# CISA — Question 427

**Type:** multiple_choice
**Topics:** topic_1

## Question

Which of the following should be the GREATEST concern for an IS auditor performing a post-implementation review for a major system upgrade?

## Correct Answer

_See scenario._

## Explanation

Selected Answer: D
The correct answer is D, Change approvals are not formally documented.

When performing a post-implementation review for a major system upgrade, the greatest concern for an IS auditor should be whether change approvals are formally documented. This is because formal documentation of change approvals is an important control measure that helps to ensure that changes to systems and applications are authorized and properly controlled. If change approvals are not formally documented, there is a risk that unauthorized changes may be made to the system, which could compromise the system's integrity and security.

**Reference:** examtopics_top_comment

---
Source: https://hiexam.net/q/isaca/CISA/427  
Practice (tracked): https://hiexam.net/study/CISA/practice