Ann the IT director wants to ensure that as hoc changes are not making their way to the
production applications. Which of the following risk mitigation strategies should she implement in
her department?

A.
Change management

B.
Permission reviews

C.
Incident management

D.
Perform routine audits