An IS auditor observes that a large number of departed employees have not been removed from the accounts payable system. Which of the following is MOST important to determine in order to assess the risk?
A.
The ability of departed employees to actually access the system
B.
The frequency of user access reviews performed by management
C.
The process for terminating access of departed employees
D.
The frequency of intrusion attempts associated with the accounts payable
Understanding the process for terminating access is critical to assessing the risk associated with the accounts payable system. This includes procedures for promptly revoking access when an employee departs the organization, ensuring that access removal is consistent, and preventing unauthorized access.
The question asks to assess the risk of the situation, for which IMO A is the best answer. If accounts are effectively not usable any more, the risk is low.
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
FAGFUR
Highly Voted 1 year agostarzuu
Highly Voted 1 year, 3 months agoRS66
Most Recent 3 months, 2 weeks agoSwallows
7 months, 3 weeks agomarc4354345
8 months, 2 weeks ago