Certified Information Systems Auditor Practice Exam

Inadequate change management can lead to unauthorized changes within an organization's systems. This occurs when changes are made outside of established protocols, often bypassing necessary approvals, testing, and documentation requirements. Consequently, these unregulated changes can introduce vulnerabilities into the system, potentially leading to security breaches, data loss, or system failure. By not managing changes properly, organizations may inadvertently expose themselves to risks that can be exploited by malicious actors, which underscores the importance of having a robust change management process in place to maintain system integrity and security.

The other options do not accurately represent the direct outcomes of poor change management. While excessive documentation and increased operational costs may be associated with overly stringent change management practices, they do not highlight the immediate security risk posed by unauthorized changes. Improved user productivity is not a potential risk associated with inadequate change management; rather, it would be a potential benefit of well-managed change processes.