CGEIT Question #288: Real Exam Question with Answer & Explanation

The correct answer is A: Enforce change control procedures.. Lack of documentation for application updates indicates a failure in proper change management, which is best addressed by enforcing robust change control procedures.

Submitted by the_admin· Apr 18, 2026Governance of Enterprise IT

Question

Which of the following is the BEST way to address an IT audit finding that many enterprise application updates lack appropriate documentation?

Options

AEnforce change control procedures.
BConduct software quality audits
CReview the application development life cycle.
DAdd change control to the risk register.

Explanation

Lack of documentation for application updates indicates a failure in proper change management, which is best addressed by enforcing robust change control procedures.

Common mistakes.

B. Software quality audits focus on the functionality and performance of the software itself, not primarily on the administrative documentation of updates.
C. Reviewing the application development life cycle is a broader initiative; the immediate and specific problem of missing update documentation is best fixed by tightening change control.
D. Adding change control to the risk register acknowledges the risk but does not implement the control necessary to resolve the current audit finding.

Concept tested. Addressing audit findings, change control

Reference. https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/govern/operational-compliance/change-management

Topics

#IT Audit Remediation#Change Management#Documentation Control

Community Discussion

No community discussion yet for this question.

Full CGEIT Practice Browse All CGEIT Questions