CISA Protection of Information Assets • 40 Questions
40 CISA Protection of Information Assets practice questions with answers and explanations. Free, no signup.
An IS auditor is reviewing the logical access controls for a financial application. The auditor notices that user access reviews are performed annually by the application owner, but there is no documentation indicating that managers confirm the continued need for access. Which of the following is the MOST significant risk associated with this finding?