Conquer Risks and Controls 2026 - Your Ultimate Practice Journey to Mastery!

The situation involving the failure to remove user accounts upon the termination of employees presents the greatest security risk in this scenario. If user accounts are not deactivated or deleted after an employee leaves the organization, it creates an opportunity for unauthorized access. This is particularly concerning in the context of an accounts payable system, as access to sensitive financial information could lead to fraud, data breaches, or other malicious activities.

Leaving accounts active allows former employees, or anyone who might have gained access to their login credentials, to potentially exploit their access privileges without any oversight. This is especially risky when paired with the use of a dial-up connection, which may not have robust security measures in place. Without prompt action to disable these accounts, there’s an increased risk that sensitive information could be compromised or misused.

On the other hand, while the other options do present valid concerns regarding security practices, such as inadequate password complexity, lack of documentation for user management procedures, and the absence of regular security log reviews, none of these directly facilitate unauthorized access to the system in the same immediate manner as failing to remove access for terminated employees does.

Overall, the active status of user accounts tied to individuals who are no longer with the company represents a significant vulnerability that organizations should prioritize addressing for