User-Developed Applications (UDAs) are applications, spreadsheets, databases, or tools created and maintained by end-users rather than IT departments. They provide flexibility but also introduce risks related to security, accuracy, and change management.
Why Option B is Correct:
UDAs lack formal change management controls.
Since they are typically not subject to rigorous testing and documentation, modifications may introduce errors.
Updating or correcting a formula, macro, or script in a UDA may have unintended consequences that go unnoticed, leading to data integrity issues.
Why Other Options Are Incorrect:
Option A (UDAs are less flexible and more difficult to configure than traditional IT applications):
Incorrect. UDAs are more flexible and easier to modify compared to traditional IT applications, which undergo strict change controls.
Option C (UDAs typically are subjected to application development and change management controls):
Incorrect. Most UDAs lack formal governance or IT oversight. They are typically developed by business users with little or no structured IT controls.
Option D (Using UDAs typically enhances the organization’s ability to comply with regulatory factors):
Incorrect. UDAs introduce compliance risks due to lack of security, audit trails, and formal change controls.
IIA GTAG – "Auditing User-Developed Applications": Discusses risks and controls related to UDAs.
IIA Practice Advisory 2130-1 (Control Risk Self-Assessment): Highlights the importance of internal controls over UDAs.
COSO Internal Control – Integrated Framework: Recommends applying IT general controls (ITGCs) to UDAs.
IIA References:Thus, the correct answer is B. Updating UDAs may lead to various errors resulting from changes or corrections.
