An IS auditor should expect the responsibility for authorizing access rights to production
data and systems to be entrusted to the:

A.
process owners.

B.
system administrators.

C.
security administrator.

D.
data owners.

Explanation:

Data owners are primarily responsible for safeguarding the data and authorizing access to
production data on a need-to-know basis.