Home MCQs CISA Question #6841
Back to Questions
CISA QUESTION #6841
Question 1
An IS auditor finds that a critical application processes financial transactions but has no input validation controls—any values can be entered including negative numbers and special characters. What is the MOST significant risk?
  • Data entry errors
  • Data integrity compromise allowing fraudulent or erroneous transactions✔️
  • Slow processing
  • User frustration
Correct Answer Explanation
Lack of input validation in financial systems creates critical data integrity risks. Attackers or users could enter negative values to reverse charges, use special characters for SQL injection, or submit invalid data causing processing errors. This represents both fraud risk and system integrity risk.