Which of the following control activities is the most effective to ensure users’ levels of access are appropriate for their current roles?
A . The human resources department generates a monthly list of terminated and transferred
employees and requests IT to update the user access as required.
B . Standardized user access profiles are developed and the appropriate access profiles are automatically assigned to new or transferred employees.
C . System administrator rights are assigned to one user in each department who can update user access of terminated or transferred employees immediately.
D . Department managers are required to perform periodic user access reviews of relevant systems and applications.