Certified in Risk and Information Systems Control (CRISC) — Question 91

An audit reveals that several terminated employee accounts maintain access. Which of the following should be the FIRST step to address the risk?

Answer options

• A. Perform a risk assessment
• B. Disable user access
• C. Perform root cause analysis
• D. Develop an access control policy

Correct answer: C

Explanation

The correct answer is C, as performing a root cause analysis helps identify the underlying reasons for the issue of lingering access after termination. Options A, B, and D are important steps but should follow the assessment of why the problem exists to ensure a more effective long-term solution.