An IS auditor observes that the CEO has full access to the enterprise resource planning (ERP) system. The IS auditor should FIRST:

An IS auditor observes that the CEO has full access to the enterprise resource planning (ERP) system. The IS auditor should FIRST:
A . accept the level of access provided as appropriate
B . recommend that the privilege be removed
C . ignore the observation as not being material to the review
D . document the finding as a potential risk

View Answer

Answer: D