An IS auditor finds that the process for removing access for terminated employees is not documented. What is the MOST significant risk from this observation?
A. Procedures may not align with best practices.
B. HR records may not match system access.
C. Unauthorized access cannot be identified.
D. Access rights may not be removed in a timely manner.
A. Procedures may not align with best practices.
B. HR records may not match system access.
C. Unauthorized access cannot be identified.
D. Access rights may not be removed in a timely manner.