CISA Certified Information Systems Auditor – Question1935

During an audit, the IS auditor finds that in many cases excessive rights were not removed from a system. Which of the following would be the auditor’s BEST recommendation?

A.
IT security should regularly revoke excessive system rights.
B. System administrators should ensure consistency of assigned rights.
C. Line management should regularly review and request modification of access rights.
D. Human resources should delete access rights of terminated employees.

Correct Answer: D