What is an important focus for an IS auditor when reviewing the log of program changes during an application maintenance audit?

An essential aspect for an IS auditor during an application maintenance audit is the authorization of program changes. Ensuring that all program changes have been formally authorized is crucial for maintaining system integrity and security. Authorization verifies that appropriate personnel reviewed and approved changes before implementation, which helps prevent unauthorized modifications that could lead to vulnerabilities, errors, or security breaches.

Focusing on authorization not only complies with organizational policies and regulatory requirements but also ensures that there is accountability for changes made to the application. This practice supports an effective change management process, which is fundamental for protecting the application environment and maintaining stakeholder trust.

While other choices may provide valuable information related to the program changes, they do not directly address the core issue of governance and control over those changes. For instance, knowing the creation date of an object or source program, or the number of changes, might help understand the application's history but does not confirm that the changes were appropriately approved or conducted. The emphasis on authorization reflects the necessity for rigorous controls in the auditing process to ensure an organization's resources remain secure and reliable.