CISA Certified Information Systems Auditor – Question0153

During a review of system access, an IS auditor notes that an employee who has recently changed roles within the organization still has previous access rights. The auditor’s NEXT step should be to:

A.
determine the reason why access rights have not been revoked.
B. recommend a control to automatically update access rights.
C. direct management to revoke current access rights.
D. determine if access rights are in violation of software licenses.

Correct Answer: A