An IS auditor reviewing a financial organization’s identity management solution found that some critical business applications do not have identified owners. Which of the following should the auditor do NEXT?

December 16, 2021 by Admin

An IS auditor reviewing a financial organization’s identity management solution found that some critical business applications do not have identified owners. Which of the following should the auditor do NEXT?

  • Request a business risk acceptance.
  • Discuss the issue with the auditee.
  • Write a finding in the audit report.
  • Revoke access rights to the critical applications.

Leave a Reply