CISA Certified Information Systems Auditor – Question1349

An audit report notes that terminated employees have been retaining their access rights after their departure. Which of the following strategies would BEST ensure that obsolete access rights are identified in a timely manner?

A.
Delete user IDs at a predetermined date after their creation.
B. Automatically delete user IDs after they are unused for a predetermined time.
C. Implement an automated interface with the organization’s human resources system.
D. Require local supervisors to initiate connection.

Correct Answer: C