An IS auditor finds that the process for removing access for terminated employees is not documented.
What is the MOST significant risk from this observation?
A . Procedures may not align with best practices.
B . HR records may not match system access.
C . Unauthorized access cannot be identified.
D . Access rights may not be removed in a timely manner.
Answer: D