Posted by: Pdfprep
Post Date: November 29, 2020
An IS auditor observes that the CEO has full access to the enterprise resource planning (ERP) system. The IS auditor should FIRST:
A . accept the level of access provided as appropriate
B . recommend that the privilege be removed
C . ignore the observation as not being material to the review
D . document the finding as a potential risk
Answer: D