What function performed by a database administrator is most concerning to an IS auditor?

The concern regarding the function performed by a database administrator primarily revolves around the potential security and compliance risks associated with installing patches or upgrades to the operating system. While this task is crucial for maintaining the security posture and ensuring the stability of systems, it carries with it significant risks if not properly managed.

An IS auditor’s primary role is to assess risks related to information systems and ensure that controls are in place to mitigate those risks. When a database administrator takes on the responsibility of installing operating system patches, it can lead to various concerns, such as the introduction of vulnerabilities if the process is not followed meticulously or if the patches themselves are flawed. Moreover, if the changes are made without thorough testing or without following established change management protocols, it can lead to system outages or data integrity issues, affecting not just the database but potentially other integrated systems as well.

In contrast, performing database changes according to change management procedures, sizing table space, consulting on table join limitations, and executing backup and recovery procedures are all functions that should typically have established processes and controls in place that limit undue risk. These functions can often be audited more easily, and they are usually managed through documented policies that include checks and balances to ensure compliance and reduce risk. Thus, while all functions performed