change management, it’s hard to guarantee the whole conversion was handled correctly. Wouldn’t a lack of documented controls be a bigger systemic risk than just isolated data changes?
C imo, unauthorized data changes directly threaten data integrity, which is crucial for accurate reporting. Manual processes (D) are risky, but without evidence of errors, they’re less urgent.
C/D? Both seem pretty serious, but unauthorized data changes (C) feel like a bigger red flag since they could mess with data integrity. Manual processes (D) are risky too, but might not be as critical if controls are in place. Definitely wouldn’t ignore C.