A senior payroll accountant was responsible for three business units. When the number of employees increased considerably, another accountant was hired and became responsible for one of the units. However, an access rights attestation from the senior payroll accountant remained the same, despite an internal policy requiring payroll access to be restricted. Which of the following controls most likely failed?
Reauthorization controls ensure that access rights are reviewed and updated when there are changes in an employee's responsibilities or job functions. Since the senior payroll accountant's access rights were not adjusted after the responsibilities were redistributed, it indicates a failure in the reauthorization process.
I think as well that the answer should be A
D: Segregation of duties. Segregation of IT Duties (IIAv7-Prt 3) - Following the identity and access mgmt principle of allowing access of if the job function requires it. Re-authorization controls are not mentioned anywhere in the learning materials.