CISA Certified Information Systems Auditor – Question0130

An auditor is creating an audit program in which the objective is to establish the adequacy of personal data privacy controls in a payroll process. Which of the following would be MOST important to include?

A.
Approval of data changes
B. Audit logging of administrative user activity
C. Segregation of duties controls
D. User access provisioning

Correct Answer: A