An auditor is creating an audit program in which the objective is to establish the adequacy of personal data privacy controls in a payroll process. Which of the following would be MOST important to include?
A. Approval of data changes
B. Audit logging of administrative user activity
C. Segregation of duties controls
D. User access provisioning
A. Approval of data changes
B. Audit logging of administrative user activity
C. Segregation of duties controls
D. User access provisioning