The internal audit group discovered that unauthorized users are making unapproved changes to various system
configuration settings. This issue occurs when previously authorized users transfer from one department to
another and maintain the same credentials. Which of the following controls can be implemented to prevent
such unauthorized changes in the future?
Periodic access review
Group based privileges