Control totals are a method of verifying the accuracy and completeness of data processing by comparing the totals of key fields in input and output records1. Control totals can be used to reduce the risk of incomplete processing, which is the failure to process all the data or transactions that are expected or required2.
Incomplete processing can result in data loss, inconsistency, or incompleteness, which can affect the quality and reliability of the information system and its outputs. Incomplete processing can be caused by various factors, such as:
Hardware or software failures that interrupt the processing or transmission of data2 Human errors or omissions that skip or miss some data or transactions2 Malicious attacks or unauthorized access that delete or modify some data or transactions2 Environmental hazards or disasters that damage or destroy some data or transactions2 Control totals can help detect and prevent incomplete processing by:
Providing a benchmark or reference point to compare the input and output data or transactions1 Identifying any discrepancies or deviations from the expected or required totals1 Alerting the users or operators to investigate and resolve the causes of incomplete processing1 Ensuring that all the data or transactions are properly transmitted, converted, and processed1 The other options are not as relevant as control totals for reducing the risk of incomplete processing. Posting to the wrong record is the error of assigning or transferring data or transactions to an incorrect account, file, or record3. Improper backup is the failure to create, store, or restore copies of data or transactions in case of loss, corruption, or damage4. Improper authorization is the lack of proper permission or approval to access, modify, or process data or transactions. Control totals may not be able to prevent or detect these errors or failures, as they are not related to the completeness of data processing. Therefore, option B is the correct answer.
References:
control totals - Barrons Dictionary - AllBusiness.com
What is control total amount? - Sage Advice US
Posting Error Definition
Backup Definition
[Authorization Definition]

he design of an incident management process should include prioritization criteria to ensure that incidents are handled according to their impact and urgency. Without prioritization criteria, the organization may not be able to allocate resources effectively and respond to incidents in a timely manner. Expected time to resolve incidents, service management standards, and metrics reporting are important aspects of incident management, but they are not as critical as prioritization criteria for the design of the process. References:
ISACA Journal Article: Incident Management: A Practical Approach

Implementing solutions to correct defects is a responsibility of the development function, not the quality assurance (QA) function. The QA function should ensure that the development process follows the established standards and methodologies, and that the defects are identified and reported. The QA function should not be involved in fixing the defects, as this would compromise its independence and objectivity. The other options are valid responsibilities of the QA function, and they should not raise concern for an IS auditor. References: CISA Review Manual (Digital Version) 1, page 300.