Which IT controls should be tested at the project level in construction audits?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Study for the Audit of Construction and Real Estate Industry Test. Utilize flashcards and multiple-choice questions with explanations. Prepare effectively for your exam!

Multiple Choice

Which IT controls should be tested at the project level in construction audits?

Explanation:
Testing IT controls at the project level is essential because the systems used in a construction project—such as project management software, ERP, BIM platforms, and scheduling tools—touch critical data on costs, timelines, procurement, and design. Without evaluating these controls, risks like unauthorized access, inappropriate changes, or untracked updates can go unnoticed and undermine project outcomes. A solid project-level IT control review looks at who can access project systems and what they can do (access rights and segregation of duties), how changes to project systems are requested, approved, tested, and deployed (change management), and whether there are periodic reviews of user access to ensure permissions stay appropriate. Password policies and physical security are important components of the overall security environment, but focusing only on them misses broader controls that prevent errors and fraud, such as proper change processes and ongoing access governance. Therefore, IT controls should be tested at the project level to provide assurance on data integrity, security, and governance; claiming that IT controls are not tested would leave significant risk unaddressed.

Testing IT controls at the project level is essential because the systems used in a construction project—such as project management software, ERP, BIM platforms, and scheduling tools—touch critical data on costs, timelines, procurement, and design. Without evaluating these controls, risks like unauthorized access, inappropriate changes, or untracked updates can go unnoticed and undermine project outcomes.

A solid project-level IT control review looks at who can access project systems and what they can do (access rights and segregation of duties), how changes to project systems are requested, approved, tested, and deployed (change management), and whether there are periodic reviews of user access to ensure permissions stay appropriate. Password policies and physical security are important components of the overall security environment, but focusing only on them misses broader controls that prevent errors and fraud, such as proper change processes and ongoing access governance.

Therefore, IT controls should be tested at the project level to provide assurance on data integrity, security, and governance; claiming that IT controls are not tested would leave significant risk unaddressed.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy