Which audit procedure is best for detecting unauthorized changes to production code?

The most effective audit procedure for detecting unauthorized changes to production code is to examine the object code to find changes and trace them back to change control records. This approach is comprehensive because it involves directly reviewing the compiled code that is running in production environments. By comparing the current object code against the documented changes in the change control records, auditors can identify discrepancies that may indicate unauthorized modifications.

This method ensures that changes made to the production code are thoroughly tracked and verified against the official change management processes. It also helps in establishing accountability for any alterations, as the audit can reveal whether there were any records or approvals associated with the changes found in the object code.

In contrast, merely examining the change control system records without linking them to the object code does not effectively verify whether changes were properly implemented. Reviewing access control permissions in production libraries, while important for security, does not directly detect unauthorized changes since valid changes can also be made by authorized users. Similarly, reviewing change approval designations focuses on the approval process but does not address whether the code itself matches the documented changes. Therefore, tracing object code changes back to change control records provides the clearest and most actionable insight into potential unauthorized modifications.