An IS auditor has identified that some IT staff have administrative access to the enterprise resource planning (ERP) application, database, and server. IT management has responded that due to limited resources, the same IT staff members have to support all three layers of the ERP application. Which of the following would be the auditor's BEST recommendation to management?
A. Request funding to hire additional IT staff to enable segregation of duties.
B. Leverage business unit personnel to serve as administrators of the application.
C. Monitor activities of the associated IT staff members by reviewing system-generated logs weekly.
D. Remove some of the administrative access of the associated IT staff members.
A. Request funding to hire additional IT staff to enable segregation of duties.
B. Leverage business unit personnel to serve as administrators of the application.
C. Monitor activities of the associated IT staff members by reviewing system-generated logs weekly.
D. Remove some of the administrative access of the associated IT staff members.