Isaca Certified Information Systems Auditor CISA Question # 396 Topic 40 Discussion
CISA Exam Topic 40 Question 396 Discussion:
Question #: 396
Topic #: 40
During a review of system access, an IS auditor notes that an employee who has recently changed roles within the organization still has previous access rights. The auditor ' s NEXT step should be to:
A.
recommend a control to automatically update access rights.
B.
determine the reason why access rights have not been revoked.
C.
direct management to revoke current access rights.
D.
determine if access rights are in violation of software licenses.
The NEXT step for the IS auditor after noting that an employee who has recently changed roles within the organization still has previous access rights should be to B. determine the reason why access rights have not been revoked. Identifying the cause of this situation is crucial for understanding whether it’s due to oversight, process gaps, or other factors. Once the reason is determined, appropriate corrective actions can be recommended to ensure that access rights are aligned with the employee’s current role and responsibilities1.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit