What is the GREATEST concern for an IS auditor reviewing an in-house developed application?

The greatest concern for an IS auditor reviewing an in-house developed application is rooted in the decision-making and approval process related to changes made to the application. When a manager initiates and approves a change request, it raises significant concerns regarding the controls surrounding the change management process.

In-house applications often involve alterations that can significantly impact their functionality, security, and compliance with regulatory standards. The involvement of a manager in both the initiation and approval of change requests suggests a potential for a lack of segregation of duties. This can increase the risk of unauthorized changes being made or changes being inadequately tested before implementation in the production environment.

Ensuring that there is a clear process involving multiple individuals for approvals and testing helps mitigate risks associated with errors or malicious activity. Effective change management relies on robust controls, including independent oversight and validation of changes. Therefore, this concern highlights the importance of adhering to established change control processes to ensure integrity, security, and functionality of the application, making it a critical focus for an IS auditor.

Other options involve aspects of the change process but do not present the same level of risk attributable to the dichotomy of initiation and approval being handled by the same individual. For example, having a user test a change request emphasizes user involvement, while a