During an audit of a financial application, it was determined that many terminated users’ accounts were not disabled. Which of the following should be the IS auditor’s NEXT step?
A. Perform a review of terminated users’ account activity.
B. Conclude that IT general controls are ineffective.
C. Communicate risks to the application owner.
D. Perform substantive testing of terminated users’ access rights.
A. Perform a review of terminated users’ account activity.
B. Conclude that IT general controls are ineffective.
C. Communicate risks to the application owner.
D. Perform substantive testing of terminated users’ access rights.