Certified in Risk and Information Systems Control (CRISC) — Question 147

Which of the following is the BEST evidence that a user account has been properly authorized?

Answer options

• A. Notification from human resources that the account is active
• B. Formal approval of the account by the user's manager
• C. User privileges matching the request form
• D. An email from the user accepting the account

Correct answer: B

Explanation

The correct answer, B, is the best evidence as it indicates that the user's manager has formally approved the account, ensuring it meets organizational policies. Option A does not confirm authorization, just activation; C may not reflect managerial approval; and D is merely an acceptance from the user, which is not sufficient proof of proper authorization.