CISA Certified Information Systems Auditor – Question2606

An IS auditor finds that the process for removing access for terminated employees is not documented. What is the MOST significant risk from this observation?

A.
Procedures may not align with best practices.
B. HR records may not match system access.
C. Unauthorized access cannot be identified.
D. Access rights may not be removed in a timely manner.

Correct Answer: D