During a review of system access, an IS auditor notes that an employee who has recently changed roles within the organization still has previous access rights. The auditor`s NEXT step should be to: 

Answer options:

A. determine the reason why access rights have not been revoked.
B. recommend a control to automatically update access rights.
C. direct management to revoke current access rights.
D. determine if access rights are in violation of software licenses.

A