December 16, 2021 by Admin
An IS auditor reviewing a financial organization’s identity management solution found that some critical business applications do not have identified owners. Which of the following should the auditor do NEXT?
- Request a business risk acceptance.
- Discuss the issue with the auditee.
- Write a finding in the audit report.
- Revoke access rights to the critical applications.